New Malware Report Hits Vista's Security Image

What kind of malware? by J_DarkElf · 2008-05-19 21:51 · Score: 5, Insightful

Malware is not defined anywhere in the article. I know from experience that some "malware" scanners tend to mark even cookies (such as Doubleclick's) as malware, which will appear on any computer.
I would also like to see how many of these "infected" computers had UAC and automated updates turned off.

Looks like just another Vista bashing article (so it will no doubt be really popular here).

Re:What kind of malware? by Dwedit · 2008-05-19 22:04 · Score: 4, Interesting

How about Wild Tangent bundled games that come with many PCs? Those trip up the spyware detectors too.
Re:What kind of malware? by Skrynesaver · 2008-05-19 22:06 · Score: 4, Informative

Malware is not defined anywhere in the article. While incomplete it did say that:
PC Tools has publicized details of some of the malware types it has found on Vista systems during its scans, including three pages of variants based on Trojan.Agent, a few of which were described as serious. Not a definition of what they classed as malware, but 3 pages of Trojans would seem to indicate that they found something, no?

--
"Linux is for noobs"-The new MS fud strategy
Re:What kind of malware? by nozzo · 2008-05-19 22:08 · Score: 5, Interesting

Yeah this is an extremely valid point. My Vista PC had 100's of 'malware' items on, all were tracking cookies. So from that someone extrapolates Vista has poor security. sheesh.
Re:What kind of malware? by Tim+C · 2008-05-19 22:15 · Score: 4, Insightful

He didn't say that they didn't find anything, he was merely wondering if there were any details as to what exactly they did find.

He's entirely correct about the tracking cookie thing, every malware scanner I've used (apart from Windows Defender, I *think*) flags cookies as malware. My ex's new Vista laptop came with Norton pre-installed, and it flags a tracking cookie every time it runs (and only the cookie - so her laptop would possibly contribute to the report's number, despite being clean)

--
It's official. Most of you are morons.
Re:What kind of malware? by Alpha232 · 2008-05-19 22:27 · Score: 2, Funny

Next J_DarkElf will debate the page sized used, was it Letter, Legal, A4, Memo?
Re:What kind of malware? by complete+loony · 2008-05-19 22:37 · Score: 2, Interesting

Self selection bias?
How many of these machines were scanned only *because* an infection was already suspected or known?

--
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
Re:What kind of malware? by setagllib · 2008-05-19 22:39 · Score: 4, Interesting

Because Wild Tangent is spyware.

--
Sam ty sig.
Re:What kind of malware? by Jesus_666 · 2008-05-19 23:24 · Score: 3, Interesting

Spyware that's hard to defend against. Trojan-style malware doesn't need security flaws to enter the system, thus Vista's new security features won't help much against it.

--
USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
Re:What kind of malware? by LO0G · 2008-05-19 23:24 · Score: 4, Insightful

The big thing I found missing from the article is how the machine got infected.

If I download and install the cool icons for my IM client and malware comes along for the ride, is it Vista's fault that it allowed me to install it?

As far as I know, all MSFT has claimed is that Vista is more secure than XP, not that it is immune from malware.

There's nothing that an OS vendor can do to protect the user from their own actions.
Re:What kind of malware? by nschubach · 2008-05-19 23:28 · Score: 4, Funny

Slightly off topic, but your post reminded me of Dilbert today: http://www.dilbert.com/fast/2008-05-20/

Not saying there's a correlation to be made...

--
Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
Re:What kind of malware? by BadAnalogyGuy · 2008-05-19 23:40 · Score: 4, Insightful

it is immune from malware

This is key. Any OS which can run 3rd party code is vulnerable to malware. Whether the damage is restricted to the single running user or can damage anything the OS allows it to, software written for the express purpose of breaking something will work correctly given the right privileges.

So it doesn't matter if you're on Mac, Windows, or Unix, if you run code that is intent on deleting something and you give it the right permissions, it will do it.

There are various levels of protection you can offer here.

0. Let the malicious code run wild without any permission barriers
1. Run the malicious code as root
2. Run the malicious code as current user
3. Run the malicious code as special unprivileged user
4. Run the malicious code for privileged APIs and stop the malicious code on unprivileged APIs
5. Run the malicious code in a sandbox
6. Run only "signed" code
7. Do not run non-preinstalled software

As the levels go higher, the more hassle it is for users to install new software. Obviously we don't want to go back to DOS and level 0. And we've seen what happens when we run with level 1 restrictions. Running code at level 2 is a possibility, but it also leaves the user open to localized damage, specifically damage to their own accounts and data.

Microsoft decided that for their systems, a compromise between level 2 and level 1 was necessary. And in order to do anything to the system as a whole, UAC was implemented to request a means to elevate user privileges temporarily.

It's an ugly, annoying dialog, but what is the alternative? If you (the general 'you') think that another system does this better, in what ways specifically do you feel the system provides an adequate amount of protection and flexibility?
Re:What kind of malware? by Dekortage · 2008-05-19 23:54 · Score: 3, Informative

To quote TFA:
"It is important to highlight that all systems used in the research pool were at the very least running PC Tool's ThreatFire and that because the technology is behavioral-based, the data refers to threats that actually executed and triggered our behavioral detection on the client machine", said PC Tools' CEO, Simon Clausen.
I don't use ThreatFire, but "behavioral-based" and "threats that actually executed" doesn't sound like a cookie. They could mean it, but it doesn't sound like it.

--
$nice = $webHosting + $domainNames + $sslCerts
Re:What kind of malware? by Anonymous Coward · 2008-05-20 00:31 · Score: 2, Informative

ThreatFire, which is what did the analysis in the survey, does not detect cookies as it's behavior-based, it only detects "real" malware that executes (i.e. it runs as an application, which cookies don't) and does something "bad".
Re:What kind of malware? by sm62704 · 2008-05-20 00:47 · Score: 4, Interesting

If these games are spyware and are bundled with the computer, then your computer itself is malware.

Computing must be based on trust unless you have your own chip factory, and even then you have to trust your employees.

If you buy a Dell with Linux on it, Dell can preinstall any rootkits they want and there's no way anyone could find them. You would have to boot from a CD or floppy and repartition the drives and reinstall the OS. Hell, they could install a hardware rootkit and even that wouldn't work.

I'm glad I build my own PCs. I'm going back to vaccuum tubes. Where's my tinfoil hat?

--
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
Re:What kind of malware? by Blakey+Rat · 2008-05-20 01:22 · Score: 3, Insightful

I think we all agree about that.

But the point is, if HP puts it there when you buy the computer (and yes I'm calling out HP by name: my HP laptop had orders of magnitude more of that shit installed than any Dell I've ever bought), the user's not going to remove it unless they're pretty technical. And technical users probably aren't running this anti-spyware tool, anyway. So suddenly every single HP PC sold it marked as having spyware, giving their numbers a huge boost.

Of course it complicates things, seeing as Wild Tangent is actually spyware. But you can't necessarily blame the user for it being on there, and you certainly can't blame Microsoft if their OEMs pre-load spyware on the machines. In this case, it would say absolutely nothing about Windows security, since the OEM purposefully bypassed the security to load it on.

(Microsoft could try a campaign to get more control over what software is shipped with Windows computers, and then you could watch Slashdot go crazy about how evil they are. It's a no-win for them.)

P.S. Why the hell is HP still in business? Their computers are loaded to the gills with so much crap that they take 3 hours to boot the first time (I wish that was an exaggeration!). And when you put in the Windows CD to restore a clean system, HP slipstreamed the crap on the Windows CD too! And these guys are selling more computers than Dell? Do customers just like abuse?

--
Comment of the year
Re:What kind of malware? by Necrobruiser · 2008-05-20 02:19 · Score: 4, Funny

...Vista's new security features won't help much against it.
Why is it that only malware writers can write software that is Vista compatible?

--
"I planned within my means and got a fixed rate mortgage, so where's MY bailout?" -cafepress
Re:What kind of malware? by D+Ninja · 2008-05-20 02:21 · Score: 4, Insightful

Do customers just like abuse? No. The customers just don't know any better.
Re:What kind of malware? by D+Ninja · 2008-05-20 02:24 · Score: 2, Insightful

NO art is ever created in a vaccuum. "If I paint better than other men, it is because I steal from the dead."

Funny that you say this. Too many times on Slashdot I see people saying, "So-and-so company took that technical idea from someone else." However, just like art, no technology is ever created in a vacuum either...

...unless you work for Hoover.
:: ba dum tsh ::
Re:What kind of malware? by Sancho · 2008-05-20 02:32 · Score: 2, Insightful

(Microsoft could try a campaign to get more control over what software is shipped with Windows computers, and then you could watch Slashdot go crazy about how evil they are. It's a no-win for them.) Well, Slashdot's not a single entity with a single opinion. No matter what Microsoft does, there will probably be people on Slashdot that disagree with the decision.

That said, Microsoft has a history of trying to prevent competition by restricting what can be installed by OEMs. Remember the Netscape debacle? So there's a very good reason to be concerned if they tried to do this again, even if there were good intentions.

Ultimately, it's difficult to determine whether malware got onto the machine by the OEM, through phishing (which isn't easily stopped by the OS), or through a vulnerability. This is something I've alluded to before (that a high percentage of current Windows malware is almost certainly phishing), but I always get modded down for not flaming Windows.
Re:What kind of malware? by Dr_Barnowl · 2008-05-20 03:08 · Score: 2, Informative

Microsoft decided that for their systems, a compromise between level 2 and level 1 was necessary. In addition, .NET contains Code-Access-Security (CAS) mechanisms that let you get all the way up to level 6.

4 : .NET APIs are marked with permissions, and .NET assemblies can declare which permissions they need to run. System policy can restrict which applications even get to run, and allow some applications to run with restricted function.

5 : A sandbox is slightly different but can be considered to be a special case of 4 (or a virtual machine, or however else you implement it). Again, .NET will allow you to configure access : to printers, sockets, domains, DNS, environment, files, UI, storage, the registry, threading, calls to unmanaged code, printers, the event log, performance counters, database client libraries, and the data execution protection features of modern CPUs.

6 : .NET can base it's CAS policy on assemblies being signed.

Level 7 I consider to be a special case of level 6 ; where only the people building the OS install have valid signing keys.

ALAS

Firstly, this litany only applies to .NET managed code.
Secondly, .NET comes configured out-of-the-box to allow all code executed from a source on the local machine full trust.

Go to the back of the class, Bill

To be fair, I don't think most malware writers implement their babies in .NET, not least because not all users have it installed by default, even if it is a Windows Update. But it has a great code security model, marred fatally by it's default configuration.

If it had a dialogue that appeared when you ran software for the first time, asking you for trust parameters, and particularly drawing attention to the lack of a cryptographic signature from a certificate itself signed by a trusted party, it might make some users think twice about running all the insidious crapware they install just for a few emoticons or screensavers.
Re:What kind of malware? by click2005 · 2008-05-20 04:05 · Score: 2, Insightful

and you certainly can't blame Microsoft if their OEMs pre-load spyware on the machines

Why the hell not? As somebody else pointed out, MS was able to force OEMs not to install Netscape and other media players. Its in MS's best interests to stop OEMs adding crapware to PCs as it harms their image. They could easily force this by threatening to stop advantageous pricing for OEMs that do install bad software. I realise that most OEMs & system builders operate on very small margins to any extra money they get from adding the crapware is income but installing the crap hurts their image as well as Microsoft's.

It wouldn't be hard for MS to start a 'crapware free' programme like all the Vista Ready stuff they seem to do. It might get lost among all the dozens of other stickers that get plastered all over PCs these days but as more and more people are victims of identity theft & other security issues they will begin to look for these kinds of things.. or try other operating systems that are perceived to be safer.

--
I am a free slashdotter. I will not be modded, blogged, DRM'd, patented, podcasted or RFID'd. My life is my own.
Re:What kind of malware? by DarthVain · 2008-05-20 04:36 · Score: 2, Insightful

Having Vista for about a year now, I just suffered my first security problem.

Got a Trojan called Velemonde or something like that. Nasty bugger. Took hours to get rid of it (if I even did, popups stopped anyway).

However I am pretty sure it wasn't vista's fault. A more likely scenario is that when I passed out from a hard nights drinking my idiot friends that crashed the night before decided to go on the internets to some dubious websites and download everything and then run everything.

Am I going to go out and get Norton or something like that? No, I am going to set a password, and tell my friends to %$^@! off when they want access (at least when I am not there watching).

Just because you know where to go, what to download and what not to, and particularly what to run and not run, doesn't mean people that access your computer do.

I was not a happy camper yesterday. Not only did I get hosed with the Trojan, but when fixing it I did a System Restore which then nerfed my WOW install and wouldn't allow yesterdays patch... Which took almost as long to fix... what a pain in the ass.

Anyway moral of the story is no anti-virus software can protect you from drunken idiot friends.
Re:What kind of malware? by T.E.D. · 2008-05-20 05:57 · Score: 3, Interesting

Trojan-style malware doesn't need security flaws to enter the system, thus Vista's new security features won't help much against it.

Actually, I got Vista specificaly to stop that kind of malware, and its worked like a champ.

See, I'm generally sharp enough not to put malware on my own system. The problem is that my kids use the computer while I'm at work, and they like to install "free" stuff they find online. Since you can't do a damn thing in XP w/o running as admin, there was no stopping this.

With Vista UAC you can run as an unprivelged user. If a program wants to install something, it will prompt for the admin password. If its me and I really want that install to happen, I enter the admin password and it proceeds as normal. If its one of my kids running, they call me at work begging for the password, and I tell them to go jump in a lake.

I don't think this article will be popular by patio11 · 2008-05-19 21:53 · Score: 5, Funny

After all, the survey missed classifying Vista as malware -- how accurate could it possibly be?

--
Help poke pirates in the eyepatch, arr.

Re:Self-selection bias? by Ethanol-fueled · 2008-05-19 21:59 · Score: 2, Funny

Please read the article first so that the statistical numbers sink in.

Next, think about an Ubuntu install vs. a Vista install. Vista caught a lot of flak for the "cancel vs. install" thing but sudo('s GUI counterpart) is not much different, right down to the dark fade as it asks the user what to do. Since Linux clearly stole that idea from Windows, well, won't some leet folks please write a virus for Linux and level the playing field? Linux users are so tired of having nothing to painstakingly tweek.

Re:the problem is combining ... by J_DarkElf · 2008-05-19 22:01 · Score: 5, Informative

No need to slam Vista (or Windows in general) -- the problem is combining a dumb user with /any/ OS he can get admin rights on.

No matter how good your antivirus/antispyware/OS, once an idiot user figures out that by closing a certain app or clicking "yes" somewhere he can run the funny application he got by e-mail, he will do so, and the system is potentially infected.

PR != Security by pla · 2008-05-19 22:02 · Score: 4, Insightful

New Malware Report Hits Vista's Security Image

Come again? Does anyone but Microsoft actually believe Vista has an "image" of better security?

Vista has one and only one major security-impacting feature - The "Train users to always click yes" interface to privilege escalation. And I feel confident saying that very, very few of us consider that a "good" thing.

Re:PR != Security by BadAnalogyGuy · 2008-05-19 22:15 · Score: 2, Interesting

Let's say that the UAC is a mistake and users should be 1) prevented from installing programs blindly, 2) not informed when a program is attempting to run without authorization.

How would you design a system that fulfilled the two items above while still allowing the flexibility to actually install programs when desired?
Re:PR != Security by Kalriath · 2008-05-19 22:19 · Score: 5, Informative

Vista has one and only one major security-impacting feature - The "Train users to always click yes" interface to privilege escalation. And I feel confident saying that very, very few
of us consider that a "good" thing. Get users on Linux, and we'll be seeing the "Train users to always click yes (or in CLI mode, prefix with "sudo") approach to privilege escalation"

Wait, that sounds familiar. Oh, wow! Both my post and yours are virtually identical!

Seriously, people bash UAC, but it's pretty much identical to sudo.

--
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
Re:PR != Security by dhavleak · 2008-05-19 23:07 · Score: 4, Insightful

Seriously, people bash UAC, but it's pretty much identical to sudo. In fact, I can think of a scenario in which UAC is actually better than sudo:

In a social engineering attack where you download some program (malware) and run it -- the malware could spoof a UAC prompt -- if you are foolish enough to click "Allow", well, nothing really happens because the program didn't get elevated privileges (since it was a fake UAC prompt). In the sudo case, the equivalent level of foolishness has you entering your password instead of merely clicking "Allow". Result is that the malware has your password now, so it's basically Game Over.
Of course, this is probably a moot point because a better social engineering attack would actually do something causing a genuine UAC prompt (instead of bothering to spoof it). The level of foolishness required to click "Allow" is probably the same in both cases.
I guess where UAC becomes valuable is when an attacker has managed to exploit a hole, to execute code remotely without requiring you to fall foul of a social engineering attack. This way you know you haven't done anything to deserve the UAC prompt that just popped up, so you know that you should click "Deny" here. This might still fail to protect users that have absolutely no clue, but honestly they shouldn't be running an admin account anyway (and hence should not be able to elevate a process).
Re:PR != Security by JasterBobaMereel · 2008-05-19 23:31 · Score: 4, Interesting

Users should be prevented from installing programs blindly - Full stop

Users should be informed the program is trying to run as an admin and so has been killed

Users should ask to install a program, be asked for admin password to continue and then go ahead without repeated warnings ....!

Asking for permission to do something means the program was not installed properly (when installed it should request all permissions it will need), or should not be doing it

Windows Vista does all the wrong things
Prompts for permission on both installed and uninstalled programs repeatedly
treats an install the same as running a program

Linux/OSX are not perfect but seem to have got the balance more correct (mainly due to a legacy of doing the right thing and so not having to support user programs that assume full admin rights)

--
Puteulanus fenestra mortis
Re:PR != Security by clang_jangle · 2008-05-19 23:31 · Score: 2, Insightful

I thought you were asking "how can a system be made idiot-proof and still let users easily install software without having to know anything about actually using the system?"

I have no trouble with my OS X, BSD, or Linux software installs affecting security. Heck, I know some MS users who have no trouble with that.

So I guess it's like driving. Everyone thinks they can do it, but in fact maybe one in five of us can actually do it without causing problems. So incompetent people wreck their cars and have problems with the computer. Big deal. Besides, there's lots of money in that. :)

--
Caveat Utilitor
Re:PR != Security by pla · 2008-05-19 23:51 · Score: 5, Insightful

Seriously, people bash UAC, but it's pretty much identical to sudo.

Key difference - Using sudo represents an active request by the user for privilege escalation. Telling UAC to continue approves apassive request that the user might not actually have made (or known they made). When enough of them pop up at random times, it conditions the user to just say okay to make it go away - By comparison, no one would ever just randomly sudo a command for the hell of it.
Re:PR != Security by BadAnalogyGuy · 2008-05-19 23:53 · Score: 2, Interesting

To take that idea a step further, how should scripts that rely on a runtime be restricted? Let's say Perl is installed, and it requests full system access at installation. When you run a script that erases the hard drive, should it automatically run at the Perl permission level? Or should it run at the user level without automatically gaining Perl's permission level? Or should a text file be considered "executable" and require installation as well?

I agree that installed apps should not ever bring up the UAC. And that getting over the legacy app problem is a huge hurdle for MS.
Re:PR != Security by drsmithy · 2008-05-20 02:05 · Score: 2, Interesting

Part of the problem is the Vistas UAC prompts users (even local admins) far to often.
Being a "Local Admin" just means your user has the ability to elevate using UAC. It is the rough equivalent of the 'wheel' group or
%administrators ALL=(ALL) ALL
in /etc/sudoers.
If I'm a local admin on a workstation, there are certain tasks that I would expect to be prompted for (installing software, patching software, deleting file from C:\Program*\, ETC.) but changing the system time? Opening the system management MMC? This simply means that most admins will turn it off, which significantly reduces its functionality ;)
You should most certainly need elevated privileges to change the system time and run the system management tools.
Re:PR != Security by Jugalator · 2008-05-20 03:06 · Score: 2, Informative

Indeed, but if we're comparing a Windows UI feature, we should perhaps compare it to a UI feature of a Linux desktop distribution, not command lines, because the command line is already widely regarded being a barrier of entry to the users Windows is geared for.

And if doing this, the approach becomes virtually identical. Well, one difference being that I have to actually *enter* the password in e.g. Ubuntu if doing an "administrative task", while I don't have to do this and just click through under UAC if I'm an admin. However, even UAC requires an entered password if you're a non-admin. The UI will change depending on the Windows user type.

--
Beware: In C++, your friends can see your privates!
Re:PR != Security by dhavleak · 2008-05-20 03:35 · Score: 2, Informative

Except that forcing people to enter their *Admin* password to escalate their privileges also forces them to stop and think "hmmm does this program REALLY need that type of access?" Sudo and UAC both grey out the entire desktop, and pop a system modal dialog that prevents you from doing anything else until you respond to it. If that's not enough to tell the user something big is happening, the password part isn't going to help either.
Additionally if the person is not an admin for that machine, they won't be able to install the software without someone's help, ideally an individual who took the time to NOT give them an admin account for just this reason... so they wouldn't install malware by mistake. Right, and that's exactly how it works for UAC as well. If you're not an admin, your only option for installing something that requires admin access is calling an admin to help out. You won't get a UAC prompt (you have to do what's known as an 'over-the-shoulder' elevation instead, which requires the admin to enter their user/pass to "run as admin").
SUDO doesn't work if it is turned into an obligatory prompt dialogue that people just click through mindlessly. The reports of UACs annoying-ness are greatly exaggerated. As a Vista user since around launch date I can tell you I'm not used to seeing a UAC prompt at all. Patch Tuesday and Firefox updates are probably the only time I see them -- and that's exactly the way it should be.

Wait a moment... by hyperz69 · 2008-05-19 22:15 · Score: 5, Funny

Vista Had a Positive Security Image?

Re:Wait a moment... by Legrow · 2008-05-19 23:17 · Score: 2, Funny

Vista Had a Positive Security Image? 'Positive' in the 'HIV Positive' sense.

Re:Self-selection bias? by joelstobart · 2008-05-19 22:19 · Score: 5, Informative

Seriously,

27% of all the machines were owned by a marketing company. Its sunk in.

Sudo copied Windows - hmmmm ... "Sudo was originally written by Bob Coggeshall and Cliff Spencer "around 1980" at the Department of Computer Science at SUNY/Buffalo".

As for the virus remark - Its more difficult to write Linux viruses. User level permissions are more rigorous. The browsers don't have ActiveX. People who use Linux tend to know what a firewall is; and don't click yes in reply to "would you like to install" dialogues so much.

Re:the problem is combining ... by Anonymous Coward · 2008-05-19 22:19 · Score: 2, Funny

clicking "yes" somewhere he can run the funny application he got by e-mail, he will do so, and the system is potentially infected. I do not!! now for the pron... your damn right I do

Re:the problem is combining ... by NickFortune · 2008-05-19 22:24 · Score: 4, Insightful

No need to slam Vista (or Windows in general) -- the problem is combining a dumb user with /any/ OS he can get admin rights on.

I don't think that works as an excuse for Microsoft.

The trouble with that Windows is supposed to be the operating system of the common man. At least, every time Linux gets a cool feature, the Redmond apologists start roll out their hypothetical Joe Sixpacks and Great Aunt Mildreds and tell us how these ordinary people can never cope with Linux, but windows, focus-grouped to death as it is, has been designed for these exemplars of non-geekiness, and is therefore superior.

But that makes it kind of hard to blame bad security on the users. Windows is supposed to be designed with the click-on-the-dancing-monkey demographic in mind. They can't really throw their hands in the air and say "it's not us, it's the stupid users" without admitting that, really, they haven't a clue how to make a secure operating system.

--
Don't let THEM immanentize the Eschaton!

They would, wouldn't they? by Harold+Halloway · 2008-05-19 22:27 · Score: 4, Insightful

Why might "Australian security vendor PC Tools" claim this? Could they have a vested interest in saying this?

Re:They would, wouldn't they? by FamineMonk · 2008-05-19 22:43 · Score: 2, Funny

step 1: Start a support/news website.

step 2: Publish story "OMG Malware!!1!"

step 3: ????????

step 4: Profit!

Consider the source by Gadget_Guy · 2008-05-19 22:38 · Score: 5, Insightful

So a company that sells security software puts out a press release to say that you still need to buy their software even if you run Vista. I can't think of a single ulterior motive that they might have to do this!

How many of the anti-virus companies don't issue doom-and-gloom style press releases? It is just their way of drumming up business. I would rely on these figures as much as I would rely of Microsoft's "research" that might suggest that Vista is completely immune to any security issue. The truth lies somewhere in between - which shouldn't surprise anybody.

And before anyone jumps down my throat, no Microsoft didn't says Vista was that perfect.

technical limitation by CarpetShark · 2008-05-19 22:45 · Score: 5, Funny

After all, the survey missed classifying Vista as malware -- how accurate could it possibly be?

This was my first thought too. But then I realised that they've obviously omitted that fact on purpose, to solve an infinite recursion paradox:

Vista is malware
Vista can host malware
Therefore vista is self-hosting

Vista is unstable
Therefore, vista can't host a stable OS
Therefore Vista can't host itse..

Oh, never mind. It works out just fine.

Re:technical limitation by Anonymous Coward · 2008-05-20 03:04 · Score: 2, Funny

I'm running Vista, and I can confirm that it never blue scre
Re:technical limitation by CarpetShark · 2008-05-20 03:47 · Score: 3, Funny

Don't be lazy: do your own research. Just press a few keys, then refer to the blue screen.

Re:Windows is basically a wrong architecture by Anonymous Coward · 2008-05-19 22:49 · Score: 3, Insightful

Blaming the user for running as Administrator and exposing loopholes is like blaming the car driver for driving with the windows down.

Some other commenter pointed out that being trained to clicking "Yes" was comparable to running everything as super doer. Rightly so. Do you know how tremendously difficult it is to convince Peter average user to have strong passwords, to keep user accounts and administrative accounts separate, and so on? As soon as he finds out how to run programs with administrative privileges, he'll stick to this new "freedom".

By Design Windows is flawed.

So is any other OS with an UI, because they require a user. The user is the problem.

One should not need UAC to install software, and the registry concept should be thrown out.

While I agree, I do this because I think an operating system should have user accounts with no rights to install anything, and an administrative account without any GUI. Please explain Peter average user he has to use CLI to install/uninstall software. (This works with my Peters, because I manage their Linux workstations for free. But it won't work with most users.)

It will be great if Windows adopted Linux [kernel] as a base and bolted WINE as a backward way to run Windows Apps and Games.

But still, the user has to install software on the system. Unfortunately, he wants to do so without any hassle.

Comment removed by account_deleted · 2008-05-19 23:03 · Score: 5, Interesting

Comment removed based on user account deletion

Big Impact on Opinions by FurtiveGlancer · 2008-05-19 23:12 · Score: 3, Insightful

Instead of "obnoxious security" as highlighted by the apple commercial, now we have "less effective than advertised obnoxious security that's still better than XP."

Can we possibly bring ourselves to acknowledge that M$ actually brought about an improvement in PC security? It shouldn't hurt too much since it appears to be verifiable.

--
Invenio via vel creo

huh? by Peter_The_Linux_Nerd · 2008-05-19 23:30 · Score: 4, Funny

"New Malware Report Hits Vista's Security Image" -- Vista had a security image?

Re:the problem is combining ... by DigitalisAkujin · 2008-05-19 23:35 · Score: 2, Interesting

No dude lol... just plain no.

A Network admins know that the common man or woman doesn't know their computers from their asses. It's like the saying goes, PEBKAC.

The fact of the matter is that Microsoft is king because Linux software isn't even there yet when it comes to quality. Whenever you have new hardware you probably can't even use linux because the drivers haven't come out yet or are beta and/or a bitch to install.

Linux continues to be dogged down by too many deal breakers for so many people. You can have Linux be good for 15 / 20 uses and even throws in 5 - 10 new ones but the few you got left might include deal breakers for so many people. This is the challenge the open source community will need to overcome before it ever wins this war. It will eventually win though. We're only 15 years into a networked world. 60 years from now software companies will only make money from custom code.

Re:Image by Jesus_666 · 2008-05-19 23:39 · Score: 2, Funny

Or we combine the powers of water, air, earth, fire and love to form Captain Planet. Or - even better - we combine Cheetos, Coke, anonymity, too much spare time and Linux to form Captain Fanboy, with the power of writing scathing flames on Slashdot.

Of course, Microsoft could counter that by combining the powers of Soviet Russia, old Koreans, Nathalie Portman, hot grits and Cowboy Neal to form Captain Meme, who drowns out everything Captain Fanboy posts with a flood of +5, Funny posts.

--
USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)

Oh no, now you've done it by dreamchaser · 2008-05-19 23:54 · Score: 2, Insightful

I expect Twitter to come rushing out with one of his many sockpuppet accounts and attack you at any moment! How dare you cloud a perfectly good Vista bashing with a few facts! Shame on you!

Vista isn't great and was overhyped, but it's not nearly as bad as most people here seem to think. I'd hazard that the loudest critics haven't even used it.

Solutions? by cluge · 2008-05-20 00:00 · Score: 4, Funny

27% of Vista machines were compromised

This is indeed troubling (notice position of tongue and cheek). How can we fix this? I propose a five step program

5. Electro shock all users the click "install now" without thinking
4. Remove the fingers of users that follow the links on penis enlargement spam
3. Publicly flog all users that attempt to install that "special media player" to get to "free p0rn" from a any site in the former communist block.
2. Revoke all credit card, debit card, home depot card and sears charge cards for those that purchase a fake Rolex based on an email they got
1. Remove any and all computers from folks that say "My computers running slow, you know about computers, can you look at mine"

Respectfully,
Cluge

PS - A more meaningful less painful solution would be an OS lock down - IE think a live image distro where the Hard Drive is only used to store user data. Every reboot takes you back to square one - a heavily locked down environment with basic abilities allowed, but little else.

--
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.

Re:Solutions? by maxume · 2008-05-20 00:29 · Score: 2, Funny

If you can identify when users click without thinking, why not just keep prompting them until you have identified that they thought about clicking?

--
Nerd rage is the funniest rage.

Well by Anonymous Coward · 2008-05-20 00:10 · Score: 2, Insightful

I've purposedly ran some shady programs, with antivirus disabled on Vista. No WAU prompt, nothing. Yet, my PC was infected and had processes running. It was even harder to clean out then simular virii in XP.
Al these prompts and other crap, it's useless. It's just to "make you feel secure" and "annoy the hell out of you". Effectiveness is ZERO.

Vista and UAC .. by rs232 · 2008-05-20 00:10 · Score: 4, Interesting

"Vista suffered 121,380 instances of malware"

I thought Vista with UAC didn't get malware. Didn't Allchin say Vista didn't need any anti-virus software.

--
davecb5620@gmail.com

Re:Vista and UAC .. by Colonel+Korn · 2008-05-20 01:31 · Score: 2, Informative

They're called cookies, not malware.

Yes, Threatfire labels tracking cookies as malware, and yes, that means this story means nothing. I'm not fan of tracking cookies, but they're not a big deal to most people.

--
"I zero-index my hamsters" - Willtor (147206)
Re:Vista and UAC .. by Colonel+Korn · 2008-05-20 01:36 · Score: 2, Informative

Threatfire considers tracking cookies, like the ones from Google (aka Doubleclick) to be a 2 on a scale of 1 to 5 in terms of severity of malware. This is a junk article and really shouldn't have been posted.

--
"I zero-index my hamsters" - Willtor (147206)

I saw it coming by Kashgarinn · 2008-05-20 00:28 · Score: 2, Insightful

... a mile away.

I'm a windows savvy user, and I've never had problems with viruses or malware, mostly because I know when to make sure what I'm about to run isn't malware.

That means I know generally what's already in my computer, and when I'm about to install or run something new, I either know it's from a legitimate source, and thus don't worry about it, or I scan the file before using it.

that's why I applaud things like the firefox virusscanner, it's actually combating the risk of infection at the point-of-entry rather than scanning everything all the time, over and over and over again, and hogging your resources while it's at it. In this regard, current virus software only helps when you've already gotten a virus and you need to clean it, which in my opinion is too late. the solution should be at the point of entry.

It's also why I hate UAC, UAC doesn't help people to understand where the point of entry of malware is, and it only teaches people to click yes to everything, or to google how to disable it.

Re:100% of Vista machines affected with malware by OhPlz · 2008-05-20 00:38 · Score: 4, Insightful

I've used Vista since it was in beta. The DRM hasn't stopped me from doing anything. The only software I use that does get in my way is Apple's iTunes. But we can't hate on Apple, /. loves Apple because it's not MS. That's why /. can never be taken seriously. It's a humor site.

Re:the problem is combining ... by j79zlr · 2008-05-20 01:08 · Score: 3, Insightful

The fact of the matter is that Microsoft is king because Linux software isn't even there yet when it comes to quality. Whenever you have new hardware you probably can't even use linux because the drivers haven't come out yet or are beta and/or a bitch to install. So I take it you haven't used Vista then? My scanner doesn't have working Vista drivers, it works in XP and Linux just fine. When Vista decided that my network is "local only" with no way to resolve it, I removed Vista and haven't looked back. You can argue some positive points with respect to Vista, but quality and driver support are not two of them.

--
I'm not not licking toads.

And that, my friends... by patio11 · 2008-05-20 01:20 · Score: 5, Insightful

... is a +5, "Telling Slashdot what it likes to hear" moderation.

-- Posted from my Vista machine ;)

--
Help poke pirates in the eyepatch, arr.

Re:the problem is combining ... by Auckerman · 2008-05-20 02:39 · Score: 2, Insightful

Windows has never been nor never will be designed for the "common man". The entire Windows experience is designed entirely to be put on corporate networks. It's designed to be set up and maintained by a geek. The corporate market is the base of income for Microsoft. The users are non-technical, so there are attempts at "ease of use", but when it comes down to it, features make it into Windows because the corporate market is moving in that direction. Every now and then home users get features too, but they account for such a small amount of computer purchases that Microsoft can ignore them and rely on the network effect to force them to use Windows at home.

Linux suffers the same kind of mentality, but in a difference direction. Desktop Linux is designed for it's user base, which is programmers, network admins, and more technically inclined users. They find, on the whole, "Linux" (insert favorite distribution here) to be on par with Windows. From their point of view, they are right. My mother would highly disagree. When it comes to generic operating system environments, Linux has a STRONG advantage. The level of customization possible due to the availability of the source has allowed manufactures to created smaller integrated products that are easy to use, but generally trade a degree of functionality for that (Nokia and Asus come immediately to mind)

OS X is designed for environments where administration cost is a very big concern and for people doing design work. On the whole, Apple ignores a large part of the development community and relies on making tools that encourage specific practices. This is done under the philosophy that any developer that wants more Windows like dev environment will just end up messing up OS X, via the user and this will reflect poorly on Apple. Hence their reportedly large market share on the home user market, "it just works" when compared to its competitors is a valid comparison. Because of how they treat developers, their market will never grow outside of it's established core base.

--

Burn Hollywood Burn

Re:Self-selection bias? by Sancho · 2008-05-20 03:30 · Score: 2, Informative

No, he really wasn't.

gksu, which acts more or less like a GUI front-end to su, dims the background when you use it. I don't know if it's a configurable option, or how long it's been doing that, but I first noticed it a little while after Vista started dimming the screen on UAC prompts. That's what the GGP was referring to.

gksudo:
Dims screen, asks for permission to perform administrative operation, asks for password.

UAC:
Dims screen, asks for permission to perform administrative operation, asks for password if you are not administrator.

The comparison is obvious, and while sudo itself was written before permissions were even a twinkle in Mr. Gates' eyes, gksudo's current behavior does emulate Vista's.

Re:Self-selection bias? by Sancho · 2008-05-20 03:49 · Score: 2, Insightful

I don't know that it was a troll. There are a lot of people (myself, included) who think that a large part of Window's malware comes from trojans. Between the Windows firewall/NAT (helping to prevent worms from spreading) and Windows Update being on by default (somewhat mitigating exploits in Internet Explorer), non-trojan malware infections are really dropping. They're still there--from people who don't upgrade, who have older systems, etc. but they're decreasing. What's left is trojans and pre-installed malware.

But people continuously slam Windows for being insecure while touting OS X and Linux as secure alternatives. Secure? Sure, the code is good and secure, but there's no patch for gullibility.

I suggest the possibility that there are simply other factors that account for the almost total lack of malware on these systems.

First and foremost (and to get it out of the way, because it's so commonly presented) is the market share--virus writers want their viruses to run, so they target the largest markets.

Second is user education. Even with Ubuntu bringing Linux to the common man, the vast majority of Linux users are more knowledgeable about computers, and will not be as likely to fall for trojan traps. While the same cannot necessarily be said about OS X, both Linux and OS X have a history of better security architecture, which means that most operations do not require any sort of administrative access. While malware can run without administrative access, it's much harder to hide. Antivirus running as administrator will easily detect malware running as a user, and because of the history of these two operating systems (not needing administrative privileges that often) it's going to be harder to trick the user into giving up his password. That's not to say that it's impossible--and certainly there isn't a push to use antivirus on these systems anyway, but it would ultimately be a losing battle for malware authors even if the marketshare situation were different.

The upshot of all of this is that I think that if some magic happened and all Windows installations were turned into Linux installations overnight, malware authors would start targeting Linux, and the new (and largely uneducated) Linux users would fall prey just as easily, despite what OS X and Linux fans would have you believe (that somehow using the OS inherently makes you more secure.)

Of course, I'll probably be modded down into oblivion, as a troll, or flamebait, or just as overrated, but I've never seen someone post a valid counter-argument to this type of post.

Re:If an app was never tested on NT by drsmithy · 2008-05-20 04:28 · Score: 2, Interesting

The first OS to have a prototype implementation of an API is beside the point.

Uh, not when you're arguing it's a problem with the API, it's not.

I'm not sure why you think it was a "prototype", either. Win32 was NT's primary API.

Most applications for the home market were designed and tested not on Windows NT but on Windows 95 and Windows 98, as Microsoft didn't market NT for home use until 2002.

This does not excuse developers for blatantly bad practices. There is no excuse, for example, for applications spewing user-level data like configuration files through system areas.

What's the good way to solve PEBKAC without requiring the OS vendor to certify all applications with a digital signature, which certification processes have historically shut out free software?

There isn't one - at least, not within the realms of practicality.

Slashdot Mirror

New Malware Report Hits Vista's Security Image

70 of 258 comments (clear)