New Malware Report Hits Vista's Security Image

An anonymous reader recommends a Computerworld article on a new report from Australian security vendor PC Tools. The company released figures on malware detection by its ThreatFire product, and in its user base 27% of Vista machines were compromised by at least one instance of malware. From the article: "In total, Vista suffered 121,380 instances of malware from its 190,000 user base, a rate of malware detection per system [that] is proportionally lower than that of XP, which saw 1,319,144 malware infections from a user base of 1,297,828 machines, but it indicates a problem that is worse than Microsoft has been admitting to." Microsoft hasn't responded yet to this report.

What kind of malware?

[J_DarkElf]

Malware is not defined anywhere in the article. I know from experience that some "malware" scanners tend to mark even cookies (such as Doubleclick's) as malware, which will appear on any computer.
I would also like to see how many of these "infected" computers had UAC and automated updates turned off.

Looks like just another Vista bashing article (so it will no doubt be really popular here).

Re:What kind of malware?

[Dwedit]

How about Wild Tangent bundled games that come with many PCs? Those trip up the spyware detectors too.

Re:What kind of malware?

[Skrynesaver]

Malware is not defined anywhere in the article. While incomplete it did say that:

PC Tools has publicized details of some of the malware types it has found on Vista systems during its scans, including three pages of variants based on Trojan.Agent, a few of which were described as serious. Not a definition of what they classed as malware, but 3 pages of Trojans would seem to indicate that they found something, no?

Re:What kind of malware?

[nozzo]

Yeah this is an extremely valid point. My Vista PC had 100's of 'malware' items on, all were tracking cookies. So from that someone extrapolates Vista has poor security. sheesh.

Re:What kind of malware?

[Tim+C]

He didn't say that they didn't find anything, he was merely wondering if there were any details as to what exactly they did find.

He's entirely correct about the tracking cookie thing, every malware scanner I've used (apart from Windows Defender, I *think*) flags cookies as malware. My ex's new Vista laptop came with Norton pre-installed, and it flags a tracking cookie every time it runs (and only the cookie - so her laptop would possibly contribute to the report's number, despite being clean)

Re:What kind of malware?

[Alpha232]

Next J_DarkElf will debate the page sized used, was it Letter, Legal, A4, Memo?

Re:What kind of malware?

[Macthorpe]

I'd like to know what about his comment you thought wasn't relevant to the issue. Care to elaborate?

Different vendors describe malware in a variety of ways, so it would be useful to know which definition they're using here to get an accurate overview of what they're trying to say. After all, statistics without context are useless.

Re:What kind of malware?

[complete+loony]

Self selection bias?

How many of these machines were scanned only *because* an infection was already suspected or known?

Re:What kind of malware?

[setagllib]

Because Wild Tangent is spyware.

Re:What kind of malware?

[Tim+C]

I didn't say that I didn't think his comment was relevant to the issue. I was merely responding to his closing remark:

but 3 pages of Trojans would seem to indicate that they found something, no?

I see nothing in the original comment that implies that the poster believes that nothing was found. As I read it, the original poster believes that the issue is being blown out of proportion, and that without more detail we can't tell whether or not this is the case. Given that malware tools do indeed flag some perfectly innocuous things, that this is slashdot and that the report was produced by a firm that sells PC security software, I'd say that it would seem likely that the issue has been somewhat overstated.

I think we're arguing the same point - the report is meaningless without more detail.

Re:What kind of malware?

[aliquis]

Hint: They want to sell their antivirus/-malware tools to Vista users aswell. (Hey, with the current market coverage by Vista that may add up to TENS of licenses! ;))

Re:What kind of malware?

[Jesus_666]

Spyware that's hard to defend against. Trojan-style malware doesn't need security flaws to enter the system, thus Vista's new security features won't help much against it.

Re:What kind of malware?

[LO0G]

The big thing I found missing from the article is how the machine got infected.

If I download and install the cool icons for my IM client and malware comes along for the ride, is it Vista's fault that it allowed me to install it?

As far as I know, all MSFT has claimed is that Vista is more secure than XP, not that it is immune from malware.

There's nothing that an OS vendor can do to protect the user from their own actions.

Re:What kind of malware?

[nschubach]

Slightly off topic, but your post reminded me of Dilbert today: http://www.dilbert.com/fast/2008-05-20/

Not saying there's a correlation to be made...

Re:What kind of malware?

[Jugalator]

Maybe that's because Vista doesn't come with a built-in antivirus, only antispyware (which doesn't catch trojans).

I'm not really surprised, and can't really blame Vista either that much. AFAIK, it will put up UAC prompts by default to warn users opening e.g. malicious e-mail attachments (or hyperlinks via Live Messenger), but if they then say "Yes, OK, I approve", what more can it do? Vista on the other hand should allow users to start executables.

Re:What kind of malware?

[BadAnalogyGuy]

it is immune from malware

This is key. Any OS which can run 3rd party code is vulnerable to malware. Whether the damage is restricted to the single running user or can damage anything the OS allows it to, software written for the express purpose of breaking something will work correctly given the right privileges.

So it doesn't matter if you're on Mac, Windows, or Unix, if you run code that is intent on deleting something and you give it the right permissions, it will do it.

There are various levels of protection you can offer here.

0. Let the malicious code run wild without any permission barriers
1. Run the malicious code as root
2. Run the malicious code as current user
3. Run the malicious code as special unprivileged user
4. Run the malicious code for privileged APIs and stop the malicious code on unprivileged APIs
5. Run the malicious code in a sandbox
6. Run only "signed" code
7. Do not run non-preinstalled software

As the levels go higher, the more hassle it is for users to install new software. Obviously we don't want to go back to DOS and level 0. And we've seen what happens when we run with level 1 restrictions. Running code at level 2 is a possibility, but it also leaves the user open to localized damage, specifically damage to their own accounts and data.

Microsoft decided that for their systems, a compromise between level 2 and level 1 was necessary. And in order to do anything to the system as a whole, UAC was implemented to request a means to elevate user privileges temporarily.

It's an ugly, annoying dialog, but what is the alternative? If you (the general 'you') think that another system does this better, in what ways specifically do you feel the system provides an adequate amount of protection and flexibility?

Re:What kind of malware?

[Vectronic]

"...Mac, Windows, or Unix..."

[nitpicking] Ahh, but Linux is impervious [/nitpicking]

Re:What kind of malware?

[Dekortage]

To quote TFA:

"It is important to highlight that all systems used in the research pool were at the very least running PC Tool's ThreatFire and that because the technology is behavioral-based, the data refers to threats that actually executed and triggered our behavioral detection on the client machine", said PC Tools' CEO, Simon Clausen.

I don't use ThreatFire, but "behavioral-based" and "threats that actually executed" doesn't sound like a cookie. They could mean it, but it doesn't sound like it.

Re:What kind of malware?

[maxume]

If those 3 pages of trojans are only present on 2,000 machines, (or 150 for that matter), it says something entirely different than if they are present on 50,000 or 100,000 machines.

Re:What kind of malware?

[Missing_dc]

Not a definition of what they classed as malware, but 3 pages of Trojans would seem to indicate that they found something, no?

Sounds like someone got royally F**KED.

Re:What kind of malware?

ThreatFire, which is what did the analysis in the survey, does not detect cookies as it's behavior-based, it only detects "real" malware that executes (i.e. it runs as an application, which cookies don't) and does something "bad".

Re:What kind of malware?

[Bombria]

The only way to pin this on Vista is to compare the results with other OSes. 27% actually seems low for the average end-user. Like we've always said in the tech industry: There is no fix for stupid.

Re:What kind of malware?

[g0bshiTe]

They did classify PC Tools as being behavioral based. This could count cookies as you said, PunkBuster, a NOCD game crack, a VOIP product, like Skype, Teamspeak or such. I know for a fact the first 2 years I used Teamspeak my AV kept flagging it as a keylogger due to the "Push To Talk" feature.

Re:What kind of malware?

[plague3106]

Well, they even concede that the malware may have gotten onto the computer because the user let it. No system will protect someone with admin access to the machine from compromising the computer if that user chooses.

The article is pretty useless; they even complain that the MS Malware Removal Tool doesn't remove all malware... well duh, it was never designed to and it's not supposed to replace actualy anti-virus or anti-malware software. It's supposed to catch common and easily fixed malware.

Re:What kind of malware?

[sm62704]

If these games are spyware and are bundled with the computer, then your computer itself is malware.

Computing must be based on trust unless you have your own chip factory, and even then you have to trust your employees.

If you buy a Dell with Linux on it, Dell can preinstall any rootkits they want and there's no way anyone could find them. You would have to boot from a CD or floppy and repartition the drives and reinstall the OS. Hell, they could install a hardware rootkit and even that wouldn't work.

I'm glad I build my own PCs. I'm going back to vaccuum tubes. Where's my tinfoil hat?

Re:What kind of malware?

[sm62704]

Slightly off topic, but your post reminded me of Dilbert today

Slightly? Today's Dilbert has nothing to do with malware! It might be on topic for one of my journals (fuckless nerd getting taken advantage of by females, with the secretary acting like a whore).

Not only that, but Scott Adams stole it from Asimov's Foundation trilogy! Dilbert is playing the part of O. Dam from Foundation and Empire.

Wikipedia says that Foundation was "inspired" by "Edward Gibbon's The History of the Decline and Fall of the Roman Empire (Asimov said he did "a little bit of cribbin' from the works of Edward Gibbon" when describing the influence of that work on the Trilogy)."

NO art is ever created in a vaccuum. "If I paint better than other men, it is because I steal from the dead."

Re:What kind of malware?

[Blakey+Rat]

I'd love it if these anti-spyware companies would actually educate users on what exactly cookies are and what they're used for, instead of just decreeing that they are spyware and deleting them.

Of course, when they declare they're spyware, suddenly their tool finds 200 pieces of "spyware" on every computer! Look how effective it is!

Re:What kind of malware?

[sm62704]

There's nothing that an OS vendor can do to protect the user from their own actions.

Yes there is. They can write their own antivirus software and bundle it with the PC. The AV I'd like to see ("I'D LIKE TO SEE -- TWO BRICKS BEING SMASHED TOGETHER") wouldn't be anything like Norton or McAffee as it would ONLY protect against trojans and would only run when you installed new software. It would simply not allow any installation of code that contained known malware, and would log into a VPN that downloaded new definitions before installation. That way it would be out of the way and not hogging computer resources when there was no threat.

Of course, this would assume that the OS had no built-in back doors and had no gaping security holes. Microsoft would have to rewrite its OS from scratch.

They would have to do away with Active-X as well as word processing macros. Can anyone tell me what good macros are in a document? They would have to uncouple the web browser from the OS and run it in a protected sandbox. They would have to do away with all DRM, as DRM is a security hole. They would have to do a helluva lot more.

Good luck talking them into any of this, though. It would take a lot of work and would break a lot of old software (but every new OS they write breaks a lot of old software anyway).

Re:What kind of malware?

[Blakey+Rat]

I think we all agree about that.

But the point is, if HP puts it there when you buy the computer (and yes I'm calling out HP by name: my HP laptop had orders of magnitude more of that shit installed than any Dell I've ever bought), the user's not going to remove it unless they're pretty technical. And technical users probably aren't running this anti-spyware tool, anyway. So suddenly every single HP PC sold it marked as having spyware, giving their numbers a huge boost.

Of course it complicates things, seeing as Wild Tangent is actually spyware. But you can't necessarily blame the user for it being on there, and you certainly can't blame Microsoft if their OEMs pre-load spyware on the machines. In this case, it would say absolutely nothing about Windows security, since the OEM purposefully bypassed the security to load it on.

(Microsoft could try a campaign to get more control over what software is shipped with Windows computers, and then you could watch Slashdot go crazy about how evil they are. It's a no-win for them.)

P.S. Why the hell is HP still in business? Their computers are loaded to the gills with so much crap that they take 3 hours to boot the first time (I wish that was an exaggeration!). And when you put in the Windows CD to restore a clean system, HP slipstreamed the crap on the Windows CD too! And these guys are selling more computers than Dell? Do customers just like abuse?

Re:What kind of malware?

[secPM_MS]

Technical defenses will not protect against wetware vulnerabilities. As long as people click on things and say install that new thing, you are going to have system malware installs.

Re:What kind of malware?

[kripkenstein]

Self selection bias?

How many of these machines were scanned only *because* an infection was already suspected or known?

I don't think self-selection is relevant here. They compared Vista to XP, so unless you think there is more self-selection in one of them, the comparison is valid. That is, the absolute numbers are suspect, but relative differences are fine.

Re:What kind of malware?

[Necrobruiser]

...Vista's new security features won't help much against it.
Why is it that only malware writers can write software that is Vista compatible?

Re:What kind of malware?

[D+Ninja]

Do customers just like abuse? No. The customers just don't know any better.

Re:What kind of malware?

[D+Ninja]

NO art is ever created in a vaccuum. "If I paint better than other men, it is because I steal from the dead."

Funny that you say this. Too many times on Slashdot I see people saying, "So-and-so company took that technical idea from someone else." However, just like art, no technology is ever created in a vacuum either...

...unless you work for Hoover.
:: ba dum tsh ::

Re:What kind of malware?

[Sancho]

(Microsoft could try a campaign to get more control over what software is shipped with Windows computers, and then you could watch Slashdot go crazy about how evil they are. It's a no-win for them.) Well, Slashdot's not a single entity with a single opinion. No matter what Microsoft does, there will probably be people on Slashdot that disagree with the decision.

That said, Microsoft has a history of trying to prevent competition by restricting what can be installed by OEMs. Remember the Netscape debacle? So there's a very good reason to be concerned if they tried to do this again, even if there were good intentions.

Ultimately, it's difficult to determine whether malware got onto the machine by the OEM, through phishing (which isn't easily stopped by the OS), or through a vulnerability. This is something I've alluded to before (that a high percentage of current Windows malware is almost certainly phishing), but I always get modded down for not flaming Windows.

Re:What kind of malware?

[Sancho]

There's nothing that an OS vendor can do to protect the user from their own actions.

Yes there is. They can write their own antivirus software and bundle it with the PC. Oh yeah. I'm going to trust Microsoft to write their own antivirus software (yeah, I know they have some crap out there now), when major security firms whose only focus is on security can't get it right.

The AV I'd like to see ("I'D LIKE TO SEE -- TWO BRICKS BEING SMASHED TOGETHER") wouldn't be anything like Norton or McAffee as it would ONLY protect against trojans and would only run when you installed new software. Define "install." Does it watch for known installer programs? Does it watch for known executable formats being created on the hard drive?

It would simply not allow any installation of code that contained known malware, and would log into a VPN that downloaded new definitions before installation. A huge percentage of malware changes fast enough that the antivirus manufacturers cannot keep track. It's usually a couple of days before a new Storm Worm binary is detected by most antivirus vendors, and by the time that it is, the binary has changed again.

That way it would be out of the way and not hogging computer resources when there was no threat. It would effectively have to run any time a write operation was attempted on the hard drive. It wouldn't be enough to hook CreateNewFile calls, as there are other ways to actually create new files on the disk. You'd have to assume that all applications were well written (using well-defined API calls) for that scheme to work. And God forbid the preferred method for creating a new file ever changes.

Re:What kind of malware?

[Dr_Barnowl]

Microsoft decided that for their systems, a compromise between level 2 and level 1 was necessary. In addition, .NET contains Code-Access-Security (CAS) mechanisms that let you get all the way up to level 6.

4 : .NET APIs are marked with permissions, and .NET assemblies can declare which permissions they need to run. System policy can restrict which applications even get to run, and allow some applications to run with restricted function.

5 : A sandbox is slightly different but can be considered to be a special case of 4 (or a virtual machine, or however else you implement it). Again, .NET will allow you to configure access : to printers, sockets, domains, DNS, environment, files, UI, storage, the registry, threading, calls to unmanaged code, printers, the event log, performance counters, database client libraries, and the data execution protection features of modern CPUs.

6 : .NET can base it's CAS policy on assemblies being signed.

Level 7 I consider to be a special case of level 6 ; where only the people building the OS install have valid signing keys.

ALAS

Firstly, this litany only applies to .NET managed code.
Secondly, .NET comes configured out-of-the-box to allow all code executed from a source on the local machine full trust.

Go to the back of the class, Bill

To be fair, I don't think most malware writers implement their babies in .NET, not least because not all users have it installed by default, even if it is a Windows Update. But it has a great code security model, marred fatally by it's default configuration.

If it had a dialogue that appeared when you ran software for the first time, asking you for trust parameters, and particularly drawing attention to the lack of a cryptographic signature from a certificate itself signed by a trusted party, it might make some users think twice about running all the insidious crapware they install just for a few emoticons or screensavers.

Re:What kind of malware?

[nine-times]

It seems to me that many Linux distributions are now using a sort of combination of 1+2+7, and are probably more secure as a result.

Now, you're going to say, "Linux runs non-preinstalled software just fine." And that's true. But where are you going to get that software, and how are you going to install it? Unless you really know what you're doing, 9 times out of 10 you'll be installing your software from a software repository. Every piece of software in the default repository will be signed and approved by the people making your individual distribution.

So when I install Ubuntu somewhere, there's a very good chance that I'll only install software from the APT sources that are in the default install, and those are safe from malware. It'd take a fairly sophisticated attack to get malware in there. Most of the software that Linux users install come from the distro's respective repository of signed, high-quality, malware free software that can be installed free, over the internet.

Other operating systems may do well to consider such systems. Of course, proprietary software developers would probably sell access to their repository, and give free access to adware developers if they simply pay the right price. Or knowing Microsoft, they'd make sure OpenOffice got marked as "untrustworthy" while MS Office would get special placement.

Re:What kind of malware?

[click2005]

and you certainly can't blame Microsoft if their OEMs pre-load spyware on the machines

Why the hell not? As somebody else pointed out, MS was able to force OEMs not to install Netscape and other media players. Its in MS's best interests to stop OEMs adding crapware to PCs as it harms their image. They could easily force this by threatening to stop advantageous pricing for OEMs that do install bad software. I realise that most OEMs & system builders operate on very small margins to any extra money they get from adding the crapware is income but installing the crap hurts their image as well as Microsoft's.

It wouldn't be hard for MS to start a 'crapware free' programme like all the Vista Ready stuff they seem to do. It might get lost among all the dozens of other stickers that get plastered all over PCs these days but as more and more people are victims of identity theft & other security issues they will begin to look for these kinds of things.. or try other operating systems that are perceived to be safer.

Re:What kind of malware?

[DarthVain]

Having Vista for about a year now, I just suffered my first security problem.

Got a Trojan called Velemonde or something like that. Nasty bugger. Took hours to get rid of it (if I even did, popups stopped anyway).

However I am pretty sure it wasn't vista's fault. A more likely scenario is that when I passed out from a hard nights drinking my idiot friends that crashed the night before decided to go on the internets to some dubious websites and download everything and then run everything.

Am I going to go out and get Norton or something like that? No, I am going to set a password, and tell my friends to %$^@! off when they want access (at least when I am not there watching).

Just because you know where to go, what to download and what not to, and particularly what to run and not run, doesn't mean people that access your computer do.

I was not a happy camper yesterday. Not only did I get hosed with the Trojan, but when fixing it I did a System Restore which then nerfed my WOW install and wouldn't allow yesterdays patch... Which took almost as long to fix... what a pain in the ass.

Anyway moral of the story is no anti-virus software can protect you from drunken idiot friends.

Re:What kind of malware?

[phoenixwade]

Can you trust the vacuum tube manufacturers?!
You'll have to start making your own tubes. Nah, excellent tubes are manufactured in Russia....

(oblig Futurama quote: It's funny because it's true)

Re:What kind of malware?

[kericr]

Sort of; Dell was just as guilty about abusing their customers as HP was; I worked in a call center "supporting" quite a number of different Dell accounts. By "supporting", I mean telling the customer that they would need to call back tomorrow because their call was after hours when in reality I had no technical documentation or test mules to support any of their machines, and the only people who actually knew how to fix them were the three people handling the account on the morning shift, who had worked the account since inception. These were business users who often called for support regarding scan guns, label printers, and register drawers, and had every right to recieve customer service that I couldn't provide. This was while Dell was at their apex.

Re:What kind of malware?

[T.E.D.]

Trojan-style malware doesn't need security flaws to enter the system, thus Vista's new security features won't help much against it.

Actually, I got Vista specificaly to stop that kind of malware, and its worked like a champ.

See, I'm generally sharp enough not to put malware on my own system. The problem is that my kids use the computer while I'm at work, and they like to install "free" stuff they find online. Since you can't do a damn thing in XP w/o running as admin, there was no stopping this.

With Vista UAC you can run as an unprivelged user. If a program wants to install something, it will prompt for the admin password. If its me and I really want that install to happen, I enter the admin password and it proceeds as normal. If its one of my kids running, they call me at work begging for the password, and I tell them to go jump in a lake.

Re:What kind of malware?

[the+JoshMeister]

ThreatFire doesn't appear to detect cookies. From a press release on the company's Web site:

ABOUT THREATFIRE
ThreatFire uses advanced patent pending technology to detect signs of malicious behavior commonly used by malware threats. ThreatFire is unlike traditional anti-virus products that rely on signature technology and require updating every time a new threat occurs. ThreatFire's ActiveDefence Technology is able to identify and paralyze threats that are too new or too sophisticated to be recognized by traditional security software. ThreatFire is designed to only alert end users of truly malicious behavior.

If it doesn't use signatures, I can't see how it would be able to identify which sites' cookies were set by potential privacy violators.

Also, from the site's product overview page:

Protects against both known and zero-day viruses, worms, trojans, buffer overflows, rootkits and even some spyware.

Cookies are not specifically mentioned as something detected by ThreatFire.

If anyone knows better, please correct me if I'm wrong.

Re:What kind of malware?

[sm62704]

I mean word processing documents, not spreadsheets. And why would a spreadsheet macro need to have the ability to overwrite EXE files or delete any files?

Re:What kind of malware?

[Jesus_666]

Okay, I admit that in your case Vista is better. Unfortunately, though, most users are both the administrator and the idiot who installs everything they find on the net...

Re:What kind of malware?

[jambarama]

You can run in XP as a limited user too. It really isn't a problem. When you need to install something with admin level privileges, right click > run as > enter credentials. And very very few programs refuse to run as a limited user once installed.

It is no sudo, but I've not had any problems in 6+ years of using XP as a limited user.

Re:What kind of malware?

[sm62704]

Actually I stole and purposly mangled the quote from Sir Isaac Newton, who stole it from someone else. "If I have seen farther than other men, it is because I stand on the sholders of giants". It holds true for art, science, technology, and in fact any creative endeavor.

Re:What kind of malware?

[unr3a1]

Malware is not defined anywhere in the article. I know from experience that some "malware" scanners tend to mark even cookies (such as Doubleclick's) as malware, which will appear on any computer. I would also like to see how many of these "infected" computers had UAC and automated updates turned off. Looks like just another Vista bashing article (so it will no doubt be really popular here). Exactly... they probably didn't have UAC and Automatic Updates turned off. That's why they would get infected: they had UAC and Automatic Updates on. I think you hit the nail right on the head.

Re:What kind of malware?

[OutOnARock]

If you are logged in as the account that has administrator privs, then the secure desktop dialog ask for no password.

However, if you even bother to setup a unpriviledged user, when THAT user gets a UAC prompt, they do indeed have to enter the password of the account with admin privs.

That's why security admins such as yourself are really the joke.

Re:What kind of malware?

[setagllib]

All of that pre-installed crapware subsidises the cost of the machine. The more there is, the cheaper the machine gets.

Once you've bought it, you're welcome to install Linux on a clean slate, but unless you bought a separate XP CD you're probably going to get the crapware back every time you reinstall or recover.

I build my own machines too, and for laptops I don't even let them boot until after I've wiped the default install. I don't even want the initial "phone home" most crapware does on those installs. The less they gain from their practices, the better. Honest market research is one thing, but installing spies and advertisers on our machines is plain evil.

Re:What kind of malware?

[T.E.D.]

Since when do you get a password prompt?!?

It just says "click ok" and away it goes. That's why Vista's "security features" are such a joke.

That's because you are running as an administrator. Any Unix admin will tell you how stupid it is to run as root all the time. The same goes with Admin in Windows. The difference is that before Vista it was a major PITA to run any other way. I even renamed my Vista administrator account "root" to avoid confusion.

If you have Vista, and you are running as Admin all the time, well...just *don't*. Go make yourself a user account right now, and use that from now on. Go on. I'll wait right here till you're done. ...

Self-selection bias?

[robo_mojo]

27% of people reporting using the product are infected. Is this a result of self-selection bias? What does it say about the actual population?

Also, no I didn't rtfa.

(frist prost?)

Re:Self-selection bias?

[Ethanol-fueled]

Please read the article first so that the statistical numbers sink in.

Next, think about an Ubuntu install vs. a Vista install. Vista caught a lot of flak for the "cancel vs. install" thing but sudo('s GUI counterpart) is not much different, right down to the dark fade as it asks the user what to do. Since Linux clearly stole that idea from Windows, well, won't some leet folks please write a virus for Linux and level the playing field? Linux users are so tired of having nothing to painstakingly tweek.

Re:Self-selection bias?

[joelstobart]

Seriously,

27% of all the machines were owned by a marketing company. Its sunk in.

Sudo copied Windows - hmmmm ... "Sudo was originally written by Bob Coggeshall and Cliff Spencer "around 1980" at the Department of Computer Science at SUNY/Buffalo".

As for the virus remark - Its more difficult to write Linux viruses. User level permissions are more rigorous. The browsers don't have ActiveX. People who use Linux tend to know what a firewall is; and don't click yes in reply to "would you like to install" dialogues so much.

Re:Self-selection bias?

[robo_mojo]

Next, think about an Ubuntu install vs. a Vista install. Vista caught a lot of flak for the "cancel vs. install" thing but sudo('s GUI counterpart) is not much different, right down to the dark fade as it asks the user what to do.

Did you interpret my post to be an attack against Vista? Honestly I did not intend for it to be either an attack or a support.

As for the GUI sudo, what does that have to do with it? Much like with UAC, the user must know what he is doing when he enters his root password (whether using Linux or Vista). If not, there isn't really much else that you can do. I'm not really sure what your point is, anyway.

won't some leet folks please write a virus for Linux

Shit. I just wasted my time replying to a troll post. :(

Re:Self-selection bias?

[mrbluze]

27% of people reporting using the product are infected. Is this a result of self-selection bias? What does it say about the actual population? What? You're trying to apply scientific principles to a slashvertisement dressed up as negative press for Vista? Shame on you ;)

Re:Self-selection bias?

[Ethanol-fueled]

Here: [/sarcasm], for those of you who didn't understand it.

The point I was trying to make is that Windows is trying to have the benefits of *nix(e.g. shifting the blame onto the user via sudo) without all of the rock-solid file permissions and idiot-proofness of, well, Unix-like operating systems(all rm -rf jokes aside).

Re:Self-selection bias?

[aliquis]

Even less so when said "dialogues" looks like Windows ones ;D

(Well, one would expect people would get a hint when it shakes around all over the screen, but no, must be real, better click it! It looks very important! Doesn't it?)

Re:Self-selection bias?

[aliquis]

won't some leet folks please write a virus for Linux and level the playing field Well, maybe Wine enables you to run Media Player, Internet Explorer and Outlook? =P, if nothing else I guess VmWare got you covered!

(I'm mostly shooting for the DRM-makes-it-a-virus-part in http://tech.slashdot.org/comments.pl?sid=558098&cid=23473018 but maybe you can run into other issues aswell.)

Re:Self-selection bias?

[sm62704]

don't click yes in reply to "would you like to install" dialogues so much.

One of these days I'm going to write a web page that has a dialog box pop up and say "a virus is ready to be installed on your computer. Allow? (y/n)" just to see how many people would click "yes".

Re:Self-selection bias?

[genderbunny]

Sudo copied Windows - hmmmm ... "Sudo was originally written by Bob Coggeshall and Cliff Spencer "around 1980" at the Department of Computer Science at SUNY/Buffalo". I think one could reasonably assume that the GP was being facetious.

Re:Self-selection bias?

[cab15625]

Another part of the problem may be the lack of immediate and obvious consequence. Your comment about rm -rf is a good example of something with an immediate and obvious consequence. Suddently there are no files in /home/$USER and you realize that you've done something stupid that you will likely never do again (I know once was enough for me). On the other hand, clicking yes rarely seems to do anything ... until a month later when you suddenly get a credit card bill for $15k and your computer is running slower than a drunk snail.

I made some interesting mistakes when I first started toying with Linux ... most of them had obvious and immediate consequences that I learned from pretty fast. What I've seen of Vista and what I remember of windows up to XP ... many of the mistakes that can be made don't seem to do much to start with.

Re:Self-selection bias?

[Sancho]

No, he really wasn't.

gksu, which acts more or less like a GUI front-end to su, dims the background when you use it. I don't know if it's a configurable option, or how long it's been doing that, but I first noticed it a little while after Vista started dimming the screen on UAC prompts. That's what the GGP was referring to.

gksudo:
Dims screen, asks for permission to perform administrative operation, asks for password.

UAC:
Dims screen, asks for permission to perform administrative operation, asks for password if you are not administrator.

The comparison is obvious, and while sudo itself was written before permissions were even a twinkle in Mr. Gates' eyes, gksudo's current behavior does emulate Vista's.

Re:Self-selection bias?

[Sancho]

I don't know that it was a troll. There are a lot of people (myself, included) who think that a large part of Window's malware comes from trojans. Between the Windows firewall/NAT (helping to prevent worms from spreading) and Windows Update being on by default (somewhat mitigating exploits in Internet Explorer), non-trojan malware infections are really dropping. They're still there--from people who don't upgrade, who have older systems, etc. but they're decreasing. What's left is trojans and pre-installed malware.

But people continuously slam Windows for being insecure while touting OS X and Linux as secure alternatives. Secure? Sure, the code is good and secure, but there's no patch for gullibility.

I suggest the possibility that there are simply other factors that account for the almost total lack of malware on these systems.

First and foremost (and to get it out of the way, because it's so commonly presented) is the market share--virus writers want their viruses to run, so they target the largest markets.

Second is user education. Even with Ubuntu bringing Linux to the common man, the vast majority of Linux users are more knowledgeable about computers, and will not be as likely to fall for trojan traps. While the same cannot necessarily be said about OS X, both Linux and OS X have a history of better security architecture, which means that most operations do not require any sort of administrative access. While malware can run without administrative access, it's much harder to hide. Antivirus running as administrator will easily detect malware running as a user, and because of the history of these two operating systems (not needing administrative privileges that often) it's going to be harder to trick the user into giving up his password. That's not to say that it's impossible--and certainly there isn't a push to use antivirus on these systems anyway, but it would ultimately be a losing battle for malware authors even if the marketshare situation were different.

The upshot of all of this is that I think that if some magic happened and all Windows installations were turned into Linux installations overnight, malware authors would start targeting Linux, and the new (and largely uneducated) Linux users would fall prey just as easily, despite what OS X and Linux fans would have you believe (that somehow using the OS inherently makes you more secure.)

Of course, I'll probably be modded down into oblivion, as a troll, or flamebait, or just as overrated, but I've never seen someone post a valid counter-argument to this type of post.

Re:Self-selection bias?

[Sancho]

Way to get defensive. In my own post:

I don't know if it's a configurable option, or how long it's been doing that, but I first noticed it a little while after Vista started dimming the screen on UAC prompts. I quite clearly indicated that I didn't know who did it first.

Re:Self-selection bias?

[Tweenk]

Screen dimming (or actually focus grabbing) in gksu is configurable. I had to turn it off to be able to input the password from the on-screen keyboard (useful for tablet PCs), you have to turn on the key /apps/gksu/disable-grab in Gconf.

The first versionof gksu was around in early 2004, so I think it didn't copy Vista.

Re:Self-selection bias?

[Sancho]

I did see that gksu was first released in that time period, but I didn't see anything about when focus grabbing was implemented. I do think that Ubuntu really popularized the use of gksu as an automatic prompt when root privileges are needed. Before that, I'd almost never seen it in significant use.

Re:Self-selection bias?

[QuietObserver]

That's a good idea, but you should also check to see what OS and browser your 'victims' are using (I'm guessing you wouldn't actually include a virus, just pretend that you are).

Re:Self-selection bias?

[sm62704]

You guess correctly. And yes, I would want to see what OS they were using out of curiosity.

I don't think this article will be popular

[patio11]

After all, the survey missed classifying Vista as malware -- how accurate could it possibly be?

Re:the problem is combining ...

[J_DarkElf]

No need to slam Vista (or Windows in general) -- the problem is combining a dumb user with /any/ OS he can get admin rights on.

No matter how good your antivirus/antispyware/OS, once an idiot user figures out that by closing a certain app or clicking "yes" somewhere he can run the funny application he got by e-mail, he will do so, and the system is potentially infected.

PR != Security

[pla]

New Malware Report Hits Vista's Security Image

Come again? Does anyone but Microsoft actually believe Vista has an "image" of better security?

Vista has one and only one major security-impacting feature - The "Train users to always click yes" interface to privilege escalation. And I feel confident saying that very, very few of us consider that a "good" thing.

Re:PR != Security

[BadAnalogyGuy]

Let's say that the UAC is a mistake and users should be 1) prevented from installing programs blindly, 2) not informed when a program is attempting to run without authorization.

How would you design a system that fulfilled the two items above while still allowing the flexibility to actually install programs when desired?

Re:PR != Security

[Kalriath]

Vista has one and only one major security-impacting feature - The "Train users to always click yes" interface to privilege escalation. And I feel confident saying that very, very few
of us consider that a "good" thing. Get users on Linux, and we'll be seeing the "Train users to always click yes (or in CLI mode, prefix with "sudo") approach to privilege escalation"

Wait, that sounds familiar. Oh, wow! Both my post and yours are virtually identical!

Seriously, people bash UAC, but it's pretty much identical to sudo.

Re:PR != Security

[BlueTrin]

The problem is that I can hardly see an OS forbidding you to do some stuff you want at home.

Most users would complain. In a corporate setting that is totally different ...

Re:PR != Security

[Chutulu]

Seriously, people bash UAC, but it's pretty much identical to sudo

dude, this is /.

Re:PR != Security

[clang_jangle]

How would you design a system that fulfilled the two items above while still allowing the flexibility to actually install programs when desired?

See OS X, most any desktop Linux or BSD distro for the answer. Of all the desktop OSes it's only the ones made by MicroSoft have this problem.

Re:PR != Security

[BadAnalogyGuy]

Of all the desktop OSes it's only the ones made by MicroSoft have this problem.

First, are we talking about *all* Microsoft operating systems? I'm not. I'm only talking about Vista because it is the only consumer desktop OS by Microsoft that has UAC.

Second, are you saying that OSX, "any Linux", and BSD distro will install anything, without warning, automatically, and without root privileges? If so, that sounds like exactly the problem that UAC was intended to stop. UAC exists to temporarily raise the current user's privilege level in such a way that at the very least the user is informed and prompted for confirmation. This is akin to sudo on Unix-like systems.

Are you seriously arguing that prompting the user is only something that happens on Windows?

Re:PR != Security

[dhavleak]

Seriously, people bash UAC, but it's pretty much identical to sudo. In fact, I can think of a scenario in which UAC is actually better than sudo:

In a social engineering attack where you download some program (malware) and run it -- the malware could spoof a UAC prompt -- if you are foolish enough to click "Allow", well, nothing really happens because the program didn't get elevated privileges (since it was a fake UAC prompt). In the sudo case, the equivalent level of foolishness has you entering your password instead of merely clicking "Allow". Result is that the malware has your password now, so it's basically Game Over.

Of course, this is probably a moot point because a better social engineering attack would actually do something causing a genuine UAC prompt (instead of bothering to spoof it). The level of foolishness required to click "Allow" is probably the same in both cases.

I guess where UAC becomes valuable is when an attacker has managed to exploit a hole, to execute code remotely without requiring you to fall foul of a social engineering attack. This way you know you haven't done anything to deserve the UAC prompt that just popped up, so you know that you should click "Deny" here. This might still fail to protect users that have absolutely no clue, but honestly they shouldn't be running an admin account anyway (and hence should not be able to elevate a process).

Re:PR != Security

[clang_jangle]

Are you seriously arguing that prompting the user is only something that happens on Windows?

I feel so misunderstood -- Can't imagine how you got that idea....

You said

How would you design a system that fulfilled the two items above while still allowing the flexibility to actually install programs when desired?

And I was simply pointing out that no other popular desktop OS has this issue with munging security so badly

Re:PR != Security

[JasterBobaMereel]

Users should be prevented from installing programs blindly - Full stop

Users should be informed the program is trying to run as an admin and so has been killed

Users should ask to install a program, be asked for admin password to continue and then go ahead without repeated warnings ....!

Asking for permission to do something means the program was not installed properly (when installed it should request all permissions it will need), or should not be doing it

Windows Vista does all the wrong things
    Prompts for permission on both installed and uninstalled programs repeatedly
    treats an install the same as running a program

Linux/OSX are not perfect but seem to have got the balance more correct (mainly due to a legacy of doing the right thing and so not having to support user programs that assume full admin rights)

Re:PR != Security

[clang_jangle]

I thought you were asking "how can a system be made idiot-proof and still let users easily install software without having to know anything about actually using the system?"

I have no trouble with my OS X, BSD, or Linux software installs affecting security. Heck, I know some MS users who have no trouble with that.

So I guess it's like driving. Everyone thinks they can do it, but in fact maybe one in five of us can actually do it without causing problems. So incompetent people wreck their cars and have problems with the computer. Big deal. Besides, there's lots of money in that. :)

Re:PR != Security

[SuiteSisterMary]

See, this is one of those correlation/causation fallacies.

Linux has fewer of these 'user blindly runs stupid shit' problems because, at the moment, it's only run by people who also know about that sort of thing.

If Linux was the everyday OS, it would have just as many idiots blindly typing in their root passwords on demand.

I've never understood the thousands of HOWTOs and install guides that say 'now, don't run this as root!' then preface damn near ever step with 'sudo and type in your root password.' There's not a whole lot of difference there.

Re:PR != Security

[azgard]

There is a problem in this thinking. The sudo prompt is only expected to appear in certain situations (such as clicking on administrator mode button in certain dialogs), not randomly when browsing the web. AFAIK, on Vista it can appear anytime application asks for it (but I am not Vista user).

Re:PR != Security

[pla]

Seriously, people bash UAC, but it's pretty much identical to sudo.

Key difference - Using sudo represents an active request by the user for privilege escalation. Telling UAC to continue approves apassive request that the user might not actually have made (or known they made). When enough of them pop up at random times, it conditions the user to just say okay to make it go away - By comparison, no one would ever just randomly sudo a command for the hell of it.

Re:PR != Security

[aliquis]

Nah, they wouldn't need to click yes, they would just login as root for convenience.

IANAVU (I'am not a vista user), but I suspect that the difference of UAC and Sudo are that the Windows developers haven't cared earlier and therefor do all kinds of bad stuff because nothing have prevented them from doing so earlier, and therefor UAC bothers the users more so they get annoyed and start pressing yes for all (much as I suspect my sister does for her antivirus, antimalware and firewall I installed for her.)
But are Microsoft really to blame for that? Especially since they had already tried to tell the developers to not do it earlier if I remember correctly, sure they made it possible in the first place but most OSes did back then.
And now they try to fix it, and in the end it will probably lead to less applications trying to do stuff which need higher privileges and therefor less UAC boxes and eventually better security. Just as in the case of unix.)

Re:PR != Security

[BadAnalogyGuy]

To take that idea a step further, how should scripts that rely on a runtime be restricted? Let's say Perl is installed, and it requests full system access at installation. When you run a script that erases the hard drive, should it automatically run at the Perl permission level? Or should it run at the user level without automatically gaining Perl's permission level? Or should a text file be considered "executable" and require installation as well?

I agree that installed apps should not ever bring up the UAC. And that getting over the legacy app problem is a huge hurdle for MS.

Re:PR != Security

[dhavleak]

Windows Vista does all the wrong things
- Prompts for permission on both installed and uninstalled programs repeatedly
- treats an install the same as running a program

That's actually quite inaccurate:

The question is do you need admin creds to run the program / installer or not?
- For most installers the answer will be "Yes".
- For many programs (say office/notepad/firefox/cmd.exe) the answer will be "No"
- For the same programs, the answer could sometimes be "Yes" (cmd.exe, firefox to install a plugin, etc.)

Note that you won't get asked to elevate everytime you launch the app -- though you can configure it that way if you wish. The app needs to be coded correctly to understand when it needs to elevate (for example the way firefox will pop a UAC prompt only when it wants to upgrade itself or install a plugin -- but otherwise pretty much runs UAC-free. This is pretty much as it should be.

If an application actually needs to run as administrator to function correctly (even when the app doesn't actually do anything that requires admin privileges) -- it means it's a pre-vista application that was poorly written and ignored MS's platform development guidelines (for XP). UAC annoyances serve to expose those apps, and their next iterations will be better. Tough decision on MS's part, but it had to be made, and it was definitely the right call.

Re:PR != Security

[CrackerJackz]

Part of the problem is the Vistas UAC prompts users (even local admins) far to often. If I'm a local admin on a workstation, there are certain tasks that I would expect to be prompted for (installing software, patching software, deleting file from C:\Program*\, ETC.) but changing the system time? Opening the system management MMC? This simply means that most admins will turn it off, which significantly reduces its functionality ;)

Re:PR != Security

[dhavleak]

There is a problem in this thinking. The sudo prompt is only expected to appear in certain situations (such as clicking on administrator mode button in certain dialogs), not randomly when browsing the web. AFAIK, on Vista it can appear anytime application asks for it (but I am not Vista user). Not true -- what happens when you launch synaptic, for example? You get a sudo prompt. Most gui apps (installers, administrative widgets) that require admins privs are going to start with gksudo or whatever to elevate.

The part about a prompt appearing when you're randomly browsing the web also still applies. i.e. the assumption here is that a security hole in your browser has been exploited because you went to a website that has malicious content. The hole was exploited to remotely execute code. This code, in the hypothetical scenario will throw some message that convinces the uninformed user that they actually want to proceed and then spoof a sudo prompt (or even display a real sudo prompt).

The situation is just hypothetical -- social engineering attacks generally don't need to exploit exotic holes -- they just need to entice the user into doing something dumb (install this codec to see Paris Hilton naked). And the average linux user is simply not going to fall foul of it. But the central point remains -- there isn't much point to asking a user for a password when elevating privileges, and actually asking for one is a weakness.

The only (not really valid) argument in favor of the password is "if I lend my machine to someone for 5 mins they shouldn't be able to much around with it". Well, don't give your machine to people who will much around. If you don't have that level of trust -- make them use the guest account. If you walk away from your machine -- remember to lock it before you get up.

Re:PR != Security

[dhavleak]

Aaargh! "much around" should have been "muck around". Both times!

Re:PR != Security

[value_added]

Seriously, people bash UAC, but it's pretty much identical to sudo.

Dunno how you would define "pretty much", but my definition is different. If we were to assume they were similar enough, however, your comment is still based on an apples and oranges scenario which renders it "pretty much" meaningless in real world terms.

Put another way, superficial observations of similarity are just that, superficial. It's the implementation that matters. It's fair to say that Windows does, generally, improve its implementation as time goes on, but the approach taken is still one based on a slew of assumptions where ease of use trumps all, and an increasing number of deliberate obfuscations are added to promote user-friendliness. When you layer all that on top of a complex system that gets reinvented from time to time, and one that even the folks at Microsoft have trouble with, your similiarities go out the window.

I'm reminded of a comment I read recently where someone said "Windows users don't obsess over permissions like *nix users routinely do." Indeed. No one but an experienced Windows admin would have a clue as what permissions exist where, how, or why, while their users don't seem to mind that that most everything is set to the equivalent of 777 anyway. Permissions? Who cares. Hide them, along with file extensions and everything else. Access token? Never heard of him.

Sudo ain't UAC, just like *nix ain't Windows. Get over it. And an uneducated user using Windows will never be the same as uneducated user using *nix. Come to think of it, this whole discussion is stupid. Just as stupid as the often-repeated claim that one day, one day real soon now, Mac users will be plagued by malware just like Windows users are.

Re:PR != Security

[magamiako1]

I rarely get UAC prompts except in the case of installing applications.

Generally as far as I can tell applications trigger UAC when they write to the registry (and even then I believe they can write to HKCU but not HKLM) or write to Program Files or the Windows DIR. Beyond that, there is no issue.

Or if you try to make system changes.

You cannot run "ipconfig /release" from a non-administrative command prompt either. Nor can you run chkdsk and other system level tools.

The problem actually comes in when applications try to become "portable" and install in Program Files. Since the application does not own its own directory as they do in Linux, Windows won't allow an app to write to configuration files stored within there.

The proper method is that application configuration should be stored in the User's home directory.

Some stuff behaves this way in Linux (irssi stores some config in each user's home DIR), while others do not (apache config is stored in apache's home dir since apache owns it).

Generally it's not too bad though, just a pain for people who don't understand this simple concept and aren't used to it.

Re:PR != Security

[Inda]

It's not random though. Either the user account is trying to install something, play with system files, use folders they don't have access to, etc or the administrator is. The administrator should know best; at the end of the day, it's his PC to fuck up.

Giving users the wrong account types is the issue.

Re:PR != Security

[magamiako1]

Perhaps a little video demonstrating the new UAC feature would have been in Microsoft's best interest.

Re:PR != Security

[magamiako1]

Vista's UAC prompt only occurs when you need to perform administrative functions. This includes installing applications (C:\Program Files), modifying system variables (Device Manager, etc.)

Most Control Panel applets come up with a UAC prompt. Most software installation comes up with a UAC prompt initially.

You need to actively run an Administrative Command Prompt in Vista in order to do things like ipconfig release/renew, chkdsk, defrag, and other tools.

MMC pops up a UAC prompt. (If you don't know why this is the case then you haven't used Windows extensively).

Regedit pops up a UAC prompt. Same goes for Regedt32.

Applications that write configuration data to Program Files may fail unless you run them in Administrative mode. Same goes for applications that write in HKLM. For example, World of Warcraft writes its location registry key to HKLM, which is not allowed to happen (silently) unless you run the executable as an Administrator. There's no UAC prompt for it, just UAC blocks it from occuring.

This separation from running as "global administrator" is new to a lot of Windows users, but I've used Vista for years and this is what I've found.

Re:PR != Security

[magamiako1]

Oh yeah, likewise you won't be able to modify a program's configuration with a non-administrative notepad session if that file is located in Program Files. You aren't prompted by UAC for this, you are just denied write privileges to Program Files from notepad unless you fire it up as Administrative mode (which then prompts UAC as you fire up notepad).

Re:PR != Security

[microbee]

I think UAC is good for people who actually know how computer works, but for grandma, it does not solve the problem as she'd not be able to make the right judgement.

So UAC never bothered me and I actually like it. It just doesn't solve the problem it's supposed to solve.

Re:PR != Security

[drspliff]

However sudo & graphical equivilents will ask you for your own password before allowing the program to continue, which implicitly makes you think a little and read the message.

Now the big difference: sudo has a grace period of 5 minutes, meaning you get less of these messages, I think on my development machine I may get one or two a day if I do any sort of admin tasks - otherwise none.

Whereas Vista pops up for anything and everything, just requiring you to click a button to continue. Within 3 hours of using Vista I was blindly clicking through them. It's not normal to have UAC pop-up 4-5 times during the same install session!

Re:PR != Security

[everphilski]

By comparison, no one would ever just randomly sudo a command for the hell of it.

You say that... apparently you don't know the same people I know. There is very little difference between sudo and UAC, and if you read the post above yours, there are times where UAC can be percieved as advantageous.

Re:PR != Security

[sm62704]

Get users on Linux, and we'll be seeing the "Train users to always click yes (or in CLI mode, prefix with "sudo") approach to privilege escalation"

Running KDE on Mandriva (which is like running Windows), if you log on as root the screen goes completely red and warns you sternly that you are in great danger of ruining your system.

Very seldom do I ever use a command prompt in it, in fact as seldom as I do when I'm running Windows. "DELTREE /Y *.tmp" from the root directory (or "folder" for you youngsters) is a whole lot easier than running that stupid search dog for *.tmp, highlighting everything with the mouse, and then deleting them.

I think a lot of people commenting about Linux haven't used it this century. Ubantu ain't the Linux your grandpa used to use.

Re:PR != Security

[drsmithy]

The sudo prompt is only expected to appear in certain situations (such as clicking on administrator mode button in certain dialogs), not randomly when browsing the web. AFAIK, on Vista it can appear anytime application asks for it (but I am not Vista user).

UAC prompts appear anytime an application tries to do something that requires elevated privileges (this is detected automatically by the OS).

I don't use Vista heavily, but I've yet to see a UAC prompt that was unnecessary (although they are sometimes unexpected due to poorly written applications).

Re:PR != Security

[drsmithy]

Key difference - Using sudo represents an active request by the user for privilege escalation.

I'm sure the GP is talking about the graphical sudo prompts in Ubuntu (and others), rather than 'sudo blah' style commands.

Re:PR != Security

[drsmithy]

Part of the problem is the Vistas UAC prompts users (even local admins) far to often.

Being a "Local Admin" just means your user has the ability to elevate using UAC. It is the rough equivalent of the 'wheel' group or
%administrators ALL=(ALL) ALL
in /etc/sudoers.

If I'm a local admin on a workstation, there are certain tasks that I would expect to be prompted for (installing software, patching software, deleting file from C:\Program*\, ETC.) but changing the system time? Opening the system management MMC? This simply means that most admins will turn it off, which significantly reduces its functionality ;)

You should most certainly need elevated privileges to change the system time and run the system management tools.

Re:PR != Security

[reaktor]

UAC is a mistake. Some how crap like this still gets installed in Vista under a limited user, with no UAC or popups asking admin rights to install. These nasties fill up in the registry and in the windows system32 directory.

Re:PR != Security

[DeeQ]

I currently Run Vista at home. I don't Personally use UAC. However I have had it on before for a decent amount of time. It doesn't just randomly pop up. There are cases when a program will make it pop up when you are trying to run it. That is not Microsofts fault. Thats whom ever wrote the original programs fault. They required the program to need Admin access to run properly. The only other times I would see it was if I was installing or saving files. However I would like to say its not perfect BY ANY MEANS. (hence why I don't normally use it) One of the big problems I have with it is saving images. For instance you can't save into C:\program files\Whereever for an image. It will give you a permission denied error (No UAC message just a denied error) However if you save it to say your desktop you can then copy and paste it into C:\program files\whereever and get the UAC prompt. (Also if you are wondering why the heck Im trying to save images in program files its because a game where you can use your own sprites for images) Also a bug I've noticed from FF is it doesn't even give you that permission denied error it just appears as the image saved however there is no image in the folder that was selected.

Re:PR != Security

[Rutulian]

Wait...so you're equating blindly clicking "Yes" on an annoying dialog that pops up every 2 minutes to actively entering your password when a program wants to make a major change to your machine?

That issue aside, AppArmor and SELinux are doing quite a bit more than simple privilege separation for linux right now. Not only are they finding bugs in programs to help eliminate security issues, but they are restricting programs to exactly what they need and nothing more. I think that's going to do a lot more for linux security than UAC does for Windows.

Re:PR != Security

[foniksonik]

Except that forcing people to enter their *Admin* password to escalate their privileges also forces them to stop and think "hmmm does this program REALLY need that type of access?"

Additionally if the person is not an admin for that machine, they won't be able to install the software without someone's help, ideally an individual who took the time to NOT give them an admin account for just this reason... so they wouldn't install malware by mistake.

SUDO doesn't work if it is turned into an obligatory prompt dialogue that people just click through mindlessly.

Re:PR != Security

[initdeep]

and finally, the truth comes out.

If you don't give the everyday user account administrator status, then when UAC prompts appear, you cant blindly click on "yes".

It's only because people blindly make all of their everyday accounts "administrator" accounts on Windows machines that this is even possible.

These same people would NEVER think of running as root on their *nix machines, yet will run as administrator all day long on their windows machines.

How is this the fault of the OS?
Should Windows by default prevent people running as the administrator account and ask them for permission each time they try to do something that only a real administrator account should be doing?

Oh wait.........

Re:PR != Security

[Jugalator]

Indeed, but if we're comparing a Windows UI feature, we should perhaps compare it to a UI feature of a Linux desktop distribution, not command lines, because the command line is already widely regarded being a barrier of entry to the users Windows is geared for.

And if doing this, the approach becomes virtually identical. Well, one difference being that I have to actually *enter* the password in e.g. Ubuntu if doing an "administrative task", while I don't have to do this and just click through under UAC if I'm an admin. However, even UAC requires an entered password if you're a non-admin. The UI will change depending on the Windows user type.

Re:PR != Security

[dhavleak]

Except that forcing people to enter their *Admin* password to escalate their privileges also forces them to stop and think "hmmm does this program REALLY need that type of access?" Sudo and UAC both grey out the entire desktop, and pop a system modal dialog that prevents you from doing anything else until you respond to it. If that's not enough to tell the user something big is happening, the password part isn't going to help either.

Additionally if the person is not an admin for that machine, they won't be able to install the software without someone's help, ideally an individual who took the time to NOT give them an admin account for just this reason... so they wouldn't install malware by mistake. Right, and that's exactly how it works for UAC as well. If you're not an admin, your only option for installing something that requires admin access is calling an admin to help out. You won't get a UAC prompt (you have to do what's known as an 'over-the-shoulder' elevation instead, which requires the admin to enter their user/pass to "run as admin").

SUDO doesn't work if it is turned into an obligatory prompt dialogue that people just click through mindlessly. The reports of UACs annoying-ness are greatly exaggerated. As a Vista user since around launch date I can tell you I'm not used to seeing a UAC prompt at all. Patch Tuesday and Firefox updates are probably the only time I see them -- and that's exactly the way it should be.

Re:PR != Security

[weicco]

At least UAC on my Vista setup asks administrator password when some stupid application want's to access something it is not supposed to. Writing 11 character long password with big and small letters and couple of numbers is pretty active thing to do. I don't really think that typing "sudo" before that would do any difference.

Re:PR != Security

[stubear]

What are you doing saving images in to Program Files anyway? That's what My Documents or My Pictures in your user folder is for. If you don't want to use either of these then create your own folder in your user account and use this instead. It's this stupid way to thinking that has caused the problems Vista faces. UAC would be a lot better if it could be properly designed but it's having to do double duty as a nanny to enforce proper user AND developer behavior. I HATE when apps seem to think they can install their files at the root of my system despite there being a CLEARLY labeled folder called Program Files designed for this specific purpose. User and find-grained permissions have been in NT since the beginning and we STILL have developers with their heads up their asses. And this isn't limited to specific development paradigms or types of companies/corporate climates. MANY developers who should know better disregard this structure out of sheer laziness, nothing more.

Re:PR != Security

[Kalriath]

Yes, yes I am. Why is this? People often forget that UAC will actually demand a password as well if you are not a member of the administrators group. And, it can even be configured to always demand a password, even if you are!

Re:PR != Security

[dhavleak]

You fail to understand that on Unix/Linux a downloaded file is _not_ a program that will run. It needs to have a specific 'chmod -x name' in order for it to be executable. This is something that Windows users often fail to understand. 1. sh malware.sh will work even if malware.sh only has r-------- permissions.

2. The underlying assumption was a social engineering attack -- so the user is consciously following whatever steps needed to exectute the malware.
3. The alternate scenario (exploiting a security hole) relies on, for example, buffer overruns and other exploits to execute code -- not launching a program the way you normally would (in linux, or windows)

In the 'sudo case' you failed to get over the hurdle that it won't run at all so there is no 'sudo case' I just debunked that above.

The foolishness is that a UAC occurs frequently for many things that are trivial so a significant one hides amongst the annoying ones This is a complete myth. Once their machine is set up, the average user will not see a UAC prompt more than roughly once a month (patch tuesday) or so..

Anyway UACs are not to help security but are merely to transfer blame: It is not MS's fault any more, it is the user's fault because they allowed the security failure to infect the machine. Whatever dude...

As most userrs don't know why the UAC popped up anyway then how do they tell the difference? I already addressed that in this thread itslef -- you don't normally see a UAC prompt unless you're installing apps/messing around with settings, etc. If you're just editing docs, browsing, checking email, watching a movie, and you get a UAC prompt, something is wrong -- simple. Users who don't have the expertise to understand what that sentence means should not have admin accounts - so they won't get any UAC prompts anyway. And the problem of distinguishing malware from legit apps is not what sudo or UAC are intended to do -- they are tools to enforce the priciple of least privilege.

Re:PR != Security

[Kalriath]

No, you are incorrect on the automatic detection. Windows will by default punt any attempts to write to protected locations to the "virtual store" (a copy of the system locations stored within your profile) without invoking a UAC prompt, just for backward compatibility. The application doesn't even know that its file didn't go where it asked.

Re:PR != Security

[Kalriath]

Just a note, I would say that Firefox did actually save the file successfully, but Windows transparently redirected it. Check your "%UserProfile%\AppData\Local\VirtualStore\Program Files" folder and I bet your images are somewhere in there.

Re:PR != Security

[Kalriath]

On Windows a download may well execute even if the user does not realise that this may happen. This is compounded by the fact that a file 'something.jpg' may in fact be a .exe because Windows hides this vital information. It is made blindingly clear to a user that they are launching an executable if they double click on an executable downloaded off the internet (so long as it is stored on an NTFS volume) as it is tagged in its file stream as a file retrieved from a potentially dangerous zone. Your described situation is more false than the situations you decry as impossible.

For an example of this behaviour, download an EXE using Internet Explorer and double click on it. You are warned that this file might not be safe and asked if you want to continue. To see why, open a command prompt, change directory to the folder the EXE is in, and type "notepad nameofexe:Zone.Identifier" (for example, "notepad notepad.exe:Zone.Identifier")

Re:PR != Security

[JasterBobaMereel]

- For most installers the answer will be "Yes".
  If they don't register themselves (and probably a file extension) they are not proper windows apps - and access to those parts of the registry needs admin privs...

- For many programs (say office/notepad/firefox/cmd.exe) the answer will be "No"
I agree ... Once installed

- For the same programs, the answer could sometimes be "Yes" (cmd.exe, firefox to install a plugin, etc.)

No, Cmd never needs admin privs - sometimes the programs it runs need admin privs? Your milage may vary with Powershell?

Why would a Firefox plugin need admin privs? a browser does not need any access to the PC, and neither should any of it's plugins?

It should be the difference between a user app and a service

An app should never need admin privs not even for install
A service should require admin priv for install and sometimes (pre-requested) limited admin privs for certrian operations
Apps should ask services/drivers to do things they cannot do ...

Wait a moment...

[hyperz69]

Vista Had a Positive Security Image?

Re:Wait a moment...

[Legrow]

Vista Had a Positive Security Image? 'Positive' in the 'HIV Positive' sense.

Re:Wait a moment...

[Spy+der+Mann]

Vista Had a Positive Security Image? Positive as in "HIV positive".

Re:the problem is combining ...

clicking "yes" somewhere he can run the funny application he got by e-mail, he will do so, and the system is potentially infected. I do not!! now for the pron... your damn right I do

Re:the problem is combining ...

[NickFortune]

No need to slam Vista (or Windows in general) -- the problem is combining a dumb user with /any/ OS he can get admin rights on.

I don't think that works as an excuse for Microsoft.

The trouble with that Windows is supposed to be the operating system of the common man. At least, every time Linux gets a cool feature, the Redmond apologists start roll out their hypothetical Joe Sixpacks and Great Aunt Mildreds and tell us how these ordinary people can never cope with Linux, but windows, focus-grouped to death as it is, has been designed for these exemplars of non-geekiness, and is therefore superior.

But that makes it kind of hard to blame bad security on the users. Windows is supposed to be designed with the click-on-the-dancing-monkey demographic in mind. They can't really throw their hands in the air and say "it's not us, it's the stupid users" without admitting that, really, they haven't a clue how to make a secure operating system.

They would, wouldn't they?

[Harold+Halloway]

Why might "Australian security vendor PC Tools" claim this? Could they have a vested interest in saying this?

Re:They would, wouldn't they?

[FamineMonk]

step 1: Start a support/news website.

step 2: Publish story "OMG Malware!!1!"

step 3: ????????

step 4: Profit!

Consider the source

[Gadget_Guy]

So a company that sells security software puts out a press release to say that you still need to buy their software even if you run Vista. I can't think of a single ulterior motive that they might have to do this!

How many of the anti-virus companies don't issue doom-and-gloom style press releases? It is just their way of drumming up business. I would rely on these figures as much as I would rely of Microsoft's "research" that might suggest that Vista is completely immune to any security issue. The truth lies somewhere in between - which shouldn't surprise anybody.

And before anyone jumps down my throat, no Microsoft didn't says Vista was that perfect.

Does that help, though?

[BadAnalogyGuy]

The user would still be vulnerable to regular hosings due to malicious programs having full reign on all the user's stuff. Even if the damage is restricted to the one user, who wants to be that user?

It's definitely a good start, but local program installation without user notification still presents the same problems (though to a lesser degree of damage) as running as administrator or root all the time.

Re:Does that help, though?

[aliquis]

But the same is true for all (?) oses so what's the difference? I guess one can try to prevent it with password protected partitions or whatever but it will just fail anyway.

Re:Does that help, though?

[tepples]

Even if the damage is restricted to the one user, who wants to be that user? You're right that nothing replaces backups to a CD-R or DVD-R. This is true on any platform open to microISVs.

technical limitation

[CarpetShark]

After all, the survey missed classifying Vista as malware -- how accurate could it possibly be?

This was my first thought too. But then I realised that they've obviously omitted that fact on purpose, to solve an infinite recursion paradox:

Vista is malware
Vista can host malware
Therefore vista is self-hosting

Vista is unstable
Therefore, vista can't host a stable OS
Therefore Vista can't host itse..

Oh, never mind. It works out just fine.

Re:technical limitation

I'm running Vista, and I can confirm that it never blue scre

Re:technical limitation

[CarpetShark]

Don't be lazy: do your own research. Just press a few keys, then refer to the blue screen.

Re:Ask Loki

[dhavleak]

The installer allowed you to install for the current user (in their home directory) or, if they wanted it in a central location, as root in /usr/local/games. Loki did it in Linux. Why can't MS do it in their installers? It does - the default path is program files, and you are free to change that to your home directory if you wish. Anyway, what has that got to do with security/trojans/UAC?

Re:Windows is basically a wrong architecture

Blaming the user for running as Administrator and exposing loopholes is like blaming the car driver for driving with the windows down.

Some other commenter pointed out that being trained to clicking "Yes" was comparable to running everything as super doer. Rightly so. Do you know how tremendously difficult it is to convince Peter average user to have strong passwords, to keep user accounts and administrative accounts separate, and so on? As soon as he finds out how to run programs with administrative privileges, he'll stick to this new "freedom".

By Design Windows is flawed.

So is any other OS with an UI, because they require a user. The user is the problem.

One should not need UAC to install software, and the registry concept should be thrown out.

While I agree, I do this because I think an operating system should have user accounts with no rights to install anything, and an administrative account without any GUI. Please explain Peter average user he has to use CLI to install/uninstall software. (This works with my Peters, because I manage their Linux workstations for free. But it won't work with most users.)

It will be great if Windows adopted Linux [kernel] as a base and bolted WINE as a backward way to run Windows Apps and Games.

But still, the user has to install software on the system. Unfortunately, he wants to do so without any hassle.

Cracks in the armour

[Toreo+asesino]

The only cracks is the armour are the users, them being the one's that say "Yes, this unsigned potentially dangerous piece of software that inexplicably wants admin rights to my machine can do whatever it wants."

There's a difference between the prompts when the exes are signed or not, for example here - http://www.autoitscript.com/autoit3/docs/intro/autoit_on_vista.htm

Re:Cracks in the armour

[ledow]

Quoting from the page you linked:

"Even signed code can be malicious!"

As the program itself proves because it allows a scripting language to run inside it's own signed executable with admin rights.

The problem is not "just" users (users are dumb, don't trust users, sanitise your programs, their inputs, and anything a user can possibly do - this is all stuff that every programmer is taught on Day 1). The problem is not the "unsigned" executables (HAHAHA! Yeah, great, home users really care about that - they don't even UNDERSTAND the concept). The problem is really the arbitrary running of code in a full-rights environment when it's unnecessary. Installers DO NOT NEED access to anything but 1) the directory that they have requested to install into, 2) some way to call functions that will (depending on a user's settings/choices) check settings for compatibility, create icons/shortcuts, start at boot time.

It doesn't need: full access to the entire disk, the ability to set permissions on ANY other file, the ability to SEE the contents of any other file, the ability to spawn other processes, the ability to edit even the users files, to force itself into registry entries for startup, to be able to seize control of or even SEE the keyboard/mouse (window messages would be sent for anything relevant anyway) or anything else. Whether as an administrator or even a limited user.

And the user should have a damned easy way to get rid of a program if it is malicious. Through a powerful add/remove facility that is enforced BY THE OS. i.e. when you SAY uninstall Program, it forcibly kills and uninstalls the damn program, including every file it's ever installed, no matter what.

What's needed is a virtualised install environment with just the bare minimum contact with the outside world. Every programs installs into AN EMPTY FOLDER that it can't escape (i.e. chroot). If it needs access to a particular shared library, it can request that without needing to access the entire C:\Windows folder. If the OS decides that that it okay, it gets a "hard link" to the library in it's folder, or some interface through which it can call the library functions, AND NO MORE.

Hell, why just on install? Why can programs see ANY files other than ones that are: dragged-dropped, opened with or otherwise handed to the program by the user? Why can programs insert themselves in startup entries (user, computer, any of them) and OVERRIDE the user by keep reinserting themselves? Why can programs run any and every function in any and every DLL they can see whether or not they need to.

Windows really, really needs to abstract away EVERYTHING that a program could use so that it becomes a virtual program running in a controlled, minimal environment. If it wants to open a port, it has to REQUEST it first (by one of only a handful of functions it is allowed to access, or by creating a particular file in it's own chroot'd area, e.g "\SystemRequest\TCP_Port_Request_Inbound_2600"), and the Windows firewall can choose what to do - even if that is choosing to ignore all further requests because it's a virus trying to spam. If something wants to access files, the OS has to ask why? Did the user open a Word document in Word, which is associated with Word docs? Fine, let it happen. Did they drag-drop an image onto an image editor they've never used before? Okay. Did the program just abritrarily try to index the disk? Deny it. And when you have Word editing the Word file, have it edit a shadowed copy of that file, so that it can't damage the users original file, even if it "deletes" it.

Simpler is better, but you can make things too simple. It's harder to program an OS that provides such a simple environment, harder to convert legacy code to use it but MUCH, MUCH easier to see, avoid and control problems and MUCH, MUCH easier for users to manage. You don't need a million windows popping up. You don't need full access to the OS. You want the EXACT opposite. Nothing pops up unless the users want

Comment removed

[account_deleted]

Comment removed based on user account deletion

Image

[Vyse+of+Arcadia]

You guys remember 80s and 90s ecological cartoon villains? The ones that were made of pollution so that the only way to hurt them was with clean air and water? Vista's security image is kinda like that. The only way to actually hurt it at this point would be if the results were surprisingly good.

Re:Image

[Jesus_666]

Or we combine the powers of water, air, earth, fire and love to form Captain Planet. Or - even better - we combine Cheetos, Coke, anonymity, too much spare time and Linux to form Captain Fanboy, with the power of writing scathing flames on Slashdot.

Of course, Microsoft could counter that by combining the powers of Soviet Russia, old Koreans, Nathalie Portman, hot grits and Cowboy Neal to form Captain Meme, who drowns out everything Captain Fanboy posts with a flood of +5, Funny posts.

Hey vista don't work unless you buy my stuffs!

[Sheen]

This is about as relevant as giving out a statement saying that engines run better on non bio fuel.

Re:Hey vista don't work unless you buy my stuffs!

[Sheen]

This is about as relevant as giving out a statement saying that engines run better on non bio fuel. hmm apperantly slashdot removed partly what i wrote. its supposed to say ...about as relevant as a oil company giving out a statement that engines run better on non bio fuel.

Big Impact on Opinions

[FurtiveGlancer]

Instead of "obnoxious security" as highlighted by the apple commercial, now we have "less effective than advertised obnoxious security that's still better than XP."

Can we possibly bring ourselves to acknowledge that M$ actually brought about an improvement in PC security? It shouldn't hurt too much since it appears to be verifiable.

Re:Big Impact on Opinions

[SuiteSisterMary]

And lets face it, if the user runs it, can it be considered a security failure on the OS part?

It's not Vista's fault that the user said 'Run SnowWhiteNailsDopey.scr.exe! Yes! Yes! Allow! Yes! I'm Sure! Yes! Yes! Don't Care That It's a Virus!'

Lets face it, if Vista didn't allow this, Slashdot would be running stories about how Big Bad Microsoft doesn't let users run programs on their own computers, that DRM watches you pee, and so on.

huh?

[Peter_The_Linux_Nerd]

"New Malware Report Hits Vista's Security Image" -- Vista had a security image?

Re:the problem is combining ...

[DigitalisAkujin]

No dude lol... just plain no.

A Network admins know that the common man or woman doesn't know their computers from their asses. It's like the saying goes, PEBKAC.

The fact of the matter is that Microsoft is king because Linux software isn't even there yet when it comes to quality. Whenever you have new hardware you probably can't even use linux because the drivers haven't come out yet or are beta and/or a bitch to install.

Linux continues to be dogged down by too many deal breakers for so many people. You can have Linux be good for 15 / 20 uses and even throws in 5 - 10 new ones but the few you got left might include deal breakers for so many people. This is the challenge the open source community will need to overcome before it ever wins this war. It will eventually win though. We're only 15 years into a networked world. 60 years from now software companies will only make money from custom code.

Clearly Microsoft must give an URGENT update!

[Colin+Smith]

Obviously Microsoft must send out an urgent update to Vista!

Disable the Yes button!

Phone them up and demand this urgent security feature!

But do those features actually work as intended?

[Marrow]

Its only an improvement if the features work and are reliable and do not cause any other problems or side-effects.

Re:the problem is combining ...

[NickFortune]

The fact of the matter is that Microsoft is king because Linux software isn't even there yet when it comes to quality.

Well, that's not an opinion I share, obviously.

But even if I did - I still don't see how that would Vista off the hook in terms of security.

Re:the problem is combining ...

[Vectronic]

Dude? Get Off My PEBKAC...

Problem
Exists
Between
Keyboard
And
Chair

For anyone wondering...

Back-compat is the hurdle

[tepples]

And I was simply pointing out that no other popular desktop OS has this issue with munging security so badly No other popular desktop OS has had a continuously maintained API going back to an operating system with a single-user kernel. The Win32 API has been around since the single-user Windows 98, and end users expect binaries compiled and tested on Windows 98 to run on Windows Vista. Apple solved this on Mac OS X (Classic environment) and CodeWeavers solved this on Linux (Wine) through partial virtualization of an old operating system to run its applications.

Re:Back-compat is the hurdle

[clang_jangle]

No other popular desktop OS has had a continuously maintained API going back to an operating system with a single-user kernel. The Win32 API has been around since the single-user Windows 98, and end users expect binaries compiled and tested on Windows 98 to run on Windows Vista. Apple solved this on Mac OS X (Classic environment) and CodeWeavers solved this on Linux (Wine) through partial virtualization of an old operating system to run its applications.

That's a good point. So why didn't MS virtualize win98, XP, etc rather than carrying the troublesome APIs over to Vista? Certainly they have the resources to do it. Why does MS stubbornly cling to a failed paradigm?

I'll bet it's greed. Something like, "Hey that virtualization is hot hot hot yo, we can't squander that tech on people who only bought an OEM install -- we got to get paid for this one!".

Re:Back-compat is the hurdle

[drsmithy]

No other popular desktop OS has had a continuously maintained API going back to an operating system with a single-user kernel. The Win32 API has been around since the single-user Windows 98, and end users expect binaries compiled and tested on Windows 98 to run on Windows Vista.

Win32 originated from the multiuser Windows NT 3.1, in 1992.

Apple solved this on Mac OS X (Classic environment) and CodeWeavers solved this on Linux (Wine) through partial virtualization of an old operating system to run its applications.

The API simply isn't relevant. Nearly all malware issues can be narrowed down to PEBKAC.

On a related note...

[stupidflanders]

This article seems to say that Vista is MORE secure than XP, or OSX.

Here's another good article about detecting Rootkits in XP vs Vista using antivirus suites and online scanners.

Oh no, now you've done it

[dreamchaser]

I expect Twitter to come rushing out with one of his many sockpuppet accounts and attack you at any moment! How dare you cloud a perfectly good Vista bashing with a few facts! Shame on you!

Vista isn't great and was overhyped, but it's not nearly as bad as most people here seem to think. I'd hazard that the loudest critics haven't even used it.

Re:Oh no, now you've done it

[hyades1]

Hi, there.

I'm a loud critic, and I work with Vista frequently. I flat-out detest it. Leaving aside all the "pretty-pretties", about which I couldn't care less, it is the most astounding resource pig I've ever encountered. I'm supposed to take a performance hit like that (and incompatibility with a lot of peripherals) for the kind of security I get by running XP Pro with ZoneAlarm and Comodo BOClean?

Except for updates, BOClean never bothers me, and ZoneAlarm asks whether or not something should be allowed to run about a hundredth as often as Vista.

I have never had a problem in two-plus years with this set-up, and I run an on-line scan every month or so to be reasonably sure I'm not kidding myself.

Vista is like a transvestite in a dark bar. It looks pretty good 'til you get close, and then it comes to you all of a sudden that you sure as hell don't want it anywhere near you.

Re:Oh no, now you've done it

[mvdwege]

I expect Twitter to come rushing out with one of his many sockpuppet accounts

Proof please?

Mart

Sure, Vista is indeed safer ..

[cheros]

.. since a lot less people run it than XP :-)

Sorry - you left that door wide open :-). Having said that, there appears to be hope at last. I read an article somewhere where someone has taken the utter total heap of crud that Sony made of Vista on its laptops (the thing that caused me to nuke it as soon as I managed to find time) into something that actually made it work, especially after Service Pack 1. IMHO, anyone who uses a new MS OS in production before the first SP has been issued should be made to admit to board level that he uses the entire company as MS beta-test site. Or, in case of Vista, alpha test.

And I hate the interface changes, every time a new OS comes out you spend weeks playing a game of menu based hide and seek with the toolset. Clever move, putting a search facility in the program list and then still making sure all program names start with "Microsoft". Duh.

But heck, most of my work can be done with OOo and Linux and most of our dev guys don't even have any MS software installed, so I probably postpone looking at it until I get brutally bored..

---

Keep up the good work, and don't bother me with it..

Mandatory Windows Logo testing

[tepples]

How would you design a system that [silently blocked unwanted software installations] while still allowing the flexibility to actually install programs when desired?

By verifying that executables have been signed by the Windows Logo Program on every machine that doesn't have a current subscription to MSDN. Yes, this would force many ISVs with fewer than 10 employees to target Ubuntu and not Windows, but the makers of BREW phones, iPhone, and Xbox 360 have already accepted this collateral damage.

</sarcasm>

Solutions?

[cluge]

27% of Vista machines were compromised

This is indeed troubling (notice position of tongue and cheek). How can we fix this? I propose a five step program

5. Electro shock all users the click "install now" without thinking
4. Remove the fingers of users that follow the links on penis enlargement spam
3. Publicly flog all users that attempt to install that "special media player" to get to "free p0rn" from a any site in the former communist block.
2. Revoke all credit card, debit card, home depot card and sears charge cards for those that purchase a fake Rolex based on an email they got
1. Remove any and all computers from folks that say "My computers running slow, you know about computers, can you look at mine"

Respectfully,
Cluge

PS - A more meaningful less painful solution would be an OS lock down - IE think a live image distro where the Hard Drive is only used to store user data. Every reboot takes you back to square one - a heavily locked down environment with basic abilities allowed, but little else.

Re:Solutions?

[maxume]

If you can identify when users click without thinking, why not just keep prompting them until you have identified that they thought about clicking?

Lockout chip business model

[tepples]

The problem is that I can hardly see an OS forbidding you to do some stuff you want at home. For example, an unmodded Xbox console cannot run a media player or video games self-published by a microISV.

Vista has been analysed and researched now

[gilesjuk]

Initially Vista was prone to security by obscurity. It is now however well researched by the makers of malware and it's business as usual.

Well

I've purposedly ran some shady programs, with antivirus disabled on Vista. No WAU prompt, nothing. Yet, my PC was infected and had processes running. It was even harder to clean out then simular virii in XP.
Al these prompts and other crap, it's useless. It's just to "make you feel secure" and "annoy the hell out of you". Effectiveness is ZERO.

Vista and UAC ..

[rs232]

"Vista suffered 121,380 instances of malware"

I thought Vista with UAC didn't get malware. Didn't Allchin say Vista didn't need any anti-virus software.

Re:Vista and UAC ..

[Colonel+Korn]

They're called cookies, not malware.

Yes, Threatfire labels tracking cookies as malware, and yes, that means this story means nothing. I'm not fan of tracking cookies, but they're not a big deal to most people.

Re:Vista and UAC ..

[Colonel+Korn]

Threatfire considers tracking cookies, like the ones from Google (aka Doubleclick) to be a 2 on a scale of 1 to 5 in terms of severity of malware. This is a junk article and really shouldn't have been posted.

What they didn't say...

[Zorque]

...was what percentage of computers are running Vista, and what percentage of attacks are specifically targeted at Windows in general, it being the most common OS by a long shot. Besides the already-mentioned fact that this company is overinflating their results to sell their product, people should be aware that malware is, these days, mainly spy- and adware. The entire goal of these programs is to deliver advertising to -or information on- the largest audience possible, i.e. the most used OS.

Re:100% of Vista machines affected with malware

[DAldredge]

I have multiple hundreds of gigibytes of video files on my computer (some in HD). What does Vista stop me from doing with those files?

Re:100% of Vista machines affected with malware

[GigaplexNZ]

and prohibiting you from accessing and modifying your own kernel, even in memory With the number of incompetent users and various different hardware configurations making supporting the OS hard enough as it is, how is preventing tampering of the core of the system a bad thing?

I saw it coming

[Kashgarinn]

... a mile away.

I'm a windows savvy user, and I've never had problems with viruses or malware, mostly because I know when to make sure what I'm about to run isn't malware.

That means I know generally what's already in my computer, and when I'm about to install or run something new, I either know it's from a legitimate source, and thus don't worry about it, or I scan the file before using it.

that's why I applaud things like the firefox virusscanner, it's actually combating the risk of infection at the point-of-entry rather than scanning everything all the time, over and over and over again, and hogging your resources while it's at it. In this regard, current virus software only helps when you've already gotten a virus and you need to clean it, which in my opinion is too late. the solution should be at the point of entry.

It's also why I hate UAC, UAC doesn't help people to understand where the point of entry of malware is, and it only teaches people to click yes to everything, or to google how to disable it.

Re:the problem is combining ...

[Iamthecheese]

I can crack Vista too! Watch this:

Attention user! To see naked celeb.jpg, just follow these easy steps:

1: Get a hammer
2:repeatedly hit your CPU
3:When you've hit it enough times, you will see the picture!

Re:100% of Vista machines affected with malware

[OhPlz]

I've used Vista since it was in beta. The DRM hasn't stopped me from doing anything. The only software I use that does get in my way is Apple's iTunes. But we can't hate on Apple, /. loves Apple because it's not MS. That's why /. can never be taken seriously. It's a humor site.

Re:But do those features actually work as intended

[Inda]

The user accounts and UAC are great. My laptop finally feels like it's mine. I can let the wife and daughter have accounts and no longer worry about them breaking anything.

>>Its only an improvement if the features work and are reliable and do not cause any other problems or side-effects.

Had tears from my youngest not so long back... Firefox updated and wouldn't restart without my admin password. She had to wait until I came home from work. I was not popular...

Great!!!

Vista hopes

[Mick+Malkemus]

Several aspects of Vista I really like. They just make sense. But the integrity of the systems makes it almost useless at this time. I tried to switch my new HPdv9000 from Vista to XP without success. Now I use my old HPdv8000 with XP, and the new shiny one with a more powerful processor , memory, etc, just sits in the corner waiting for the day that Vista comes of age................ HP in my opinion, certainly isn't listening to their customer base. Clearly they are listening to the commands of MS. Pity. If HP gave the option of XP with their new line of computers, it would have been a very good thing for all................. Now we just suffer at the hands of CEOs deciding our fate. This really sucks.

Because

[Toreo+asesino]

Having the malware say "Please run me with 'sudo installthisscreensaverlol'" isn't anything like "Click the the "yes" button to the next security prompt?

I don't see there's much difference.

Re:the problem is combining ...

[microbee]

I don't agree. No matter what security mechanism you have, if the user does not have some sense of security, there is no way he'll protect himself from malware. Once launched, the malware could do anything the user does, and that's all it needs.

My parents live in China and they barely know how to use a computer. I bought them a laptop more than two years ago, and taught them how to use msn messenger and email. I went back to China this month, and there were like 30 different kinds of malware on the laptop and IE was full of toolbars. I spent two whole days to clean them up.

It's just hopeless if the user doesn't know anything about it. They use XP but Vista wouldn't help either - they'd be baffled by the prompts as they absolutely have not got to that level of judgement. Even if they were using Linux things would not have been different (assuming people are writing malware for Linux).

Re:the problem is combining ...

[j79zlr]

The fact of the matter is that Microsoft is king because Linux software isn't even there yet when it comes to quality. Whenever you have new hardware you probably can't even use linux because the drivers haven't come out yet or are beta and/or a bitch to install. So I take it you haven't used Vista then? My scanner doesn't have working Vista drivers, it works in XP and Linux just fine. When Vista decided that my network is "local only" with no way to resolve it, I removed Vista and haven't looked back. You can argue some positive points with respect to Vista, but quality and driver support are not two of them.

Interesting proposals for sure

[Toreo+asesino]

but every OS will at some point have to relinquish admin controls to any given application at some point, at which point all the above protections become irrelevant.
Half Windows' problems stem from the fact most developers are used to writing the HKEY_LocalMachine by default, and C:\windows\system32 without hindrance; hence UAC makes more appearances than it should.

What happens if you never give true admin rights to apps? Well, you computer turns into a kiosk suddenly; inconfigurable and useless. What happens when any or some admin are given to any application? Your protections suddenly mean nothing; that's the principals of how rootkits works.

Re:Security PR

[Toreo+asesino]

Windows Update still uses ActiveX. If it is off by default, it means Vista machines won't be updated. No it doesn't. Vista Windows update is its own application. At least pretend you know something about Vista.

And that, my friends...

[patio11]

... is a +5, "Telling Slashdot what it likes to hear" moderation.

-- Posted from my Vista machine ;)

Re:100% of Vista machines affected with malware

[Colonel+Korn]

I was just thinking last night that DRM seems to, for the most part, have never actually happened, and then I tried to purchase some music on iTunes, saw the DRM on the tracks I wanted, and went to Amazon instead.

Re:the problem is combining ...

[TheVelvetFlamebait]

OK, how would you secure an OS against a user who seems eerily determined to bring down his own system? Or against a bunch of malware writers determined to do the same thing? Or both? Hardware-level DRM?

Re:Security PR

[Rogue+Pat]

BitLocker adds full-drive encryption

Please note that BitLocker is absent from all consumer editions of Windows Vista.

Standard response: direction, not magnitude

[dpbsmith]

It's the normal Dilbert-PHB situation. Only nerds worry about silly details like the magnitude of a change.

PR is happy as long as they can spin it as movement in the right direction.

"See, this proves it: Vista is more secure than XP. Way more secure. 1197764 Scoville units better!"

In "The Quantitative Analysis of Visual Information" Tufte has a wonderful phrase for graphs that show direction while distorting magnitude; he calls it "the Pravda school of information presentation." He, of course, has real illustrations from Pravda, where some set of numbers, grain production or whatever, is illustrated with pictograms that increase steadily and evenly in size, while the printed numbers next to them show that the increase, while monotonic, was huge for earlier years in the series but minuscule for the more recent years.

Users Share 50% of the Responsibility

[WebmasterNeal]

The OS can only do so much to stop spyware & malware. Sure Vista has the annoying UAC to alert users of possible malware but in the end the user still has to click yes/no.

One could argue that very little malware is written for linux or macs since there market share is only 5% and I might argue that users of linux (and possibly macs although I doubt it) are a bit smarter than your average PC user.

It would be a more useful report to compare Vista to XP.

epidemic

[Tom]

In any other population, about a quarter would be classified as an epidemic.

For windos, we shrug and say "yeah, what'd you expect?".

Think about that.

Re:epidemic

[Macthorpe]

I just thought about it, and concluded that you're full of crap.

Think about that.

Wear a condom

[kcdoodle]

I primarily run Linux.

My laptop cam with Vista over a year ago, I immediately used GParted, moved the Vista low, repartitioned, added XP, and then Ubuntu.
I have been running this setup for over a year now. I always use Linux when plugging a USB drive, going to an untrusted web-site, or anything even remotely unsafe.
I am pretty sure I have not had anything mal-ware (or even stupid-ware) installed on my laptop.
If you are sick and tired of rebuilding your system every six months or so, you have to follow the rules, just like premarital sex -- ALWAYS WEAR A CONDOM applies here too.

The only annoyance is the updates. If I haven't booted Vista in a few days, or XP for a week or so, I might as well so it can get the updates, because sure as heck an update will be forced when it is most inconvenient.

Re:Security PR

[Rogue+Pat]

I DARE any /.ers to say anything bad about the microsoft mouse, or the microsoft sidewinder joystick with real force feedback

Agreed

Obviously MS should be doing hardware

But i disagree here.

The original Xbox sounded like a helicopter taking off in my living room. The Xbox360 however sounds like two helicopters taking off in my living room. Also, remember the Microsoft phone? The Zune? The Microsoft webcam which is so poor on color balance that everyone looks like someone from the Addams Family...

Re:Security PR

[Tim+C]

Windows Update still uses ActiveX. If it is off by default, it means Vista machines won't be updated.

The Windows Update website does; neither Automatic Updates nor Vista's dedicated WU app do.

Isn't that the one that Windows Update keep bugging us XP users to download again?

No, you're thinking of the malicious software removal tool; Windows Defender is an entirely different app.

Protecting the internet against infected Vista machines... Looks like even Microsoft doesn't believe the claims about security.

How you can possibly spin a feature that has been in every single personal software firewall product I've ever used as a bash against MS I don't know. This allows you to control what connections legitimate software makes too - don't want something phoning home to search for updates? Block it. (But of course you know that, and are merely trolling)

Re:the problem is combining ...

[NickFortune]

Oh, I don't dispute that naive users can always compromise a system. But I don't think that all of Microsoft's security woes can be laid at the door of such users, any more than I buy the story that all Windows' stability issues arise from bad third party device drivers.

Moreover, I don't buy the underlying assumption, that security is an absolute, and that all systems that are capable of being compromised are equally insecure.

For what it's worth

[westlake]

This is part of what CNET has had to say in the past about PC Tools:

Spyware Doctor 5 suffers from software glitches; failed to identify or remove a test Trojan horse; returned a high number of false positive or extremely low-risk results PC Tools Spyware Doctor 2007

Microsoft is not alone in its skepticism of PC Tools' report.

Dennis Kudin, CTO of Ukraine-based Information Security Center Ltd., also dismissed PC Tools' findings in a Windows Live Spaces blog post. The malware counted in such studies often isn't a real threat, he said. The issue is serious threats, malware that runs at the system kernel level and requires administrative privileges.
"Most Windows 2000 users work as administrators by default, so they are vulnerable to any kind of threats. In Windows Vista this vital problem is solved by UAC technology. So Vista is definitely much more secure than Windows 2000 and I don't understand PC Tools' attempt to overthrow this axiom by far-fetched conclusions in their survey." Microsoft Refutes Windows Vista Vulnerability Report [May 13]

Re:Windows is basically a wrong architecture

[drsmithy]

By Design Windows is flawed.

How ?

Vista was done from ground up ripping out all old code but still has all problems in addition to UAC, BECAUSE Microsoft thinks Security is an add-on.

Vista was in no way "done from the ground up ripping out all old code" any more than OS X was.

Mac OS X thinks security is part of OS and hence Administrator is different from root.

Windows has no concept of 'root' (unlike, say, OS X, where an 'admin' user is but one step away from 'root'). Your comment is nonsensical.

One should not need UAC to install software, and the registry concept should be thrown out.

One should most certainly need UAC to install *system-wide* Applications (or you could just use the less secure OS X method where any 'admin' user can write to /Applications).

Why the fcuk should a software write to a registry?

Same reason they should write to /etc or system-wide .plists.

It was originally meant for Windows only and should have been locked out instead of allowing every joker to write to it.

Why ? The Registry is a transactional, ACL-controlled database.

If an app was never tested on NT

[tepples]

Win32 originated from the multiuser Windows NT 3.1, in 1992. The first OS to have a prototype implementation of an API is beside the point. Most applications for the home market were designed and tested not on Windows NT but on Windows 95 and Windows 98, as Microsoft didn't market NT for home use until 2002.

The API simply isn't relevant. Nearly all malware issues can be narrowed down to PEBKAC. What's the good way to solve PEBKAC without requiring the OS vendor to certify all applications with a digital signature, which certification processes have historically shut out free software?

Re:If an app was never tested on NT

[drsmithy]

The first OS to have a prototype implementation of an API is beside the point.

Uh, not when you're arguing it's a problem with the API, it's not.

I'm not sure why you think it was a "prototype", either. Win32 was NT's primary API.

Most applications for the home market were designed and tested not on Windows NT but on Windows 95 and Windows 98, as Microsoft didn't market NT for home use until 2002.

This does not excuse developers for blatantly bad practices. There is no excuse, for example, for applications spewing user-level data like configuration files through system areas.

What's the good way to solve PEBKAC without requiring the OS vendor to certify all applications with a digital signature, which certification processes have historically shut out free software?

There isn't one - at least, not within the realms of practicality.

Re:the problem is combining ...

[Auckerman]

Windows has never been nor never will be designed for the "common man". The entire Windows experience is designed entirely to be put on corporate networks. It's designed to be set up and maintained by a geek. The corporate market is the base of income for Microsoft. The users are non-technical, so there are attempts at "ease of use", but when it comes down to it, features make it into Windows because the corporate market is moving in that direction. Every now and then home users get features too, but they account for such a small amount of computer purchases that Microsoft can ignore them and rely on the network effect to force them to use Windows at home.

Linux suffers the same kind of mentality, but in a difference direction. Desktop Linux is designed for it's user base, which is programmers, network admins, and more technically inclined users. They find, on the whole, "Linux" (insert favorite distribution here) to be on par with Windows. From their point of view, they are right. My mother would highly disagree. When it comes to generic operating system environments, Linux has a STRONG advantage. The level of customization possible due to the availability of the source has allowed manufactures to created smaller integrated products that are easy to use, but generally trade a degree of functionality for that (Nokia and Asus come immediately to mind)

OS X is designed for environments where administration cost is a very big concern and for people doing design work. On the whole, Apple ignores a large part of the development community and relies on making tools that encourage specific practices. This is done under the philosophy that any developer that wants more Windows like dev environment will just end up messing up OS X, via the user and this will reflect poorly on Apple. Hence their reportedly large market share on the home user market, "it just works" when compared to its competitors is a valid comparison. Because of how they treat developers, their market will never grow outside of it's established core base.

Re:Windows is basically a wrong architecture

[DeeQ]

You do realize Sudo has nothing to do with the word super right? Or are you one of them Ubuntu users?

Re:the problem is combining ...

[NickFortune]

whoops, left the "/" off when I closed the bold tag. sorry about that.

Re:the problem is combining ...

[BlackSnake112]

If the average Joe can read (they are using a computer so I am hoping they can read), firefox on linux does something that I have yet to see in windows. Do a google search and on the results page you can see on some links "this site may harm your computer". This is a great idea. Why does firefox not due this on windows?

Why do you say that?

[argent]

Can we possibly bring ourselves to acknowledge that M$ actually brought about an improvement in PC security?

Have they? That's not demonstrated, unless by "security" you mean something related to securing more control over computers by the RIAA and MPAA with the "trusted" (another dodgy use of a word) audio/video path. People haven't been running Vista as long as XP, so they haven't had as much chance to pick up infections.

Re:What does that have to do with UAC?

[dhavleak]

Well, if I can install a program for me *as* me on windows, I don't need UAC. I don't need root to install Loki's Rune on linux. I need it for windows as it currently is. But that's a function of different installers - not of the OS capabilities. Even registry keys have ACLs in windows and it's possible to write an installer so that you can install programs on a per-user basis without needing to elevate -- its just that most windows developers choose not to write their installers this way.

As to why this doesn't work is that Windows requires access to the registry, access to the C:/Windows/system32 directory, it requires all sorts of access that it doesn't REALLY need (if there was a delineation between "System"/"Admin"/"User" roles and filesystem access. Not necessarily true. System32 contains OS binaries. An application shouldn't install anything inside system32. An exception being when an application depends on a QFE being applied to some dll in system32, or to add a system component that wasn't present. In any case installing the QFE/component even by itself (without the application) would have required you to elevate. It's the same as an installer needing to update/add an .so in some system location in linux -- the installer would need to pop a sudo prompt.

And while here, to answer BAG's point, the thing is, if you hose your system and ONLY break your data, you can restore that data or re-create it. This doesn't affect your wife's data, nor the data for your two kids. If the badness was done by Admin/root, you can't trust your OS so you must install the entire system again, THEN restore from backup YOUR data, your WIFE's data, the data for your KIDS. Good point. BUT.. :)
The solution to all this is completely unrelated to elevated privileges and file system ACLs. The proper solution is to give people a way of knowing whether or not they can trust the applications they are installing. And the answer to that is digital signatures, and roots of trust. Throwing a big-ass alert when an installer is missing a signature, or has an invalid/expired signature is what's required -- and windows and OS-X already do this (I'm not aware if linux has this infrastructure or not -- I think it doesn't). Of course, this has a cost implication to developers trying to distribute random shareware they create, but it's not prohibitive and it's a necessary step. For an average user, it's much easier to educate them to never, never ever install something that isn't signed, vs. educating them to recognize what they should and should not install (globally, locally or any which way).

Re:Security PR

[initdeep]

so Vista Ultimate isn't a consumer product?
Oh wait.......

Consider Smitfraud Malware?

[Toad-san]

All this arguing about what's malware and what's not. We don't get many Vista systems in this shop (mostly much older stuff). But I had one in the other day, totally munged .. good old Smitfraud, looked and acted just like a similar WinXP infection (with which I'm much more accustomed).

Except we couldn't get Vista working at all (past the desktop loading anyway) to even attempt manual or software cleanings. Had to wipe and reinstall from the restore partition. Apparently it was even more vulnerable to Smitfraud damage than WinXP.

Re:the problem is combining ...

[jvkjvk]

I really like how you totally miss the parent's point and go on a rant about Linux.

His point really boils down to:

1) Microsoft is aiming at the broad market - which includes quite a few ordinary people (kind of the definition of "broad market" if you think about it)

2) As such their software should be designed to be secure for that broad market.

3) Microsoft cannot then claim that their software is secure but the users are the problem

4) If they do make that claim, then by definition they have not designed the software to be secure for their target market.

This argument actually has very little to do with Linux.

About the only think that even tangentially hits upon Linux are the underlying questions - how do you create a secure system that is still usable by ordinary people, and is that even possible?

Re:Windows is basically a wrong architecture

[shentino]

I agree with you in principle, however, the chances of MS adopting a GPL based kernel are slim to none.

Would you catch Coke using a Pepsi factory?

To mod: this wasn't a troll. At worst, it was a misguided attempt at insightful.

Threatfire and cookies ..

[rs232]

Where does it say it counts cookies as malware?

"PC Tools does not guarantee that the Software will detect and/or remove all known viruses, spyware, adware, malware, Trojans, keyloggers and trackware, or locate all browser infections and tracking cookies on your computer"

Re:Threatfire and cookies ..

[Macthorpe]

Please identify the threats that are 'malware' but don't fall under any of the other categories, because that's the only way that your incredibly picky counter-point could work.

121,000 bits of malware found that aren't viruses, spyware, adware, Trojans, keyloggers... what does that leave?

Re:Threatfire and cookies ..

[rs232]

Colonel Korn said that Threatfire considers cookies as malware. I asked for a citation. I don't have to prove his point in the negative .. :)

"Threatfire considers .. cookies .. to be .. malware", Colonel Korn

Re:Threatfire and cookies ..

[Colonel+Korn]

Colonel Korn said that Threatfire considers cookies as malware. I asked for a citation. I don't have to prove his point in the negative .. :)

"Threatfire considers .. cookies .. to be .. malware", Colonel Korn 1) I've used it. It identifies cookies as malware.

2) http://www.pctools.com/mrc/infections/id/Tracking+Cookie%2528s%2529/

Notice that it ranks cookies as a 2/5 threat severity. Yes, it calls it "Adware.Advertising" and not "Malware.Advertising" but if you look you'll notice that they don't actually use the Malware.XXX tag because everything in this database is considered a piece of malware. The tags identify which type.

3) This stuff is easily available on the first page of a Yahoo search.

Slashdot is not msft bashing anymore

[walterbyrd]

In fact, when seriously contraversial news is posted, like msft cheating to get OOXML approved, the slashdot message boards often get flooded with pro-msft zealots.

Five years ago, slashdot was msft bashing, not anymore. These days there are as many pro-msft zealots as anti-msft zealots.

Doh!

[Britz]

You know why Ubuntu has much better security than Windows?

Simply because the seperation between user and root actually works. In Windows the user often need privilige escalation. In Ubuntu (and many other distros) they only need it for specific operations where the user expects that.
I don't know if that is still the case in Vista, but in XP many programs needed root level access for some reason and didn't even run in normal user accounts.

And, apart from that: Ubuntu DOES NOT train the user to always sudo and enter password all the time simply because it is needed much less. The big problem with Vista is that it asks way too often. That is meant by "Train users to always click yes".