Russinovich Says, Expect Vista Malware 193
Hypertwist writes "Despite all the anti-malware roadblocks built into Windows Vista, Microsoft technical fellow Mark Russinovich is lowering the security expectations, warning that viruses, password-stealing Trojans, and rootkits will continue to thrive as malware authors adapt to the new operating system. Even in a standard user world, he stressed that malware can still read all the user's data; can still hide with user-mode rootkits; and can still control which applications (anti-virus scanners) the user can access. From the article: '"We'll see malware developing its own elevation techniques," Russinovich said. He demonstrated a social engineering attack scenario where a fake elevation prompt can be used to trick users into clicking "allow" to give elevated rights to a malicious file.'
Re:Why the, extra comma? (Score:2, Informative)
Proper punctuation for a sentence like this is:
Someone said, "Something that they said goes here."
A comma is supposed to precede the quote. If anything, one might ask, why the headline is missing the quotes.
Re:And ... ? (Score:2, Informative)
Link [theregister.co.uk]
The height of stupidity from Microsoft.
Will they be able to top it?
Re:Actually (Score:2, Informative)
"User-mode" usually refers to everything other than the kernel. Nothing prevents a user-mode program from gaining root access. Though admittedly, from the context, it doesn't seem like he meant that.
But the website said to answer yes (Score:5, Informative)
Re:Actually (Score:2, Informative)
As long as people literally refuse to learn anything more than the bare minimum necessary to quickly read their email, nothing will change, especially with totally incompetent systems like windows vista, which is quite possibly the worst operating system I have ever used, save for some various conveniences like the segmented networking settings and file management/organization. Vista is "better than xp", but that is still horrible.
I understand that software should "just work", but at this point in Vista's case, it doesn't. You can either keep refusing to learn, or you can protect yourself. Is it worth it to blindly trust a company that has repeatedly shown they aren't deserving of trust? Or is it worth more to users to take a small amount of time to educate themselves about the system they trust to view banking records.
Just a dare, or a double-dog dare? (Score:3, Informative)
http://blogs.zdnet.com/Apple/?p=422 [zdnet.com]