Slashdot Mirror
New Malware Report Hits Vista's Security Image
An anonymous reader recommends a Computerworld article on a new report from Australian security vendor PC Tools. The company released figures on malware detection by its ThreatFire product, and in its user base 27% of Vista machines were compromised by at least one instance of malware. From the article: "In total, Vista suffered 121,380 instances of malware from its 190,000 user base, a rate of malware detection per system [that] is proportionally lower than that of XP, which saw 1,319,144 malware infections from a user base of 1,297,828 machines, but it indicates a problem that is worse than Microsoft has been admitting to." Microsoft hasn't responded yet to this report.
Malware is not defined anywhere in the article. I know from experience that some "malware" scanners tend to mark even cookies (such as Doubleclick's) as malware, which will appear on any computer.
I would also like to see how many of these "infected" computers had UAC and automated updates turned off.
Looks like just another Vista bashing article (so it will no doubt be really popular here).
27% of people reporting using the product are infected. Is this a result of self-selection bias? What does it say about the actual population?
Also, no I didn't rtfa.
(frist prost?)
After all, the survey missed classifying Vista as malware -- how accurate could it possibly be?
Help poke pirates in the eyepatch, arr.
... a dumb user with a dumb OS.
- Human knowledge belongs to the world
New Malware Report Hits Vista's Security Image
Come again? Does anyone but Microsoft actually believe Vista has an "image" of better security?
Vista has one and only one major security-impacting feature - The "Train users to always click yes" interface to privilege escalation. And I feel confident saying that very, very few of us consider that a "good" thing.
Windows 98, XP, and now Vista all have security loopholes one way or the other.
The vaunted UAC on Vista is useless.
Blaming the user for running as Administrator and exposing loopholes is like blaming the car driver for driving with the windows down.
Yeah, the wind can be heavy when driving at 100mph but that is not the reason for having a burn when driving a Pinto.
This is a good test case and lesson for wrong software architecture.
By Design Windows is flawed. Blaming the construction is like blaming the poor builders of Leaning Tower of Pisa.
Vista was done from ground up ripping out all old code but still has all problems in addition to UAC, BECAUSE Microsoft thinks Security is an add-on.
Mac OS X thinks security is part of OS and hence Administrator is different from root.
One should not need UAC to install software, and the registry concept should be thrown out.
Why the fcuk should a software write to a registry? It was originally meant for Windows only and should have been locked out instead of allowing every joker to write to it.
It will be great if Windows adopted Linux [kernel] as a base and bolted WINE as a backward way to run Windows Apps and Games.
Imagine the muscle Microsoft could bring if it adopted Linux Kernel for Windows. MSDN, TechNet, etc.,
I bet that would be the day Apple would realize the game was up.
"Doing what i can, with what i have." ~ Burt Gummer
Vista Had a Positive Security Image?
Windows Vista is Defective by Design. It includes Digital Restrictions Malware designed to turn your computer into a mafiaa corporations' surveillance unit, taking control of your files, prohibiting you from performing certain operations on your own files, and prohibiting you from accessing and modifying your own kernel, even in memory.
Therefore, all machines running Vista area ffected with malware.
I was about to say 13256278887989457651018865901401704640, but it appears this number is private property.
Why might "Australian security vendor PC Tools" claim this? Could they have a vested interest in saying this?
...security programmers aren't used to coding upside-down yet. Even the OSI model gets messed up!
The installer allowed you to install for the current user (in their home directory) or, if they wanted it in a central location, as root in /usr/local/games.
Loki did it in Linux.
Why can't MS do it in their installers?
So a company that sells security software puts out a press release to say that you still need to buy their software even if you run Vista. I can't think of a single ulterior motive that they might have to do this!
How many of the anti-virus companies don't issue doom-and-gloom style press releases? It is just their way of drumming up business. I would rely on these figures as much as I would rely of Microsoft's "research" that might suggest that Vista is completely immune to any security issue. The truth lies somewhere in between - which shouldn't surprise anybody.
And before anyone jumps down my throat, no Microsoft didn't says Vista was that perfect.
The user would still be vulnerable to regular hosings due to malicious programs having full reign on all the user's stuff. Even if the damage is restricted to the one user, who wants to be that user?
It's definitely a good start, but local program installation without user notification still presents the same problems (though to a lesser degree of damage) as running as administrator or root all the time.
This was my first thought too. But then I realised that they've obviously omitted that fact on purpose, to solve an infinite recursion paradox:
Vista is malware
Vista can host malware
Therefore vista is self-hosting
Vista is unstable
Therefore, vista can't host a stable OS
Therefore Vista can't host itse..
Oh, never mind. It works out just fine.
The only cracks is the armour are the users, them being the one's that say "Yes, this unsigned potentially dangerous piece of software that inexplicably wants admin rights to my machine can do whatever it wants."
There's a difference between the prompts when the exes are signed or not, for example here - http://www.autoitscript.com/autoit3/docs/intro/autoit_on_vista.htm
throw new NoSignatureException();
"60% of the time it works every time"
Comment removed based on user account deletion
You guys remember 80s and 90s ecological cartoon villains? The ones that were made of pollution so that the only way to hurt them was with clean air and water? Vista's security image is kinda like that. The only way to actually hurt it at this point would be if the results were surprisingly good.
This is about as relevant as giving out a statement saying that engines run better on non bio fuel.
Instead of "obnoxious security" as highlighted by the apple commercial, now we have "less effective than advertised obnoxious security that's still better than XP."
Can we possibly bring ourselves to acknowledge that M$ actually brought about an improvement in PC security? It shouldn't hurt too much since it appears to be verifiable.
Invenio via vel creo
While you are obviously trolling, I'm not saying you're wrong.
"New Malware Report Hits Vista's Security Image" -- Vista had a security image?
Obviously Microsoft must send out an urgent update to Vista!
Disable the Yes button!
Phone them up and demand this urgent security feature!
Deleted
Its only an improvement if the features work and are reliable and do not cause any other problems or side-effects.
This article seems to say that Vista is MORE secure than XP, or OSX.
Here's another good article about detecting Rootkits in XP vs Vista using antivirus suites and online scanners.
I expect Twitter to come rushing out with one of his many sockpuppet accounts and attack you at any moment! How dare you cloud a perfectly good Vista bashing with a few facts! Shame on you!
Vista isn't great and was overhyped, but it's not nearly as bad as most people here seem to think. I'd hazard that the loudest critics haven't even used it.
.. since a lot less people run it than XP :-)
:-). Having said that, there appears to be hope at last. I read an article somewhere where someone has taken the utter total heap of crud that Sony made of Vista on its laptops (the thing that caused me to nuke it as soon as I managed to find time) into something that actually made it work, especially after Service Pack 1. IMHO, anyone who uses a new MS OS in production before the first SP has been issued should be made to admit to board level that he uses the entire company as MS beta-test site. Or, in case of Vista, alpha test.
Sorry - you left that door wide open
And I hate the interface changes, every time a new OS comes out you spend weeks playing a game of menu based hide and seek with the toolset. Clever move, putting a search facility in the program list and then still making sure all program names start with "Microsoft". Duh.
But heck, most of my work can be done with OOo and Linux and most of our dev guys don't even have any MS software installed, so I probably postpone looking at it until I get brutally bored..
---
Keep up the good work, and don't bother me with it..
Insert
By verifying that executables have been signed by the Windows Logo Program on every machine that doesn't have a current subscription to MSDN. Yes, this would force many ISVs with fewer than 10 employees to target Ubuntu and not Windows, but the makers of BREW phones, iPhone, and Xbox 360 have already accepted this collateral damage.
</sarcasm>
27% of Vista machines were compromised
This is indeed troubling (notice position of tongue and cheek). How can we fix this? I propose a five step program
5. Electro shock all users the click "install now" without thinking
4. Remove the fingers of users that follow the links on penis enlargement spam
3. Publicly flog all users that attempt to install that "special media player" to get to "free p0rn" from a any site in the former communist block.
2. Revoke all credit card, debit card, home depot card and sears charge cards for those that purchase a fake Rolex based on an email they got
1. Remove any and all computers from folks that say "My computers running slow, you know about computers, can you look at mine"
Respectfully,
Cluge
PS - A more meaningful less painful solution would be an OS lock down - IE think a live image distro where the Hard Drive is only used to store user data. Every reboot takes you back to square one - a heavily locked down environment with basic abilities allowed, but little else.
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
Initially Vista was prone to security by obscurity. It is now however well researched by the makers of malware and it's business as usual.
I've purposedly ran some shady programs, with antivirus disabled on Vista. No WAU prompt, nothing. Yet, my PC was infected and had processes running. It was even harder to clean out then simular virii in XP.
Al these prompts and other crap, it's useless. It's just to "make you feel secure" and "annoy the hell out of you". Effectiveness is ZERO.
"Vista suffered 121,380 instances of malware"
I thought Vista with UAC didn't get malware. Didn't Allchin say Vista didn't need any anti-virus software.
davecb5620@gmail.com
...was what percentage of computers are running Vista, and what percentage of attacks are specifically targeted at Windows in general, it being the most common OS by a long shot. Besides the already-mentioned fact that this company is overinflating their results to sell their product, people should be aware that malware is, these days, mainly spy- and adware. The entire goal of these programs is to deliver advertising to -or information on- the largest audience possible, i.e. the most used OS.
... a mile away.
I'm a windows savvy user, and I've never had problems with viruses or malware, mostly because I know when to make sure what I'm about to run isn't malware.
That means I know generally what's already in my computer, and when I'm about to install or run something new, I either know it's from a legitimate source, and thus don't worry about it, or I scan the file before using it.
that's why I applaud things like the firefox virusscanner, it's actually combating the risk of infection at the point-of-entry rather than scanning everything all the time, over and over and over again, and hogging your resources while it's at it. In this regard, current virus software only helps when you've already gotten a virus and you need to clean it, which in my opinion is too late. the solution should be at the point of entry.
It's also why I hate UAC, UAC doesn't help people to understand where the point of entry of malware is, and it only teaches people to click yes to everything, or to google how to disable it.
Obviously MS should be doing hardware (and Apple just software, obviously).
The user accounts and UAC are great. My laptop finally feels like it's mine. I can let the wife and daughter have accounts and no longer worry about them breaking anything.
>>Its only an improvement if the features work and are reliable and do not cause any other problems or side-effects.
Had tears from my youngest not so long back... Firefox updated and wouldn't restart without my admin password. She had to wait until I came home from work. I was not popular...
Great!!!
This post contains benzene, nitrosamines, formaldehyde and hydrogen cyanide.
Vista's UAC can be found very annoying because most windows software has been designed a few years back with the assumption's they have full access to any file/system dir/registry...
Those are the software that trigger annoying UAC dialogs...
Microsoft is suffering from its past errors that are difficult to correct (that doesn't mean they should not be corrected)
Linux / OSX programs do not assume they will be able to do anything they want on the OS...
Several aspects of Vista I really like. They just make sense. But the integrity of the systems makes it almost useless at this time. I tried to switch my new HPdv9000 from Vista to XP without success. Now I use my old HPdv8000 with XP, and the new shiny one with a more powerful processor , memory, etc, just sits in the corner waiting for the day that Vista comes of age................ HP in my opinion, certainly isn't listening to their customer base. Clearly they are listening to the commands of MS. Pity. If HP gave the option of XP with their new line of computers, it would have been a very good thing for all................. Now we just suffer at the hands of CEOs deciding our fate. This really sucks.
Having the malware say "Please run me with 'sudo installthisscreensaverlol'" isn't anything like "Click the the "yes" button to the next security prompt?
I don't see there's much difference.
throw new NoSignatureException();
Well, if I can install a program for me *as* me on windows, I don't need UAC. I don't need root to install Loki's Rune on linux. I need it for windows as it currently is.
As to why this doesn't work is that Windows requires access to the registry, access to the C:/Windows/system32 directory, it requires all sorts of access that it doesn't REALLY need (if there was a delineation between "System"/"Admin"/"User" roles and filesystem access.
And while here, to answer BAG's point, the thing is, if you hose your system and ONLY break your data, you can restore that data or re-create it. This doesn't affect your wife's data, nor the data for your two kids. If the badness was done by Admin/root, you can't trust your OS so you must install the entire system again, THEN restore from backup YOUR data, your WIFE's data, the data for your KIDS.
Which is most work?
but every OS will at some point have to relinquish admin controls to any given application at some point, at which point all the above protections become irrelevant.
Half Windows' problems stem from the fact most developers are used to writing the HKEY_LocalMachine by default, and C:\windows\system32 without hindrance; hence UAC makes more appearances than it should.
What happens if you never give true admin rights to apps? Well, you computer turns into a kiosk suddenly; inconfigurable and useless. What happens when any or some admin are given to any application? Your protections suddenly mean nothing; that's the principals of how rootkits works.
throw new NoSignatureException();
throw new NoSignatureException();
... is a +5, "Telling Slashdot what it likes to hear" moderation.
;)
-- Posted from my Vista machine
Help poke pirates in the eyepatch, arr.
Sometimes I hate egging on trolls, but I hate FUD even more...
Windows Update still uses ActiveX. If it is off by default, it means Vista machines won't be updated.
Nice try, but Vista has a separate update program. You no longer need to visit Windows Update using IE. From here on out I can see you don't use Vista and just perpetuate FUD for the fun of it.
Isn't that the one that Windows Update keep bugging us XP users to download again? Not an improvement over XP then.
When has Windows Update for Windows XP ever bugged anyone about this? Last time I checked it wasn't even available via Windows Update, you had to specifically download it from a different location. I have a whole network at a customer site that agrees with me (full automatic updates, every night at 3am - if it bugged to install, I'd know about it).
Protecting the internet against infected Vista machines... Looks like even Microsoft doesn't believe the claims about security.
Microsoft didn't have this feature. They get blasted because this is a necessary feature. They add the feature. They get blasted because a good operating system wouldn't need it. Make up your mind!
Which protects against nothing once the encryption key is entered to be able to boot the system. Malware won't care, thiefs won't care (they are after the hardware anyway). Terrorist and pedophiles will care, though.
I'll give you this, it really has nothing to do with Malware prevention. It is a good feature to have in terms of general PC security, but I think you lost sight of that in your FUD filled logic.
Oh, re-inventing user accounts... I'm sure Microsoft wish they came up with that idea back in NT 3.5.
Seriously, I think you might have some psychological issues. Microsoft took user opinions into consideration and instead of going "Good call, people could use this feature" you blast them for not thinking of it sooner? Blind hate is just a bad way to go through life.
Blech, I can feel the responses from other ACs forming...
Sincerely,
Richard
It's the normal Dilbert-PHB situation. Only nerds worry about silly details like the magnitude of a change.
PR is happy as long as they can spin it as movement in the right direction.
"See, this proves it: Vista is more secure than XP. Way more secure. 1197764 Scoville units better!"
In "The Quantitative Analysis of Visual Information" Tufte has a wonderful phrase for graphs that show direction while distorting magnitude; he calls it "the Pravda school of information presentation." He, of course, has real illustrations from Pravda, where some set of numbers, grain production or whatever, is illustrated with pictograms that increase steadily and evenly in size, while the printed numbers next to them show that the increase, while monotonic, was huge for earlier years in the series but minuscule for the more recent years.
"How to Do Nothing," kids activities, back in print!
The OS can only do so much to stop spyware & malware. Sure Vista has the annoying UAC to alert users of possible malware but in the end the user still has to click yes/no.
One could argue that very little malware is written for linux or macs since there market share is only 5% and I might argue that users of linux (and possibly macs although I doubt it) are a bit smarter than your average PC user.
It would be a more useful report to compare Vista to XP.
"During My Service In The United States Congress, I Took The Initiative In Creating The Internet." -Al Gore
In any other population, about a quarter would be classified as an epidemic.
For windos, we shrug and say "yeah, what'd you expect?".
Think about that.
Assorted stuff I do sometimes: Lemuria.org
I primarily run Linux.
My laptop cam with Vista over a year ago, I immediately used GParted, moved the Vista low, repartitioned, added XP, and then Ubuntu.
I have been running this setup for over a year now. I always use Linux when plugging a USB drive, going to an untrusted web-site, or anything even remotely unsafe.
I am pretty sure I have not had anything mal-ware (or even stupid-ware) installed on my laptop.
If you are sick and tired of rebuilding your system every six months or so, you have to follow the rules, just like premarital sex -- ALWAYS WEAR A CONDOM applies here too.
The only annoyance is the updates. If I haven't booted Vista in a few days, or XP for a week or so, I might as well so it can get the updates, because sure as heck an update will be forced when it is most inconvenient.
- I live the greatest adventure anyone could possibly desire. - Tosk the Hunted
The original Xbox sounded like a helicopter taking off in my living room. The Xbox360 however sounds like two helicopters taking off in my living room. Also, remember the Microsoft phone? The Zune? The Microsoft webcam which is so poor on color balance that everyone looks like someone from the Addams Family...
Windows Update still uses ActiveX. If it is off by default, it means Vista machines won't be updated.
The Windows Update website does; neither Automatic Updates nor Vista's dedicated WU app do.
Isn't that the one that Windows Update keep bugging us XP users to download again?
No, you're thinking of the malicious software removal tool; Windows Defender is an entirely different app.
Protecting the internet against infected Vista machines... Looks like even Microsoft doesn't believe the claims about security.
How you can possibly spin a feature that has been in every single personal software firewall product I've ever used as a bash against MS I don't know. This allows you to control what connections legitimate software makes too - don't want something phoning home to search for updates? Block it. (But of course you know that, and are merely trolling)
It's official. Most of you are morons.
first post
EPIC FAIL
Spyware Doctor 5 suffers from software glitches; failed to identify or remove a test Trojan horse; returned a high number of false positive or extremely low-risk results PC Tools Spyware Doctor 2007
Microsoft is not alone in its skepticism of PC Tools' report.
Dennis Kudin, CTO of Ukraine-based Information Security Center Ltd., also dismissed PC Tools' findings in a Windows Live Spaces blog post. The malware counted in such studies often isn't a real threat, he said. The issue is serious threats, malware that runs at the system kernel level and requires administrative privileges.
"Most Windows 2000 users work as administrators by default, so they are vulnerable to any kind of threats. In Windows Vista this vital problem is solved by UAC technology. So Vista is definitely much more secure than Windows 2000 and I don't understand PC Tools' attempt to overthrow this axiom by far-fetched conclusions in their survey." Microsoft Refutes Windows Vista Vulnerability Report [May 13]
Can we possibly bring ourselves to acknowledge that M$ actually brought about an improvement in PC security?
Have they? That's not demonstrated, unless by "security" you mean something related to securing more control over computers by the RIAA and MPAA with the "trusted" (another dodgy use of a word) audio/video path. People haven't been running Vista as long as XP, so they haven't had as much chance to pick up infections.
so Vista Ultimate isn't a consumer product?
Oh wait.......
"-1, troll" for criticizing Microsoft products on Slashdot??? Have the pits of hell finally frozen over? ;D
In all seriousness, I'm all for giving new products a chance, however bad their predecessors might have been. Don't you think it's more likely that "M$" products are most often targeted by spyware because they are the most widely used?
All this arguing about what's malware and what's not. We don't get many Vista systems in this shop (mostly much older stuff). But I had one in the other day, totally munged .. good old Smitfraud, looked and acted just like a similar WinXP infection (with which I'm much more accustomed).
Except we couldn't get Vista working at all (past the desktop loading anyway) to even attempt manual or software cleanings. Had to wipe and reinstall from the restore partition. Apparently it was even more vulnerable to Smitfraud damage than WinXP.
I think my favorite new vista feature is the totally sweet DRM
yes!
Where does it say it counts cookies as malware?
"PC Tools does not guarantee that the Software will detect and/or remove all known viruses, spyware, adware, malware, Trojans, keyloggers and trackware, or locate all browser infections and tracking cookies on your computer"
davecb5620@gmail.com
this news is pure FUD
In fact, when seriously contraversial news is posted, like msft cheating to get OOXML approved, the slashdot message boards often get flooded with pro-msft zealots.
Five years ago, slashdot was msft bashing, not anymore. These days there are as many pro-msft zealots as anti-msft zealots.
You've described changes in how IE behaves (not Vista), how Windows Mail behaves (not Vista, download it from Live), that Defender is included (not Vista, download from somewhere on microsoft.com).
/Sentient captcha when I went to post this: Shambles
A sane firewall could^H^H^H^H^Hshould have been backported to XP easily. Just a non-brain-dead SMTP firewall would do wonders for the botnet spam problem.
Things like BitLocker are avaialble for XP. While not as sophisticated, I've used volume encryption for _years_ on my laptops (all XP).
Parental Control is available via OneCare. It's not free, but a hell of a lot cheaper than Vista anything.
Really, the best feature in Vista IMO is the photo editing. That's not really Vista either though; you can get MS Photo Suite. No idea what it is retail, I paid $50 at the company store(I'm assimilated hence AC).
Since I mentioned that I'm assimilated, I'll tell you about Vista in my (shall-remain-nameless) group. We develop on, and for, Server 2003 and in some few cases 2008. We use XP for mail and crap. Everybody in my group except for 2 diehards has gone from XP to Vista (there was a BIG push a while ago), and then, slowly, back to XP. Vista's nice if you want your computer to run slower and you want your laptop battery to run down quicker, and if you want all manner of pain with interfacing with projectors (ending up with saying "Is anybody running XP?") but if all you care about is VS and friends, as well as the normal office worker load like Outlook and Office Communicator and Word etc, you are dealing with your apps not your OS. The less I think about the OS the better. XP, with all the addons I mentioned earlier, does a beter job for me than Vista.
My $.05 (adjusted for the fall of the dollar).
You know why Ubuntu has much better security than Windows?
Simply because the seperation between user and root actually works. In Windows the user often need privilige escalation. In Ubuntu (and many other distros) they only need it for specific operations where the user expects that.
I don't know if that is still the case in Vista, but in XP many programs needed root level access for some reason and didn't even run in normal user accounts.
And, apart from that: Ubuntu DOES NOT train the user to always sudo and enter password all the time simply because it is needed much less. The big problem with Vista is that it asks way too often. That is meant by "Train users to always click yes".
Hey, where's teh picture of russian dating agency? I forgot to write down the number.
Agreed, 110%, so they can simply say "We find more things than our competitors" - even though it is blatantly false advertising.
E.G.: I wrote a program back in the year 2000 called apkapp2backgrounddaemonprocessengine.exe that Computer Associates (CA) lists on their SPYWARE databases, here:
http://ca.com/ca/en/securityadvisor/pest/pest.aspx?id=51276#top
It shows NO threat levels whatsoever, in their graphs of those things there (4 categories with progress bars on the right side of that page) & yet is listed there!
All that program does, is allow a user to launch a program invisibly! How someone uses it is beyond my control, & with what programs too...
(My program's description clearly notes this, as it was designed for folks that had older version of Apache webserver installed (I built it for a gent on a forums who complained about the inability of Apache to run as a service, as IIS does) so they could have it run unobtrusively in the background))
By itself, the program bears NO payload, & if you do not select an application to run, it merely tells you it is shutting down, & it then closes.
(THIS IS DANGEROUS? THIS IS A SPYWARE/MALWARE/TROJAN/VIRUS etc. et al??)
I don't think so... heck, I KNOW NOT!
PING.EXE (std. part of any OS that has a Tcp/IP stack) is more dangerous (capable of "ping of death"), but I don't see CA listing that there... they don't dare, Microsoft & other OS vendors would probably crush them into the ground in lawsuits!
The worst part is, it has been listed there since 2004, & they (I feel intentionally so) MISSPELLED MY NAME THERE, as "Peter Kowalski", when in fact it is "Alexander Peter Kowalski" in full (hence, the "apk" @ the start of this program's name)) & I consider it libelling myself. I never search for anything but my FULL NAME online (& I think they KNOW that is why they did that).
So, I spoke to an attorney about pursuing this legally: He said to FIRST pursue this according to THE BULLCRAP CA "RULES"...
Which means I have to fill out this 21 point questionnaire (which I have & my program does NOT violate a single point in it) & send it back to:
vendorappeals@ca.com
Who made CA the "lords of the internet" you know, & gave them the right to libel others as they have myself in this case?
Additionally, I had to deal with a sanctimonious CA asshole named Greg Jensen (their "product manager", another know-nothing who has his job in this field, God knows why) who is going to be named when I sue that company for libel, because once I am done getting my program removed from their Spyware/Threat Database list online this week (in process now)? I have proof that their info. has misled 3-4 other sites into listing my ware as well. 3 of them removed it thusfar no less.
APK
P.S.=> The problem is the idiots @ the wheel in these companies... they're NOT computer scientists, they're "money grubbing soulless freaks" (greedy morons that take advantage of those that actually KNOW this field, & use them, to make money for themselves & pay those who actually know & do the job, peanuts/scraps)... out with the scum in this industry & others I say, out... apk