Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Malware Report Hits Vista's Security Image

Posted by kdawson on from the cracks-in-the-armor dept.

An anonymous reader recommends a Computerworld article on a new report from Australian security vendor PC Tools. The company released figures on malware detection by its ThreatFire product, and in its user base 27% of Vista machines were compromised by at least one instance of malware. From the article: "In total, Vista suffered 121,380 instances of malware from its 190,000 user base, a rate of malware detection per system [that] is proportionally lower than that of XP, which saw 1,319,144 malware infections from a user base of 1,297,828 machines, but it indicates a problem that is worse than Microsoft has been admitting to." Microsoft hasn't responded yet to this report.

13 of 258 comments (clear)

  1. What kind of malware? by J_DarkElf · · Score: 5, Insightful

    Malware is not defined anywhere in the article. I know from experience that some "malware" scanners tend to mark even cookies (such as Doubleclick's) as malware, which will appear on any computer.
    I would also like to see how many of these "infected" computers had UAC and automated updates turned off.

    Looks like just another Vista bashing article (so it will no doubt be really popular here).

    1. Re:What kind of malware? by Tim+C · · Score: 4, Insightful

      He didn't say that they didn't find anything, he was merely wondering if there were any details as to what exactly they did find.

      He's entirely correct about the tracking cookie thing, every malware scanner I've used (apart from Windows Defender, I *think*) flags cookies as malware. My ex's new Vista laptop came with Norton pre-installed, and it flags a tracking cookie every time it runs (and only the cookie - so her laptop would possibly contribute to the report's number, despite being clean)

      --
      It's official. Most of you are morons.
    2. Re:What kind of malware? by LO0G · · Score: 4, Insightful

      The big thing I found missing from the article is how the machine got infected.

      If I download and install the cool icons for my IM client and malware comes along for the ride, is it Vista's fault that it allowed me to install it?

      As far as I know, all MSFT has claimed is that Vista is more secure than XP, not that it is immune from malware.

      There's nothing that an OS vendor can do to protect the user from their own actions.

    3. Re:What kind of malware? by BadAnalogyGuy · · Score: 4, Insightful

      it is immune from malware

      This is key. Any OS which can run 3rd party code is vulnerable to malware. Whether the damage is restricted to the single running user or can damage anything the OS allows it to, software written for the express purpose of breaking something will work correctly given the right privileges.

      So it doesn't matter if you're on Mac, Windows, or Unix, if you run code that is intent on deleting something and you give it the right permissions, it will do it.

      There are various levels of protection you can offer here.

      0. Let the malicious code run wild without any permission barriers
      1. Run the malicious code as root
      2. Run the malicious code as current user
      3. Run the malicious code as special unprivileged user
      4. Run the malicious code for privileged APIs and stop the malicious code on unprivileged APIs
      5. Run the malicious code in a sandbox
      6. Run only "signed" code
      7. Do not run non-preinstalled software

      As the levels go higher, the more hassle it is for users to install new software. Obviously we don't want to go back to DOS and level 0. And we've seen what happens when we run with level 1 restrictions. Running code at level 2 is a possibility, but it also leaves the user open to localized damage, specifically damage to their own accounts and data.

      Microsoft decided that for their systems, a compromise between level 2 and level 1 was necessary. And in order to do anything to the system as a whole, UAC was implemented to request a means to elevate user privileges temporarily.

      It's an ugly, annoying dialog, but what is the alternative? If you (the general 'you') think that another system does this better, in what ways specifically do you feel the system provides an adequate amount of protection and flexibility?

    4. Re:What kind of malware? by D+Ninja · · Score: 4, Insightful

      Do customers just like abuse? No. The customers just don't know any better.
  2. PR != Security by pla · · Score: 4, Insightful

    New Malware Report Hits Vista's Security Image

    Come again? Does anyone but Microsoft actually believe Vista has an "image" of better security?

    Vista has one and only one major security-impacting feature - The "Train users to always click yes" interface to privilege escalation. And I feel confident saying that very, very few of us consider that a "good" thing.

    1. Re:PR != Security by dhavleak · · Score: 4, Insightful

      Seriously, people bash UAC, but it's pretty much identical to sudo. In fact, I can think of a scenario in which UAC is actually better than sudo:

      In a social engineering attack where you download some program (malware) and run it -- the malware could spoof a UAC prompt -- if you are foolish enough to click "Allow", well, nothing really happens because the program didn't get elevated privileges (since it was a fake UAC prompt). In the sudo case, the equivalent level of foolishness has you entering your password instead of merely clicking "Allow". Result is that the malware has your password now, so it's basically Game Over.

      Of course, this is probably a moot point because a better social engineering attack would actually do something causing a genuine UAC prompt (instead of bothering to spoof it). The level of foolishness required to click "Allow" is probably the same in both cases.

      I guess where UAC becomes valuable is when an attacker has managed to exploit a hole, to execute code remotely without requiring you to fall foul of a social engineering attack. This way you know you haven't done anything to deserve the UAC prompt that just popped up, so you know that you should click "Deny" here. This might still fail to protect users that have absolutely no clue, but honestly they shouldn't be running an admin account anyway (and hence should not be able to elevate a process).

    2. Re:PR != Security by pla · · Score: 5, Insightful

      Seriously, people bash UAC, but it's pretty much identical to sudo.

      Key difference - Using sudo represents an active request by the user for privilege escalation. Telling UAC to continue approves apassive request that the user might not actually have made (or known they made). When enough of them pop up at random times, it conditions the user to just say okay to make it go away - By comparison, no one would ever just randomly sudo a command for the hell of it.

  3. Re:the problem is combining ... by NickFortune · · Score: 4, Insightful

    No need to slam Vista (or Windows in general) -- the problem is combining a dumb user with /any/ OS he can get admin rights on.

    I don't think that works as an excuse for Microsoft.

    The trouble with that Windows is supposed to be the operating system of the common man. At least, every time Linux gets a cool feature, the Redmond apologists start roll out their hypothetical Joe Sixpacks and Great Aunt Mildreds and tell us how these ordinary people can never cope with Linux, but windows, focus-grouped to death as it is, has been designed for these exemplars of non-geekiness, and is therefore superior.

    But that makes it kind of hard to blame bad security on the users. Windows is supposed to be designed with the click-on-the-dancing-monkey demographic in mind. They can't really throw their hands in the air and say "it's not us, it's the stupid users" without admitting that, really, they haven't a clue how to make a secure operating system.

    --
    Don't let THEM immanentize the Eschaton!
  4. They would, wouldn't they? by Harold+Halloway · · Score: 4, Insightful

    Why might "Australian security vendor PC Tools" claim this? Could they have a vested interest in saying this?

  5. Consider the source by Gadget_Guy · · Score: 5, Insightful

    So a company that sells security software puts out a press release to say that you still need to buy their software even if you run Vista. I can't think of a single ulterior motive that they might have to do this!

    How many of the anti-virus companies don't issue doom-and-gloom style press releases? It is just their way of drumming up business. I would rely on these figures as much as I would rely of Microsoft's "research" that might suggest that Vista is completely immune to any security issue. The truth lies somewhere in between - which shouldn't surprise anybody.

    And before anyone jumps down my throat, no Microsoft didn't says Vista was that perfect.

  6. Re:100% of Vista machines affected with malware by OhPlz · · Score: 4, Insightful

    I've used Vista since it was in beta. The DRM hasn't stopped me from doing anything. The only software I use that does get in my way is Apple's iTunes. But we can't hate on Apple, /. loves Apple because it's not MS. That's why /. can never be taken seriously. It's a humor site.

  7. And that, my friends... by patio11 · · Score: 5, Insightful

    ... is a +5, "Telling Slashdot what it likes to hear" moderation.

    -- Posted from my Vista machine ;)

    --
    Help poke pirates in the eyepatch, arr.