New Malware Report Hits Vista's Security Image 258
An anonymous reader recommends a Computerworld article on a new report from Australian security vendor PC Tools. The company released figures on malware detection by its ThreatFire product, and in its user base 27% of Vista machines were compromised by at least one instance of malware. From the article: "In total, Vista suffered 121,380 instances of malware from its 190,000 user base, a rate of malware detection per system [that] is proportionally lower than that of XP, which saw 1,319,144 malware infections from a user base of 1,297,828 machines, but it indicates a problem that is worse than Microsoft has been admitting to." Microsoft hasn't responded yet to this report.
Re:What kind of malware? (Score:5, Interesting)
Re:What kind of malware? (Score:5, Interesting)
Re:PR != Security (Score:2, Interesting)
How would you design a system that fulfilled the two items above while still allowing the flexibility to actually install programs when desired?
Re:What kind of malware? (Score:3, Interesting)
Self selection bias?
How many of these machines were scanned only *because* an infection was already suspected or known?
Re:What kind of malware? (Score:5, Interesting)
Comment removed (Score:5, Interesting)
Re:What kind of malware? (Score:4, Interesting)
Re:PR != Security (Score:5, Interesting)
Users should be informed the program is trying to run as an admin and so has been killed
Users should ask to install a program, be asked for admin password to continue and then go ahead without repeated warnings
Asking for permission to do something means the program was not installed properly (when installed it should request all permissions it will need), or should not be doing it
Windows Vista does all the wrong things
Prompts for permission on both installed and uninstalled programs repeatedly
treats an install the same as running a program
Linux/OSX are not perfect but seem to have got the balance more correct (mainly due to a legacy of doing the right thing and so not having to support user programs that assume full admin rights)
Re:the problem is combining ... (Score:3, Interesting)
A Network admins know that the common man or woman doesn't know their computers from their asses. It's like the saying goes, PEBKAC.
The fact of the matter is that Microsoft is king because Linux software isn't even there yet when it comes to quality. Whenever you have new hardware you probably can't even use linux because the drivers haven't come out yet or are beta and/or a bitch to install.
Linux continues to be dogged down by too many deal breakers for so many people. You can have Linux be good for 15 / 20 uses and even throws in 5 - 10 new ones but the few you got left might include deal breakers for so many people. This is the challenge the open source community will need to overcome before it ever wins this war. It will eventually win though. We're only 15 years into a networked world. 60 years from now software companies will only make money from custom code.
Re:PR != Security (Score:2, Interesting)
I agree that installed apps should not ever bring up the UAC. And that getting over the legacy app problem is a huge hurdle for MS.
Vista and UAC .. (Score:5, Interesting)
I thought Vista with UAC didn't get malware. Didn't Allchin say Vista didn't need [theinquirer.net] any anti-virus software.
Re:What kind of malware? (Score:5, Interesting)
Computing must be based on trust unless you have your own chip factory, and even then you have to trust your employees.
If you buy a Dell with Linux on it, Dell can preinstall any rootkits they want and there's no way anyone could find them. You would have to boot from a CD or floppy and repartition the drives and reinstall the OS. Hell, they could install a hardware rootkit and even that wouldn't work.
I'm glad I build my own PCs. I'm going back to vaccuum tubes. Where's my tinfoil hat?
Re:PR != Security (Score:3, Interesting)
Part of the problem is the Vistas UAC prompts users (even local admins) far to often.
Being a "Local Admin" just means your user has the ability to elevate using UAC. It is the rough equivalent of the 'wheel' group or /etc/sudoers.
%administrators ALL=(ALL) ALL
in
If I'm a local admin on a workstation, there are certain tasks that I would expect to be prompted for (installing software, patching software, deleting file from C:\Program*\, ETC.) but changing the system time? Opening the system management MMC? This simply means that most admins will turn it off, which significantly reduces its functionality ;)
You should most certainly need elevated privileges to change the system time and run the system management tools.
Re:If an app was never tested on NT (Score:3, Interesting)
The first OS to have a prototype implementation of an API is beside the point.
Uh, not when you're arguing it's a problem with the API, it's not.
I'm not sure why you think it was a "prototype", either. Win32 was NT's primary API.
Most applications for the home market were designed and tested not on Windows NT but on Windows 95 and Windows 98, as Microsoft didn't market NT for home use until 2002.
This does not excuse developers for blatantly bad practices. There is no excuse, for example, for applications spewing user-level data like configuration files through system areas.
What's the good way to solve PEBKAC without requiring the OS vendor to certify all applications with a digital signature, which certification processes have historically shut out free software?
There isn't one - at least, not within the realms of practicality.
Re:What kind of malware? (Score:4, Interesting)
Actually, I got Vista specificaly to stop that kind of malware, and its worked like a champ.
See, I'm generally sharp enough not to put malware on my own system. The problem is that my kids use the computer while I'm at work, and they like to install "free" stuff they find online. Since you can't do a damn thing in XP w/o running as admin, there was no stopping this.
With Vista UAC you can run as an unprivelged user. If a program wants to install something, it will prompt for the admin password. If its me and I really want that install to happen, I enter the admin password and it proceeds as normal. If its one of my kids running, they call me at work begging for the password, and I tell them to go jump in a lake.