New Malware Report Hits Vista's Security Image

An anonymous reader recommends a Computerworld article on a new report from Australian security vendor PC Tools. The company released figures on malware detection by its ThreatFire product, and in its user base 27% of Vista machines were compromised by at least one instance of malware. From the article: "In total, Vista suffered 121,380 instances of malware from its 190,000 user base, a rate of malware detection per system [that] is proportionally lower than that of XP, which saw 1,319,144 malware infections from a user base of 1,297,828 machines, but it indicates a problem that is worse than Microsoft has been admitting to." Microsoft hasn't responded yet to this report.

Re:What kind of malware?

[Dwedit]

How about Wild Tangent bundled games that come with many PCs? Those trip up the spyware detectors too.

Re:What kind of malware?

[nozzo]

Yeah this is an extremely valid point. My Vista PC had 100's of 'malware' items on, all were tracking cookies. So from that someone extrapolates Vista has poor security. sheesh.

Re:PR != Security

[BadAnalogyGuy]

Let's say that the UAC is a mistake and users should be 1) prevented from installing programs blindly, 2) not informed when a program is attempting to run without authorization.

How would you design a system that fulfilled the two items above while still allowing the flexibility to actually install programs when desired?

Re:What kind of malware?

[complete+loony]

Self selection bias?

How many of these machines were scanned only *because* an infection was already suspected or known?

Re:What kind of malware?

[setagllib]

Because Wild Tangent is spyware.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:What kind of malware?

[Jesus_666]

Spyware that's hard to defend against. Trojan-style malware doesn't need security flaws to enter the system, thus Vista's new security features won't help much against it.

Re:PR != Security

[JasterBobaMereel]

Users should be prevented from installing programs blindly - Full stop

Users should be informed the program is trying to run as an admin and so has been killed

Users should ask to install a program, be asked for admin password to continue and then go ahead without repeated warnings ....!

Asking for permission to do something means the program was not installed properly (when installed it should request all permissions it will need), or should not be doing it

Windows Vista does all the wrong things
    Prompts for permission on both installed and uninstalled programs repeatedly
    treats an install the same as running a program

Linux/OSX are not perfect but seem to have got the balance more correct (mainly due to a legacy of doing the right thing and so not having to support user programs that assume full admin rights)

Re:the problem is combining ...

[DigitalisAkujin]

No dude lol... just plain no.

A Network admins know that the common man or woman doesn't know their computers from their asses. It's like the saying goes, PEBKAC.

The fact of the matter is that Microsoft is king because Linux software isn't even there yet when it comes to quality. Whenever you have new hardware you probably can't even use linux because the drivers haven't come out yet or are beta and/or a bitch to install.

Linux continues to be dogged down by too many deal breakers for so many people. You can have Linux be good for 15 / 20 uses and even throws in 5 - 10 new ones but the few you got left might include deal breakers for so many people. This is the challenge the open source community will need to overcome before it ever wins this war. It will eventually win though. We're only 15 years into a networked world. 60 years from now software companies will only make money from custom code.

Re:PR != Security

[BadAnalogyGuy]

To take that idea a step further, how should scripts that rely on a runtime be restricted? Let's say Perl is installed, and it requests full system access at installation. When you run a script that erases the hard drive, should it automatically run at the Perl permission level? Or should it run at the user level without automatically gaining Perl's permission level? Or should a text file be considered "executable" and require installation as well?

I agree that installed apps should not ever bring up the UAC. And that getting over the legacy app problem is a huge hurdle for MS.

Vista and UAC ..

[rs232]

"Vista suffered 121,380 instances of malware"

I thought Vista with UAC didn't get malware. Didn't Allchin say Vista didn't need any anti-virus software.

Re:What kind of malware?

[sm62704]

If these games are spyware and are bundled with the computer, then your computer itself is malware.

Computing must be based on trust unless you have your own chip factory, and even then you have to trust your employees.

If you buy a Dell with Linux on it, Dell can preinstall any rootkits they want and there's no way anyone could find them. You would have to boot from a CD or floppy and repartition the drives and reinstall the OS. Hell, they could install a hardware rootkit and even that wouldn't work.

I'm glad I build my own PCs. I'm going back to vaccuum tubes. Where's my tinfoil hat?

Re:PR != Security

[drsmithy]

Part of the problem is the Vistas UAC prompts users (even local admins) far to often.

Being a "Local Admin" just means your user has the ability to elevate using UAC. It is the rough equivalent of the 'wheel' group or
%administrators ALL=(ALL) ALL
in /etc/sudoers.

If I'm a local admin on a workstation, there are certain tasks that I would expect to be prompted for (installing software, patching software, deleting file from C:\Program*\, ETC.) but changing the system time? Opening the system management MMC? This simply means that most admins will turn it off, which significantly reduces its functionality ;)

You should most certainly need elevated privileges to change the system time and run the system management tools.

Re:If an app was never tested on NT

[drsmithy]

The first OS to have a prototype implementation of an API is beside the point.

Uh, not when you're arguing it's a problem with the API, it's not.

I'm not sure why you think it was a "prototype", either. Win32 was NT's primary API.

Most applications for the home market were designed and tested not on Windows NT but on Windows 95 and Windows 98, as Microsoft didn't market NT for home use until 2002.

This does not excuse developers for blatantly bad practices. There is no excuse, for example, for applications spewing user-level data like configuration files through system areas.

What's the good way to solve PEBKAC without requiring the OS vendor to certify all applications with a digital signature, which certification processes have historically shut out free software?

There isn't one - at least, not within the realms of practicality.

Re:What kind of malware?

[T.E.D.]

Trojan-style malware doesn't need security flaws to enter the system, thus Vista's new security features won't help much against it.

Actually, I got Vista specificaly to stop that kind of malware, and its worked like a champ.

See, I'm generally sharp enough not to put malware on my own system. The problem is that my kids use the computer while I'm at work, and they like to install "free" stuff they find online. Since you can't do a damn thing in XP w/o running as admin, there was no stopping this.

With Vista UAC you can run as an unprivelged user. If a program wants to install something, it will prompt for the admin password. If its me and I really want that install to happen, I enter the admin password and it proceeds as normal. If its one of my kids running, they call me at work begging for the password, and I tell them to go jump in a lake.