New Malware Report Hits Vista's Security Image 258
An anonymous reader recommends a Computerworld article on a new report from Australian security vendor PC Tools. The company released figures on malware detection by its ThreatFire product, and in its user base 27% of Vista machines were compromised by at least one instance of malware. From the article: "In total, Vista suffered 121,380 instances of malware from its 190,000 user base, a rate of malware detection per system [that] is proportionally lower than that of XP, which saw 1,319,144 malware infections from a user base of 1,297,828 machines, but it indicates a problem that is worse than Microsoft has been admitting to." Microsoft hasn't responded yet to this report.
Re:the problem is combining ... (Score:5, Informative)
No matter how good your antivirus/antispyware/OS, once an idiot user figures out that by closing a certain app or clicking "yes" somewhere he can run the funny application he got by e-mail, he will do so, and the system is potentially infected.
Re:What kind of malware? (Score:5, Informative)
Re:Self-selection bias? (Score:5, Informative)
27% of all the machines were owned by a marketing company. Its sunk in.
Sudo copied Windows - hmmmm ... "Sudo was originally written by Bob Coggeshall and Cliff Spencer "around 1980" at the Department of Computer Science at SUNY/Buffalo".
As for the virus remark - Its more difficult to write Linux viruses. User level permissions are more rigorous. The browsers don't have ActiveX. People who use Linux tend to know what a firewall is; and don't click yes in reply to "would you like to install" dialogues so much.
Re:PR != Security (Score:5, Informative)
of us consider that a "good" thing.
Wait, that sounds familiar. Oh, wow! Both my post and yours are virtually identical!
Seriously, people bash UAC, but it's pretty much identical to sudo.
Re:What kind of malware? (Score:4, Informative)
To quote TFA:
"It is important to highlight that all systems used in the research pool were at the very least running PC Tool's ThreatFire and that because the technology is behavioral-based, the data refers to threats that actually executed and triggered our behavioral detection on the client machine", said PC Tools' CEO, Simon Clausen.
I don't use ThreatFire, but "behavioral-based" and "threats that actually executed" doesn't sound like a cookie. They could mean it, but it doesn't sound like it.
Re:What kind of malware? (Score:2, Informative)
Re:Vista and UAC .. (Score:3, Informative)
Yes, Threatfire labels tracking cookies as malware, and yes, that means this story means nothing. I'm not fan of tracking cookies, but they're not a big deal to most people.
Re:Vista and UAC .. (Score:3, Informative)
Re:PR != Security (Score:3, Informative)
And if doing this, the approach becomes virtually identical. Well, one difference being that I have to actually *enter* the password in e.g. Ubuntu if doing an "administrative task", while I don't have to do this and just click through under UAC if I'm an admin. However, even UAC requires an entered password if you're a non-admin. The UI will change depending on the Windows user type.
Re:What kind of malware? (Score:3, Informative)
4 :
5 : A sandbox is slightly different but can be considered to be a special case of 4 (or a virtual machine, or however else you implement it). Again,
6 :
Level 7 I consider to be a special case of level 6 ; where only the people building the OS install have valid signing keys.
ALAS
Firstly, this litany only applies to
Secondly,
Go to the back of the class, Bill [ranum.com]
To be fair, I don't think most malware writers implement their babies in
If it had a dialogue that appeared when you ran software for the first time, asking you for trust parameters, and particularly drawing attention to the lack of a cryptographic signature from a certificate itself signed by a trusted party, it might make some users think twice about running all the insidious crapware they install just for a few emoticons or screensavers.
Re:Self-selection bias? (Score:3, Informative)
gksu, which acts more or less like a GUI front-end to su, dims the background when you use it. I don't know if it's a configurable option, or how long it's been doing that, but I first noticed it a little while after Vista started dimming the screen on UAC prompts. That's what the GGP was referring to.
gksudo:
Dims screen, asks for permission to perform administrative operation, asks for password.
UAC:
Dims screen, asks for permission to perform administrative operation, asks for password if you are not administrator.
The comparison is obvious, and while sudo itself was written before permissions were even a twinkle in Mr. Gates' eyes, gksudo's current behavior does emulate Vista's.
Re:PR != Security (Score:3, Informative)