Slashdot Mirror
In Test, Windows 7 Vulnerable To 8 Out of 10 Viruses
As Windows 7's market share passes 3.6%, up from 1.9% the day before launch,
llManDrakell notes an experiment they did over at Sophos. They installed Windows 7 on a clean machine — with no anti-virus protection — with User Access Control in its default configuration. They threw at it the next 10 virus/worm samples that came in the door. Seven of them ran; UAC stopped only one baddie that had run in the absense of UAC. "Lesson learned? You still need to run anti-virus on Windows 7."
Anyone who uses any computer (including Mac AND Linux) without anti-virus is asking for what they get. Especially with the number of good free anti-virus programs available for Windows, there is no excuse not to have one either way. I use Avast Home Edition. It's free (just registration required), fast, and small-footprint. Even if 9/10 viruses would be blocked by UAC, an anti-virus program that blocks the last one is worth it.
Is this supposed to be a surprise?
For one, they watered down UAC. Second, UAC won't do anything if the virus simply attaches itself to your user account, instead of the whole system. UAC is supposed to help keep malware gaining admin rights and infecting your system, not to stop it from running.
Next you'll be telling me that 8 out of 10 people who have unprotected sex with HIV-positive, syphilitic, sore-encrusted prostitutes will contract some sort of venereal disease.
So, for (1) Windows 7 is very similar to Vista, with a lot of code reuse, and (2) the people who develop viruses target *almost exclusively* windows, so how would the need to run an antivirus on a new version of windows ever be something you would doubt?
~dijjnn
Windows 7 had 1.9% market share before launch?
""Lesson learned? Don't run Windows 7."
Oh, wait, that would challenge the iron law of commercial software reviews, of not considering alternatives.
I am officially gone from
"The next 10 samples that came through the door". 8 out of 10 zero-day windows viruses infected an unprotected machine? The most surprising thing to note out of this is that two of them failed right out of the box. The calibre of virus writers isn't what it used to be if they're not working on launch day.
"The true measure of a person is how they act when they know they won't get caught." - DSRilk
So 8/10 viruses don't require administrator permissions and conform to Windows development standards. If only the rest of the software industry had such high standards.
So which version of Windows 7 was tested? TFA does not specify. Was it X64?
For those of you as confused by the numbers as I was:
-Only 8 of the 10 successfully ran on Windows 7, the other 2 failed to even start
-Of the 8 that successfully started, 1 was blocked by UAC
Was the Windows Firewall up? If not, how many of these viruses would've made it through the default Windows Firewall settings? Or were these all of the "double click this attachment" variety?
Bullshit. Microsoft made the same claim when they made the switch from 16-bit to 32-bit - "Viruses will be a thing of the past." 64 bits is not "magic pixie dust" - it's just the size of a native integer or memory pointer on your cpu.
New tests show that software written for Windows runs on Windows! Copycat studies have also shown conclusively that software written for Macs run on Macs and software written for Linux runs on Linux! More at 11.
I'm running several macs, both at home and at work, and the only time I've ever run an anti-virus on any of them was at the request of my ISP last month - there was a report of a virus originating from my home IP address. I downloaded and ran the latest ClamAV, and of course there was no virus on the machine, it was a spoofed IP address...
Over the past 5 years, that's the only time I've ever run a virus check. It came up with 0 viruses. I conclude that the likelihood of me getting a virus on a mac is still small compared to my XP box, which every time I run a virus check flags *something* new as wrong/suspicious. Sometimes I can even tell if the something is innocuous or dangerous...
Slashdot likes to say that anecdotal evidence is meaningless (which of course it is), but when a sufficiently large collection of anecdotes all say the same thing, we call that consensus. The general consensus is (I believe) that Macs are a lot less likely to be infected than Windows boxes, so your 'Anyone who uses any computer (including Mac AND Linux) without anti-virus is asking for what they get' statement is in fact news to me.
Simon
Physicists get Hadrons!
So...what's the best anti-virus software for Windows 7?
Bullshit. Microsoft made the same claim when they made the switch from 16-bit to 32-bit - "Viruses will be a thing of the past." 64 bits is not "magic pixie dust" - it's just the size of a native integer or memory pointer on your cpu.
no, majorme is right... 64-bit does make a big difference since you're not allowed (even as an admin with elevated privileges) to run kernel level code that's unsigned. 64-bit Vista/Win7 is more resilient to malware than 32-bit Vista/Win7.
3.9%.
Three ... ... ...
point
nine
percent.
That's almost thirty nine per thousand!!!!
Take that, linux! Mwwwwahhahahahaha!
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
The One And Only Solution, kids, is to only run executable code you can trust.
I don't have the time to discuss what this entails, but I can start you off with one source of software you definitely can not trust...
"Most people, I think, don't even know what a rootkit is, so why should they care about it?"
Did the account set up on Vista / Win7 have an administrator role, or was it a "normal user" account? By not disclosing that, Wisniewski is only giving us half the story.
!#@%*)anks for hanging up the phone, dear.
So in Vista, UAC had only two settings: On and off. When it was on the system functioned with real separate privileges. You had to escalate to perform administrative actions. Ok well people bitched and whined and bitched and whined about that since you had to do it for things like changing file permissions or accessing system control panels. Thus Microsoft relented and watered it down for 7, having two settings in between on and off. It is set to one of those by default. More or less it asks for permissions for a program trying to get admin access, but not a user initiated operation.
A machine without AV is vulnerable to viruses!
News at 11!
Talk about a useless piece of FUD...
Windows 7 won't have any of the security issues that plagued previous versions.
You can trust me on that.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
Viruses use security holes to get onto PCs in the first place - once the virus is running on the PC, it's got free reign. There can be absolutely no security vulnerabilities on a system and the virus usually still do what it wants if it's preloaded onto the system.
You don't need administrative privileges to do many things that viruses want to do (eg. send mail, monitor keypresses). They ran the test by loading the virus onto the machine, then letting it execute. That doesn't demonstrate that the system is full of holes - it demonstrates that the system is very good at backwards compatibility!
Badda bing...
If you're not checking, how do you know you're virus-free?
is the biggest security hole yet the greatest strength of any OS/Software. If virus writters had to rebuild for a new OS/Software each time it came out...they would almost always have to start over every time from scratch. There are still viruses from the Win95 days that will still infect XP SP3 machines (not sure about vista/7). So surprising...no...not in the least.
They could have at least tested it with Security Essentials . . . it's freely available to Windows users.
And yet the post at the Sophos blog says: "On October 22nd, we settled in at SophosLabs and loaded a full release copy of Windows 7 on a clean machine. We configured it to follow the system defaults [emphasis mine] for User Account Control (UAC) and did not load any anti-virus software." The point is that they installed Windows with the defaults like 99.999% of the users out there would do.
My mom is probably a typical Windows user, and when she eventually installs "the new Windows", I'm willing to bet she'll just go with the defaults. Because it's easy. So if the default install of Windows 7 doesn't include & configure Security Essentials by default, then this test reflects what real users will see.
Sure, they could have done a followup test to install Microsoft's Security Essentials, then see how that would have fared with the same 10 viruses. But these guys sell their own anti-virus software, so I don't really expect them to take the extra step.
Of course it'd still run viruses. Can you imagine the kind of anti-trust allegations that would be thrown at Microsoft if suddenly nobody needed anti-virus? lol.
I went to TFA (the fine article, in this case) and it made perfect sense. Windows 7 isn't virus compatible in 2 cases. In another case, UAC actually works as expected. I was actually a bit depressed that the other seven 'old' viruses worked just fine. Like some other slashdotters, home is OS/X and Linux, but I still have to go to work and put up with servers and workstations that halt when the virus checker goes off. This is at least as bad as the garbage collector delays of early Java.
Think global, act loco
Somewhat common sense real life lessons dont work in the same way when you talk about software. Ok, shooting yourself in the right foot hurt, but maybe the problem is the foot you picked and not that you shoot yourself, so put a bandage that could make it a bit less painful and, keep shooting yourself that the problem is definately not there, maybe shooting in the other foot, arm or head wont hurt at all.
In other news, running "sudo rm -rf /" as may cause migraines in up to 90% of linux administrators.
XML is a known as a key material required to create SMD: Software of Mass Destruction
Slashdot should have a Wall of Shame for programs that are like this.
Kodak Easy Share is my pick.
It's NOT me! It's the meds! I'm on 1000mg of Fukitol.
Seriously, this guy is almost pathological in his determination to distribute as much FUD as possible about Windows.
Taco: Fire this retard. The stuff he posts is NOT news for nerds. It is thinly veiled, and ineffective, smear pieces. Real stories about OS problems are interesting. Kdawson's FUD isn't.
In one of the more detailed reviews (perhaps Ars Technica?) they mentioned that to keep the UAC warnings down, they let some actions taken while running as administrator proceed without an alert unlike Vista... so UAC basically has its own bypass.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
The only reason people get viruses on Windows is because they steal it!
http://news.slashdot.org/story/09/11/02/2342258/Microsoft-Links-Malware-Rates-To-Pirated-Windows?art_pos=20
It's simple; they must have been testing with a pirated copy of Windows 7!
In my experience online scanners do a pretty reasonable job. I like Trendmicro's housecall http://housecall.trendmicro.com/
Antivirus software vendor has reached the conclusion that you still NEED antivirus software.
This article is not saying Windows 7 is insecure. You couldn't even come to that conclusion if you look at what they did. They ran untrusted code known to contain viruses on a Windows 7 machine. UAC only blocked those that tried to perform administrative tasks, which is what its job is. They did not try to do remote infection.
I could write a virus attached to an executable that deleted your favorites file or all of the documents in your user's document folders. This would still be a nasty virus and would not be classified as an administrative activity, thus not triggering UAC. This would not indicate any flaw in the OS or it's level of security. This is no different from any other platform, running as admin or not, if you run untrusted code, it will be able to do anything your logged in user can do.
The point of the article is that people should not pretend UAC *is* virus protection. Microsoft doesn't market it as virus protection, and people shouldn't be under the impression that UAC prevents viruses from running.
Oh, right. It'd eat into the market share of their free product. Windows Live Onecare, you say? Discontinued.
The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
It could also just as easily read: "Two out of every ten virus writers deploy their work without testing it first."
I have a question.
I have read arguments that antivirus is essentially blacklisting, and that blacklisting makes no sense for security. If you run an exclusive club, you make a list of who IS allowed in. You don't try to list everyone in the world who ISN'T allowed in.
The argument say that the same should be true of programs - instead of trying to keep an up-to-the-second list of all 5 trillion viruses in the world, why not keep a list of the 50 programs that SHOULD be allowed to run, and assume that anything else is bad?
This makes logical sense to me, but (apparently) it isn't done. I assume it's much harder than it sounds. Can anyone explain this?
Only simple minded idiots think Mac's dont get viruses.
... couldn't find sufficient system resources to run?
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Yes, but the 64-bit architecture has nothing to do with it. They took steps to increase security and only applied them to the 64-bit version because that was going to wreak enough havoc on compatibility that they might as well go all the way at that point.
How are sites slashdotted when nobody reads TFAs?
Microsoft has already limited the CPU cores and speed along with limiting max RAM installed on Netbooks running Windows 7 Starter so this is gonna hurt. Now that it's been proven they need anti-virus running too we'll have to see what kind of performance comparisons with Linux are going to get scripted for Microsoft. The big question should be what anit-virus software is running during the tests.
So, if the hardware people want out of the limits set by Microsoft then they will need to pay for the full version of Windows 7 too. That means higher hardware costs due to the need for increased performance to run Windows 7 safely and the higher cost of the OS. Another nice move pushing people to Linux Microsoft.
LoB
"Anyone who stands out in the middle of a road looks like roadkill to me." --Linus
Lesson learned: don't execute random questionable crap on your computer and you can almost certainly live without AV.
... you can use your preferences to choose which authors you do or do not want to see stories from. If you dislike KDawson's choice of stories so much, you can opt to not display them. Hell, you have a lower UID than I do, and this feature has been available for the entire time I have been a member here. Why you don't know about it is beyond me; why you opt not to use it is even more of a mystery.
Or you can just continue trolling. The choice is yours.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
You still need to run anti-virus on Windows 7
There's a classic example of abductive reasoning. I do not have to run anti-virus on Windows 7 because I don't, nor do I ever plan to run Windows 7.
Yes, even Mac and Linux need (and regularly run) anti-virus software... If the role demands it.
Grandma running a Mac to check her email and (gah!) facebook will likely never need it.
Linux running a mail server absolutely needs to have and run it. It would be downright irresponsible not to, regardless of whether the Linux server was vulnerable to any of the viruses coming through or not.
and to also throw in my "who is surprised by this?"... You mean to tell me that they are surprised that windows software, written to specifically take advantage of a "feature" of windows, still runs on the newest version of windows, which is only minimally different from previous versions of windows, and was written specifically to remain as compatible as possible with previous windows software?... Hmmm
I'm guessing only 8 out of 10 apps work too.
You call this a test worthy of coverage here? The guy don't even state whether he's using 32-bit version which I suspect is the case. This won't happen on 64-bit Vista/7.
So, do you run 64-bit Vista/7 without antivirus? Whats your IP address? ;-)
Some days I get the sinking feeling Orwell was an optimist.
Even if 9/10 viruses would be blocked by UAC, an anti-virus program that blocks the last one is worth it.
Thing is no AV program gets every virus. Like UAC they get most but not all.
Falcon
Should there be a Law?
Only simple minded idiots think Mac's dont get viruses.
Are you saying Macs running OS X can get viruses? Because it's obvious that Macs running windows can get them.
If you are saying OS X viruses exist can you give a few examples? I've never seen or heard of such a thing.
"Lesson learned? You still need to run anti-virus on Windows 7."
Or you could start by turning up the UAC level.
People complain that UAC in Vista was too intrusive, so MS turned it down by default. Now people are complaining that it doesn't do enough.
Exactly. I don't run an anti-virus programs either at home, and I think the last virus I got was in 2000. I tried WinClam, or ClamWin or w{ever}tf it is called recently just to verify everything was OK.
If I do download a program, I try to find an open source version first, or failing that, look at it in hexdump to see if it looks suspicious.
I would say the main reason is that web browsing is safer these days.
i.e.
adblock, noscript, and good 'ol host blocking from http://www.mvps.org/winhelp2002/hosts.htm
Bullshit. Microsoft made the same claim when they made the switch from 16-bit to 32-bit - "Viruses will be a thing of the past."
They did ? Do you have a cite ?
What about this virus on my system called svchost.exe?
I've been running windows for longer than I want to think about (yeah, I'm a glutton) without AV. A separate firewall , a couple of basic precautions, and not running shit you aren't 100% certain of is the only antivirus you need. This applies on any system, it really doesn't matter what the OS is.
If you insist on clicking to see the bunny, or running downloaded software from un-verifiable sources... then no AV will protect you for long.
So yeah - "no news". But not because "using any computer without AV is asking for what they get", but because when you download and run a virus yourself, you get what you deserve -- whining that the OS isn't protecting you (as done in the article) is just stupid. Use your brain and don't expect the OS (or AV) to think for you.
Windows 7 is backwards compatible!
They got some malware, and ran it. If these malware did not need elevated privileges, they are expected to run. You download a bash script from the net that goes "\rm -rf ~" and then complain that your $home is hosed? I am not sure the test is fair. Did the malware get root privileges? Did they do any damage that simple plain process with user privilege could not do? Unless such things happened, this test amounts to nothing more than testing backward compatibility of some old binaries in new OS. Duh.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
You don't need to run code in the kernel to infect a machine, so the claim that "this won't happen with 64-bit vista/7" is still bullshit, and your defense stinks just as much.
Just recently had to edit the Host file. (Local DNS file).
Could not save it because of UAC, and didn't get a UAC prompt either, had to give up and disable UAC first.
trackballs suck as bad as those "natural keyboards" that were all the fad years ago.
I'll take a trackball over a mouse almost everyday. I used to use mice then I tried to use a trackball. At first it was awkward so I put it away. Later I got a new one and tried again. It took a little while to adapt but once I did that was that, now I won't give up my trackball for a mouse, you can pry it from my cold dead fingers. I have 2 now for my laptop, one stays on my desk and the other is in my backpack.
Falcon
Should there be a Law?
And hey look at that list, Sophos is not present!
Also, looking up the sophos site, their images look like they try to sell security solutions to people who are clueless on security.
I call FUD campaign.
You still need to run anti-virus on Windows 7."
Or, alternately, DON'T INTENTIONALLY RUN VIRUSES ON YOUR COMPUTER. Geeze.
You dont look hard enough
http://www.symantec.com/norton/security_response/writeup.jsp?docid=2009-110309-3638-99
http://www.symantec.com/security_response/writeup.jsp?docid=2007-110101-2320-99
http://www.symantec.com/security_response/writeup.jsp?docid=2006-021614-4006-99
Also, there was a torrent of a mac program recently that a lot of people downloaded and the keygen contained a virus. i think it was an iLife suite torrent...
Seriously. Everyone. With viruses, the problem is always PEBKAC.
You still need seat belts in cars with airbags, fire departments for neighborhoods with fire resistant code compliance, and ambulances even if a doctor lives next door.
I mean, really . . . this is stupid.
What exactly do they mean by "threw at it the next 10 virus/worm samples that came in the door"?
How, exactly, did the viruses get on the machine?
opening mail attachment?
viewing website in ie?
msn?
wmp?
running naked exe?
or just connecting to internet?
If I understand it correctly, they simply run an infected executable and watched if malware (it's not always viruses - judging by names in TFA, most are in fact trojans) was up and running afterwards.
As you rightly point out, there's no surprise there. Of course, if you run a malicious binary, it can do everything it wants with the privileges of the user it's run under - that's just as true on Linux, OS X or OpenBSD. And of course a well-written trojan doesn't really need anything more than that - the privileges will be enough for it to set up a remote connection point, steal user documents/settings/history/cache and other sensitive data, and participate in a botnet. It won't be able to infect OS binaries that way, of course, so no rootkit, but in practice it's not even needed in majority of cases.
So, TFA can be summed up as, "You can run binaries from untrusted sources in Windows 7. Said binaries can be malware, and can perform malicious actions within the limits of your user account."
You can get a virus without using a web browser. There's email, there's files that are available over the local lan ...
It's still well below the posters' claim that viruses are impossible on 64-bit systems. That was just total foolishness, same as Microsofts' claim years ago that viruses could never work in a 32-bit protected-mode environment.
All the promotional material for Window95. It may even have been on the install screens for Win95b. I remember that they also claimed (wrongfully) on the install screens that Window95 was "the fastest windows ever", even though it was slower than Windows 3.1 on the same hardware. Much slower.
Here's proof of concept from 3 years ago, though: http://news.techworld.com/security/5392/worlds-first-os-x-virus-hits-apple/
....so since I keep getting infected, I guess the bleach must be rubbish :-)
I'm also puzzled as to how everyone is suddenly taking an AV company's reports at face value - or does everyone suddenly agree with Symantec that MS were being terribly unfair when they locked down the kernel?
It's also worth noting that MS provide a free AV tool which is, by the accounts I've read, quite good....not that anyone's going to take any notice when there's another opportunity to plug Linux - plugs which will be ignored by nearly everyone not already using it,, as usual - if you'd all made more of a fuss of the alternatives to wIndows when it mattered - e.g. when O/S 2 had a chance, it might have made a difference :-)
I dont recall seeing MS claim win7 was virus proof...
Flappinbooger isn't my real name
Just stop running the damn viruses! It would have been 0/10 if they hadn't run them!
Seriously - I've been using 95/98/NT4/NT5/NT5.1 machines for over a decade, and I've never had a single virus. My anti-virus solutions are always installed with all of the (system breaking) protection disabled, and I just run a scan occasionally. Ditto for Amiga software prior to that. Ditto for the Linux servers I run.
Simple caution when installing things and prudent use of firewalls keeps away five nines of problems. Don't torrent l33t 0-1 day w4r3Z. Don't run cracks*. Don't use sketchy peer-to-peer software. When downloading free/oss/shareware, download only trusted, well known software, and download it directly from the source. Run md5 or sha sums, just in case. Don't let any children use your machine, or friends, or other sorts of retards, err, infection vectors. Don't use HTML-enabled email clients (I'm looking at you, Outlook), or if you do, use webmail products with a safe(ish) browser.
* If you absolutely have to, use only serial-generating ones, and run those from a secured emulated environment or system that gets re-ghosted after each serial run. It's easier just to buy the software or switch to a F/OSS solution though.
This is proof slashdot is biased, do you notice how slashdoters like to pick on Windows? You'd never see an article talking about people having problems with Ubun... wait... fuck...
But... the future refused to change.
That's what you get when you skip regression testing.
Give them time. They'll get the last two working again in the next service pack.
Never shake hands with a man you meet in a fertility clinic.
....except the marketing guys call it "4% market share". ZING!
I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
So, the article says 8 out of ten, and so does the summary title. The summary says that 7 out of 10 viruses ran. Last i checked, 7/10 != 8/10. Oh wait, it's Windoze, it must depend on the square root of the number of minutes until the next hour.
You log into your bank account using an unprivileged process. Firefox doesn't run with Administrator access. This means that a non-Administrator Trojan can steal your bank account password without so much as a UAC dialog coming up.
Making your machine a zombie in a botnet doesn't require Administrator access either, assuming that the back door listens on a port higher than 1023.
Sure, it might be easier to clean, assuming you know it's there. Most of the viruses I run into that are stealing our customers' credentials aren't even detected by the anti-virus companies yet.
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
I have never encountered WiFi cards that did not work
The Ubuntu forums are filled with people having trouble getting their WiFi working. That was one of the problems I ran into for installing Jaunty on my Mac. I found solutions but wifi doesn't work out of the box so to speak. There are other hardware problems such as with fan control, touchpad, the Apple keyboard, sound, and suspend
I am sorry but I do not understand you. Maybe I am a little dumb, but it' s actually true what I said. I pointed out facts... I think it's for the better not to lie and point at the problems...
You may of pointed out how things went for you but you did not point out the facts of others, Fact is is Ubuntu and other Linux distros have trouble with some hardware. Before installing any Linux distro on a computer it's wise to make sure there is compatibility with the hardware Linux will be installed on. Which is what I've been doing in order to prepare for when I install Ubuntu myself.
>But if I walk into BestBuy after work *today* and I grab any piece of hardware, off the shelf, it will come with a disk that provides drivers for Windows. How many will include drivers for Linux?
None because they are included with distro's, so what's the problem?
As linked to above Linux does not come with drivers that work with all hardware. That's why it's also recommended people try out a live disk before trying to install Linux. If a Live CD works then Linux can be installed with a minimum of fuss.
As we used to say in construction, measure once, measure again, and measure a third tyme before cutting. Measuring 3 tymes first then making a cut is better than measuring once, cutting, then having to measure and cut again.
Falcon
Should there be a Law?
Man, this is a "well fucking DUH!" moment.
Chas - The one, the only.
THANK GOD!!!
Trust me.
If you reply, do so only to what I explicitly wrote. If I didn't write it, don't assume or infer it.
I run without AV, and I haven't had a virus in years.
How do you know you've never had malware if you don't run AV software?
Falcon
Should there be a Law?
The linux of the past HAS had better hardware support than Windows on occasion, I started using it in 1995 so that my 14000bps modem could run at top speed instead of the 9600bps that MS Windows limited me to. Then there's the stupid situation where even 32bit Vista did not support the Pentium Pro and newer CPUs so imposed a less than 4GB limit which every other OS had been able to exceed for a full decade.
In other words you really do not have a clue what you are talking about. Nearly all MS windows compatibility with hardware is due to work by the various hardware manufacturers.
Hitting Google is apparently easier than doing research. I went through the articles on your "osx+virus+in+the+wild" link, and what I found on the first pages was...
None of these (except possibly Inqtana-A) would be a threat to semi-competent users, and the only article that isn't from 2006 is the garbled wiki page.
Now if you want some actual research on Mac OS X viruses, you can check a vendor's site:
http://www.sophos.com/security/analyses/viruses-and-spyware/search-results/?search=OSX&action=search&x=0&y=0
Interestingly, what the site won't tell you is that most (if not all) of these viruses are phantom menaces; you have to Google each one yourself for that kind of detail. Many are proof-of-concept never seen in the wild, and most exploit holes already patched in the OS. All are trojans that require serious PEBKAC to run, even the only two known "worms" for the plantform -- Inqtana and Tored.
Inqtana, a virus one that got some notoriety and media attention is an example of all three -- a proof of concept (with an expiration date) that attacked an old hole in the Bluetooth stack and which required victims to consent to accept the download from an infected machine. Tored was an email worm that required you to execute an attachment on a very stupid looking spam email payload. Both are basically glorified trojans -- nothing on par with Conficker.
Now, trojans aren't complete non-issues, but savvy computer users currently have very little to fear from running a Mac w/o AV software since there are currently no self-instantiating viruses for the platform in the wild. Don't download pirated software (and risk something like iWorkS which hides itself in installers for certain programs), and don't trust installers where none should be present.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
I thought windows 7 introduced full ALSR (address space layout randomization) with windows core software protected against stack smashing as well with canaries? Just as GRSecurity patched Linux or a smart OS like OpenBSD by default How can these viruses work against full ALSR and protection against stack smashing?
Anyway, I certainly wouldn't disagree with the claim that 'Linux has much better support for seven year old hardware'. My objection is that the hardware support is presented as being both infinitely better than Windows *and* so bad you need special Linux hardware....at the same time.
OK, this I can understand. Because Linux developers have had a while to work on drivers for old hardware the drivers are available not new hardware won't have drivers available for some tyme, unless the manufacturers release drivers themselves or release the info on how it works so others can develop drivers.
Falcon
Should there be a Law?
Oldest PC I've personally installed Vista on dated from early 2000. Worked fine (albeit a bit slow - though a $30 video card fixed that).
Was the PC top of the line and maxed out when it came out?
Falcon
Should there be a Law?
Thanks, you made me think of something. I use a host file to block ads but looking at the page linked to I thought of adding the IP the pings that keep on coming from to the host file as well.
Falcon
Should there be a Law?
Vista's security was overrated. So, apparently, is Win7's.
This comment might not be around for long, because a good way to get your commenting status on Lifehacker revoked, or to get modded down to "Flamebait" on Slashdot, apparently, is to question whether Win7 is all it's cracked up to be. I hold the seemingly-illegal view that Win7 is basically Vista with some of the really ugly stuff patched up a bit. I might consider moving over to it at around SP2. Certainly not before.
I've calculated my velocity with such exquisite precision that I have no idea where I am.
Backwards Compatibility.
-The world would be a better place if everyone had a hoverboard
"Windows 7 vulnerable to 8 out of 10 viruses"
It's missing a 9! Where is the 9? It's supposed to be between the 8 and the 10! Where is it???
Headline would be perfect if there was a 9 in the proper place. >_>
Let q be a radix > 1. I am in ur base-q, killing 10 d00ds.
I guess you did not bother to actually check the search results, right?
Because I can't find any report about a real virus in the wild.
I wonder if you didn't do the same you accuse GP of not doing. The second result for http://images.google.nl/search?q=osx+virus+in+the+wild is Mac users face first OS X virus in the wild. Now anyone who knows what they're doing shouldn't get infected. As New MacOS X trojan/virus alert, mostly a non-event says it takes some clicking and seems to be a "proof of concept". Now Tech Q and A: Are Macs Vulnerable to Virus Attacks? is an interesting read.
Falcon
Ooh, don't get the idea I'm a shill, for MS, Linux, or anybody else and don't like Macs. I'm typing this on my MacBook Pro and of the 7 new computers I've owned it's the best.
Should there be a Law?
I don't know about you, but I have lovely process explorer app from sysinternals. Nice program. When watching TV/etc, I keep it up and I watch my IO/Network/Memory/CPU usage. Because I know every program that loads with windows and I know what to expect from every executable/service running. I know when/why they use a resource. If a service/whatever is reading the HD or using CPU time or network, if it doesn't have a reason, it's a dead process.
Can't rootkits hide from things like scanners and Windows?
Falcon
Should there be a Law?
Slashdot likes to say that anecdotal evidence is meaningless (which of course it is), but when a sufficiently large collection of anecdotes all say the same thing, we call that consensus. The general consensus is (I believe) that Macs are a lot less likely to be infected than Windows boxes, so your 'Anyone who uses any computer (including Mac AND Linux) without anti-virus is asking for what they get' statement is in fact news to me.
While Linux and Macs are more secure and less likely to become infected it's better to be safe than sorry. Even new AV software doesn't put much if any strain on current Macs.
Falcon
Should there be a Law?
Who is that stupid to pay MORE for a product to be compatible with earlier releases...
Home - Pro
What's up with that? To be able to use your old XP applications, you'll have to pay (lots) more!
I'll stick to os X for now on and if this PC would natively support os X, windows would already be history!
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
I think you can thank the antivirus companies for this one. Were microsoft to include enough tools and antivirus with their operating systems, suddenly all antivirus makers would be crying foul and shouting monopoly and the like, as their markets would suddenly dry up. It happened in the past when MS was pushing windows defender and trying to integrate it deep into their OS.
Microsoft is in a hell of their own making. For years they have more or less taught users that:
*The way to install software is to pop some keywords into a search engine, and then run an un-trusted executable.
*The normal installation procedure involves clicking "yes" or "ok" on loads of dialogue boxes without reading them.
*Each app has its own installation procedure and it is perfectly normal that you have to do things you normally would not in order to get things
working.
That is only the tip of the iceberg of course. Hiding file extensions, executing apps by double clicking the file, programs changing your system configuration without asking you ... Microsoft made it all seem normal, thereby opening the floodgates for all kinds of social engineering attacks. I have no idea how they are going to solve the problem now. If you spend years teaching people to do things one way, you can't just go "uhm we fucked up, do it this way instead" and expect people to trust you.
They taught users to be negligent about security, taunting it as a usability advantage ( Windows "just works" ), and now they are trying to undo the damage without losing face. "Good luck with that."
Windows 7 runs all my legacy appications! (and viruses)
Yup. I'm also one who doesn't run with a virus scanner on a day to day basis. Once or twice a year, I've run online scanners or something like malware bits, and I've never found anything on my system. If you're careful about what executables you run, and you keep good entry point security (e.g. firewall, noscript) then you're pretty unlikely to get something. This works for a case where you're not too worried about someone actively trying to get into the system. If it's known that you've got something people want (valuable private information, critical services) then you're playing a different game.
"Ran" can mean "totally pwned the computer", but "ran" can also mean "started execution but couldn't do much other than start spamming/portscanning" (which is, admittedly, bad enough). UAC is designed to prevent pwning computers, not stopping execution, so I'd like to know which happened.
I'm proud of my Northern Tibetian Heritage
If you don't know what you're doing, you need to run antivirus. These "tests" were performed by actually running the executables. I don't consider that a vulnerability - If you invite murderers and rapists into your home is that fault of your security system or is it your own damn fault?
AccountKiller
"Run" probably the double standard version of it. If the user downloads an exe from a pr0n site then runs it, it's Window's fault. If a Linux user downloads a script off the web that has "rm -rf", it's the user's fault.
What this "test" comes down to is they ran some virii/malware and they found out some malware tries to run as admin and some malware only runs as the current user. OMG! I told Windows to run a program and it listened to me!! Shame shame MS. Next time make Windows not listen to me because I'm too stupid to use a computer.
Car analogy: Your car should know when you hit the gas, you really should have hit the breaks and the car should have automatically slammed on the breaks for you when hit the gas because you're too stupid to operate a car.
This should give some insight into the problems with Linux and how it could be addressed: for all it's strengths, it's not something people want. They want Windows, despite it's weaknesses. Make Linux wantable, watch market share change dramatically.
The problem with Linux's market share is that few PCs sold in stores come with Linux installed. And not many people have heard of Linux. Sure geeks and hackers on Slashdot have but they are not the typical computer user. Also most people do not necessarily want Window but think they need it. Talking with others about computers I've heard a lot of complaints about their PCs, and almost every tyme the problem is Windows. When I ask them if they thought of trying Linux or a Mac I'm asked if they can run MS Office, they say they have to have Office. When asked why they can not give an example of what only Office can do except Office macros, while Open Office can use Excel macros macros for Word have to be rewritten. There is also WordPerfect Office, Lotus SmartSuite, and other office suites.
Simply many people have the perception they need Windows because they need MS Office.
Make Linux wantable, watch market share change dramatically.
Fact is is no one knows what Linux's market share is. Estimates are Linux has a market share in the single digits on desktops with Linux, and Apache, having large shares of servers. Even with internal servers though it's hard to know how many MS Windows servers there are because IT departments of businesses and other users of servers switch from Windows and IIS to Linux and Apache without telling others. There have been articles linked to on Slashdot about how the London and New York Stock Exchanges have moved from MS Windows and .net to Linux and other open source platforms. The London Stock Exchange not only switched to Linux but actually bought the company that developed the trading system the exchange will use.
Falcon
Should there be a Law?
So, have we finally figured out why it is called Windows 7? Is it in fact because it runs 7 out of 10 viruses? I see a pattern here... I can't wait for Windows 10 !
Only 8 out of 10 programs designed to run on Windows OS worked? What was wrong with the other two?
www.google.com microsoft and viruses and "thing of the past".
The fact my Mac can get a virus running WinXP is just more proof to me that WinXP is the culprit. Luckily it doesn't take much to delete that partition and reinstall Windows.
I suspect installing IIS may increase chances of compatibility.
I think you underestimate just how much I just dont care.
No. What you are talking about is a trojan horse, not a virus. Trojans are programs someone tricked the user into running: trojans are not self-replicating. You did get it partly correct. As you said, worms transmit themselves through the network. Usually through security holes in the target systems.
A virus spreads by infecting parts of files/disks, and when those files/disks are carried to another system, the virus can spread to the new computer. A boot sector virus puts itself into the area the BIOS loads and executes on startup.
Executable viruses hide themselves into another file (such as an .exe installer), and will infect another system if the new system runs the file. They will also reinfect a system you just cleaned if you mistakingly save an infected file and run it after the cleaning.
Malware can be both a virus and a worm and a trojan, though it seems most people these days just call everything a virus--including trojan horse programs.
www.google.com microsoft and viruses and "thing of the past".
There is nothing on the first page of results to support the claim.
Not as hard as trolls.
Falcon
Should there be a Law?
For Linux their might be a binary driver, if you are lucky, but if not you are stuck with a working system but with no extras and your system working unaccelerated ...
And here I was looking for and thinking of getting an external high resolution graphics card. Something like the ViDock 2.
What I find weird about the ViDocks are that they are compatible with Macbook Pro revisions 1, 2, and 4 but not 3 which is what I have.
Falcon
Should there be a Law?