Russinovich Says, Expect Vista Malware

Hypertwist writes "Despite all the anti-malware roadblocks built into Windows Vista, Microsoft technical fellow Mark Russinovich is lowering the security expectations, warning that viruses, password-stealing Trojans, and rootkits will continue to thrive as malware authors adapt to the new operating system. Even in a standard user world, he stressed that malware can still read all the user's data; can still hide with user-mode rootkits; and can still control which applications (anti-virus scanners) the user can access. From the article: '"We'll see malware developing its own elevation techniques," Russinovich said. He demonstrated a social engineering attack scenario where a fake elevation prompt can be used to trick users into clicking "allow" to give elevated rights to a malicious file.'

Re:Why the, extra comma?

[vux984]

The comma isn't extra:
Proper punctuation for a sentence like this is:

Someone said, "Something that they said goes here."

A comma is supposed to precede the quote. If anything, one might ask, why the headline is missing the quotes. :)

Re:And ... ?

[SpaceLifeForm]

Rename files containing 'install' to something else.

Link [theregister.co.uk]

The height of stupidity from Microsoft.
Will they be able to top it?

Re:Actually

[TheCoelacanth]

(I was slightly confused by the statement that programs "can still hide with user-mode rootkits", though -- surely if a rootkit is running with LUA privs, it wouldn't be able to hide itself? I thought the whole point of a rootkit was that it allows malicious programs to maintain root (i.e. highest privilege) access undetected, which would make "user-mode rootkit" a bit of a contradiction in terms, unless I'm misunderstanding somewhere...?)

"User-mode" usually refers to everything other than the kernel. Nothing prevents a user-mode program from gaining root access. Though admittedly, from the context, it doesn't seem like he meant that.

But the website said to answer yes

[noidentity]

I was trying to print some online coupons recently and special software had to be installed. On the installation instructions, it said to run the intstaller than answer "yes" to the question it asked (obviously whether it should be allowed to modify system files). What's the use of OS security if users regularly install software which requires admin access? (due to some kind of Digital Restrictions Management scheme of course)

Re:Actually

[mrsteveman1]

The real problem is the millions of users who blindly use the system without even the most basic understanding of how it works. You would not be surprised at the number of users who can't tell a real windows dialog box from a pop up on the web warning that you "need to scan your hard drive".

As long as people literally refuse to learn anything more than the bare minimum necessary to quickly read their email, nothing will change, especially with totally incompetent systems like windows vista, which is quite possibly the worst operating system I have ever used, save for some various conveniences like the segmented networking settings and file management/organization. Vista is "better than xp", but that is still horrible.

I understand that software should "just work", but at this point in Vista's case, it doesn't. You can either keep refusing to learn, or you can protect yourself. Is it worth it to blindly trust a company that has repeatedly shown they aren't deserving of trust? Or is it worth more to users to take a small amount of time to educate themselves about the system they trust to view banking records.

Just a dare, or a double-dog dare?

[bl8n8r]

And, how would that be pronounced in Russian? Where Vista infects you.. er, I mean where you infect Vista.. er..
http://blogs.zdnet.com/Apple/?p=422 [zdnet.com]