Slashdot Mirror
In Test, Windows 7 Vulnerable To 8 Out of 10 Viruses
As Windows 7's market share passes 3.6%, up from 1.9% the day before launch,
llManDrakell notes an experiment they did over at Sophos. They installed Windows 7 on a clean machine — with no anti-virus protection — with User Access Control in its default configuration. They threw at it the next 10 virus/worm samples that came in the door. Seven of them ran; UAC stopped only one baddie that had run in the absense of UAC. "Lesson learned? You still need to run anti-virus on Windows 7."
Next you'll be telling me that 8 out of 10 people who have unprotected sex with HIV-positive, syphilitic, sore-encrusted prostitutes will contract some sort of venereal disease.
Sure - just that you won't get a virus by running linux. I have yet (in over a decade of tending linux and bsd servers) had a single machine get infected.
Lesson learned - friends don't let friends run Windows.
Anyone that installs Anti-Virus on their PC and expects it to protect them from their own stupidity deserves what they get.
The greatest revenge in life is massive success.
Anyone who uses any computer (including Mac AND Linux) without anti-virus is asking for what they get.
Yeah? Can you point to ONE virus in the wild that has ever bitten any Mac or Linux user? Trojans don't count. Install Linux on your Windows box and you do NOT need any antivirus (unless you boot into the Windows side), provided you're not stupid enough to run an executable from an untrusted source.
Free Martian Whores!
Why would you need an anti-virus if you have a router whose firewall is worth a damn, have a browser that doesn't develop un-patched exploits like college kids develop acne and you don't click and run every damn executable bit of code you see on web site?
If you have a good firewall and secure applications, the only remaining way to get a virus is if you download it and run it yourself.
Virus and virus-checker free for over 8 years.
...
I have yet (in over a decade of tending windows and NT servers) had a single machine get infected.
Lesson learned - Give the same system rights to your windows users as your Linux users have, and they can't get infected even if they wanted to.
"The true measure of a person is how they act when they know they won't get caught." - DSRilk
No, people who run shit they shouldn't are asking for what they get.
I don't run a real-time scanner, it's too much of a resource hog, I do let AV do an overnight scan once a week though. I've done this for years and never had a virus. Why? Because I don't run shit I know may not be safe to run. I do not open attachments I was not expecting to recieve.
It's not as if AV software is even that effective anyway, even when it does detect threats half the time it fails miserably at dealing with it and just gives the option of deleting, and sometimes some AV software doesn't even manage that. The paradigm used for AV software is that which has been used for a couple of decades, and it never even worked particularly effectively back then, let alone now that viruses have evolved whilst AV software really hasn't. Again, the best option is really to cover all the attack vectors - don't run executables you don't trust, don't have Javascript enabled on sites you can't be sure are safe, don't open attachments you weren't expecting and so on.
Out of curiosity, how exactly do you verify that you are infection free without a scanner? Sure, you probably don't have anything overt, like a botnet hijack, but what about less obvious things like rootkits?
You should probably take your magical ninja virus detection powers and do some consulting for those poor bastards who run Norton....
The corollary to that rule is that many applications won't run because they're poorly architected and require administrative rights to run. Oh, sure, you can finagle around with permissions and get many of them to run, but is it really worth the time to work around broken software? (running Windows which itself is broken notwithstanding)
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
Viruses use security holes to get onto PCs in the first place - once the virus is running on the PC, it's got free reign. There can be absolutely no security vulnerabilities on a system and the virus usually still do what it wants if it's preloaded onto the system.
You don't need administrative privileges to do many things that viruses want to do (eg. send mail, monitor keypresses). They ran the test by loading the virus onto the machine, then letting it execute. That doesn't demonstrate that the system is full of holes - it demonstrates that the system is very good at backwards compatibility!
Let's be clear here (and the same is true for anyone running Linux), you don't know that none of your machines were infected. You know thatyou never discovered an infection.
The real "Libtards" are the Libertarians!
As a Windows (and Unix) System Administrator dealing with numerous users of the 'average' type, I must say giving users limited rights only work if the programs they need to run can do so within those rights.
We deal with a lot of industry specific software (ie. badly produced software) and many of the users need to have full access to absolutely everything in order for it to work, including mapped drives to the data!
Some of the users I support are absolutely mind-numbingly stupid. You tell them over and over to NOT do something and they do it again. You try and educate them on attachments and safe web browsing, and they don't care! Many of them will try all the risky things at work that they wouldn't do at home - because they know if they screw up their home computers they'll have to pay to get it fixed. At work, I fix them, someone else pays.
This article is not saying Windows 7 is insecure. You couldn't even come to that conclusion if you look at what they did. They ran untrusted code known to contain viruses on a Windows 7 machine. UAC only blocked those that tried to perform administrative tasks, which is what its job is. They did not try to do remote infection.
I could write a virus attached to an executable that deleted your favorites file or all of the documents in your user's document folders. This would still be a nasty virus and would not be classified as an administrative activity, thus not triggering UAC. This would not indicate any flaw in the OS or it's level of security. This is no different from any other platform, running as admin or not, if you run untrusted code, it will be able to do anything your logged in user can do.
The point of the article is that people should not pretend UAC *is* virus protection. Microsoft doesn't market it as virus protection, and people shouldn't be under the impression that UAC prevents viruses from running.
None of the 10 they picked!
The Linux community, as a whole, needs to get it's story straight. (Yeah, I'll probably get modded troll, I'm okay with that).
One day I hear Linux has great hardware support. It's not like Linux in the past, we even have *BETTER* hardware support than Windows now.
Then, the next day I hear, 'Well, yeah, Linux doesn't work; but you don't have the right hardware. You need to BUY A NEW FRIGGIN MACHINE if you want to bank on Linux working without spending hours trying to get it to work.
Which is it? It can't be both.
They got some malware, and ran it. If these malware did not need elevated privileges, they are expected to run. You download a bash script from the net that goes "\rm -rf ~" and then complain that your $home is hosed? I am not sure the test is fair. Did the malware get root privileges? Did they do any damage that simple plain process with user privilege could not do? Unless such things happened, this test amounts to nothing more than testing backward compatibility of some old binaries in new OS. Duh.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
I can't, but google can:
[...]
http://images.google.nl/search?q=osx+virus+in+the+wild
I guess you did not bother to actually check the search results, right?
Because I can't find any report about a real virus in the wild.
Oh, by the way, Google says Barack Obama is a Jew:
http://www.google.com/search?rls=en&q=barrack+obama+jew
(Hint: He's not.)
Please remember that the vast majority of hardware and peripherals are designed from the ground up to work with Windows and that most computers are sold with Windows preinstalled and preconfigured.
How do you design a piece of hardware "from the ground up" to work with a particular OS ?
On what OS can you run viruses written for that OS, which will not run? RTFA; they ran virus.exe on Windows 7 and were gobsmacked that they ran. This is FUD and/or a slashvertisement for Sophos..
// MD_Update(&m,buf,j);