6786536
story
Comments: 843 +- Technology: In Test, Windows 7 Vulnerable To 8 Out of 10 Viruses on Tuesday November 03, @04:33PM
Posted
by
kdawson
on Tuesday November 03, @04:33PM
from the take-your-shots dept.
from the take-your-shots dept.
background: url(//a.fsdn.com/sd/topics/topicsecurity.gif); width:59px; height:78px;
security
background: url(//a.fsdn.com/sd/topics/topicwindows.gif); width:49px; height:65px;
windows
background: url(//a.fsdn.com/sd/topics/topictech2.gif); width:60px; height:80px;
technology
As Windows 7's market share passes 3.6%, up from 1.9% the day before launch,
llManDrakell notes an experiment they did over at Sophos. They installed Windows 7 on a clean machine — with no anti-virus protection — with User Access Control in its default configuration. They threw at it the next 10 virus/worm samples that came in the door. Seven of them ran; UAC stopped only one baddie that had run in the absense of UAC. "Lesson learned? You still need to run anti-virus on Windows 7."
Related Stories
Without followers, evil cannot spread.
-- Spock, "And The Children Shall Lead", stardate 5029.5
All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2010 Geeknet, Inc.
I'm shocked! (Score:5, Insightful)
Next you'll be telling me that 8 out of 10 people who have unprotected sex with HIV-positive, syphilitic, sore-encrusted prostitutes will contract some sort of venereal disease.
Re:I'm shocked! (Score:4, Funny)
And the other 2 with their left hand.
Parent
Re:I'm shocked! (Score:5, Funny)
What about ambidextrous people. I'm just asking.
Parent
Re:I'm shocked! (Score:4, Funny)
Damn it, just make up your mind people!!!
Parent
Re:I'm shocked! (Score:5, Funny)
Think of it from the wife's perspective.
They've been good and faithful for ten years, and BAM, syphyllis, HIV, and herpes.
Because they KNEW their husband wasn't a dirty cheating bastard.
Can tell you're not married. No woman who's been married for 10 years still has sex with her husband.
Parent
Interesting market share stat there (Score:5, Funny)
Windows 7 had 1.9% market share before launch?
High quality! (Score:5, Funny)
Re:May require admin privileges anyway (Score:5, Informative)
So you are somewhat right, but mostly wrong. Malware could trick a trusted program into bypassing UAC and autoelevating, but after elevation the malware won't be able to interact with the trusted program anymore. And since all the trusted programs require a second user interaction before doing anything after elevation, tricking a part of Windows into auto-elevating doesn't help malware at all.
Parent
In other exciting news... (Score:5, Funny)
Re:In other exciting news... (Score:5, Funny)
...software written for Linux runs on Linux
After years of experience, I can say that this is not always the case.
Parent
More data needed (Score:4, Insightful)
Is this really surprising? (Score:5, Insightful)
Viruses use security holes to get onto PCs in the first place - once the virus is running on the PC, it's got free reign. There can be absolutely no security vulnerabilities on a system and the virus usually still do what it wants if it's preloaded onto the system.
You don't need administrative privileges to do many things that viruses want to do (eg. send mail, monitor keypresses). They ran the test by loading the virus onto the machine, then letting it execute. That doesn't demonstrate that the system is full of holes - it demonstrates that the system is very good at backwards compatibility!
In Test, Kdawson Posted 10 out of 10 FUD Stories (Score:5, Informative)
Seriously, this guy is almost pathological in his determination to distribute as much FUD as possible about Windows.
Taco: Fire this retard. The stuff he posts is NOT news for nerds. It is thinly veiled, and ineffective, smear pieces. Real stories about OS problems are interesting. Kdawson's FUD isn't.
Big surprise (Score:5, Funny)
Missing the point of the article (Score:5, Insightful)
This article is not saying Windows 7 is insecure. You couldn't even come to that conclusion if you look at what they did. They ran untrusted code known to contain viruses on a Windows 7 machine. UAC only blocked those that tried to perform administrative tasks, which is what its job is. They did not try to do remote infection.
I could write a virus attached to an executable that deleted your favorites file or all of the documents in your user's document folders. This would still be a nasty virus and would not be classified as an administrative activity, thus not triggering UAC. This would not indicate any flaw in the OS or it's level of security. This is no different from any other platform, running as admin or not, if you run untrusted code, it will be able to do anything your logged in user can do.
The point of the article is that people should not pretend UAC *is* virus protection. Microsoft doesn't market it as virus protection, and people shouldn't be under the impression that UAC prevents viruses from running.
You still need to run anti-virus on Windows 7 (Score:5, Funny)
You still need to run anti-virus on Windows 7
There's a classic example of abductive reasoning. I do not have to run anti-virus on Windows 7 because I don't, nor do I ever plan to run Windows 7.
Stupid test? (Score:5, Insightful)
Re:Not News!! (Score:5, Insightful)
Sure - just that you won't get a virus by running linux. I have yet (in over a decade of tending linux and bsd servers) had a single machine get infected.
Lesson learned - friends don't let friends run Windows.
Parent
Re:Not News!! (Score:5, Insightful)
I have yet (in over a decade of tending windows and NT servers) had a single machine get infected.
Lesson learned - Give the same system rights to your windows users as your Linux users have, and they can't get infected even if they wanted to.
Parent
Re:Not News!! (Score:5, Insightful)
The corollary to that rule is that many applications won't run because they're poorly architected and require administrative rights to run. Oh, sure, you can finagle around with permissions and get many of them to run, but is it really worth the time to work around broken software? (running Windows which itself is broken notwithstanding)
Parent
Re:Not News!! (Score:5, Informative)
When you have little or no say in what software gets selected for use but are required to maintain local support for the same software as well as maintain the security of the network, it is not a waste of time at all. You do not give users Admin privileges. You give them the permissions they require to do their job and no more. That's basic best practice.
It's really not even that difficult to figure out. Nine times out of ten, the program either wants to write to HKLM\Software\$appname or wants to write to two or three configuration or log files in %programfiles%\$appname. About a quarter of the time (IMX) the documentation contains detailed information about what permissions are necessary. After that it's merely a case of using the various SysInternals monitors to figure out what's causing the problem. Between Xcacls and regini it's not difficult at all to script the changes. I typically maintain a single script which checks for the presence of each application and, if found, applies the necessary permissions changes.
Parent
Re:Not News!! (Score:4, Insightful)
The Linux community, as a whole, needs to get it's story straight. (Yeah, I'll probably get modded troll, I'm okay with that).
One day I hear Linux has great hardware support. It's not like Linux in the past, we even have *BETTER* hardware support than Windows now.
Then, the next day I hear, 'Well, yeah, Linux doesn't work; but you don't have the right hardware. You need to BUY A NEW FRIGGIN MACHINE if you want to bank on Linux working without spending hours trying to get it to work.
Which is it? It can't be both.
Parent
Re:Not News!! (Score:5, Insightful)
Please remember that the vast majority of hardware and peripherals are designed from the ground up to work with Windows and that most computers are sold with Windows preinstalled and preconfigured.
How do you design a piece of hardware "from the ground up" to work with a particular OS ?
Parent
Re:Not News!! (Score:5, Insightful)
Let's be clear here (and the same is true for anyone running Linux), you don't know that none of your machines were infected. You know thatyou never discovered an infection.
Parent
Re:Not News!! (Score:5, Insightful)
As a Windows (and Unix) System Administrator dealing with numerous users of the 'average' type, I must say giving users limited rights only work if the programs they need to run can do so within those rights.
We deal with a lot of industry specific software (ie. badly produced software) and many of the users need to have full access to absolutely everything in order for it to work, including mapped drives to the data!
Some of the users I support are absolutely mind-numbingly stupid. You tell them over and over to NOT do something and they do it again. You try and educate them on attachments and safe web browsing, and they don't care! Many of them will try all the risky things at work that they wouldn't do at home - because they know if they screw up their home computers they'll have to pay to get it fixed. At work, I fix them, someone else pays.
Parent
Re:Not News!! (Score:4, Insightful)
On Windows you can get along without AV, too. The three main vectors for malware to get on your machine are:
I have followed these practices for about ten years, without ever using AV, and I have never had malware on my machine. Avoiding AV is important to me, because I play fast-paced online games.
That said, 99% of Windows users absolutely should be using AV, because my third point (not clicking dumb) requires technical sophistication most people lack.
TL;DR: You don't need AV if you know what you're doing.
Parent
Re:Not News!! (Score:4, Funny)
You don't need a virus if you have Linux. Just upgrade to the next version. That will take down your machine way quicker than getting a virus...
Parent
Re:Not News!! (Score:4, Insightful)
Parent
Re:Not News!! (Score:5, Insightful)
Anyone who uses any computer (including Mac AND Linux) without anti-virus is asking for what they get.
Yeah? Can you point to ONE virus in the wild that has ever bitten any Mac or Linux user? Trojans don't count. Install Linux on your Windows box and you do NOT need any antivirus (unless you boot into the Windows side), provided you're not stupid enough to run an executable from an untrusted source.
Parent
Re:Not News!! (Score:5, Informative)
Parent
Re:Not News!! (Score:4, Informative)
Parent
Re:Not News!! (Score:5, Informative)
Exactly.
From GP:
Well there go the vast majority of Windows viruses, too.
In fact, from the test they did...
- didn't run
Troj-Bredo-M
W32/Autorun-ATK
Troj/Banker-EUT
-- Ran
Troj/FakeAV-AFY
Mal/EncPk-KY
Mal/EncPk-KP
Troj/Agent-LIW
Troj/FakeAV-AFX
Troj/Zbot-JN
W32/Autorun-ATC
So 6/10 were definite Trojans (Troj/). I.e. some piece of software saying it's all sorts of good stuff, but in reality is a virus.
Then there's the Autoruns - last I knew, autorun, even on Vista, by default doesn't open a darn thing. So I guess either they changed Autorun settings, or they simply told Windows to run the program (a virus).
Lastly, the Mal/EncPk ones. They're deemed malware because they're packaging and encryption signatures that often get used by malware authors (even though they have legitimate uses, blabla). What do they envelop?
Mal/EncPk-KY: sadly sophos' site doesn't detail, but other sites will tell you that this, too, is a Trojan with Bredolab blargh.
Mal/EncPk-KP: "About this threat: The Trojan arrives as an attachment in fake e-card messages, with text as follows"
So that's 8/10 trojans, and 2/10 that might as well be classified as such unless I'm wholly mistaken about autorun.
Again GP:
That's the real issue - and one that applies to any operating system.
Not saying Windows isn't less secure.. on the other hand, I don't remember Microsoft suggesting that UAC was a 100% solution against viruses. Just against those that try to do admin-y things when you yourself aren't running as admin. That's usually the thing people point out with Linux "it can't infect the rest of the system". Well that's great - but that won't stop it from, for example, turning your machine into a spam zombie as long as the user is allowed to send e-mail.
Parent
Re:Not News!! (Score:5, Informative)
The funny thing is the article you cite doesn't mention any virus for Linux or OS X that is in the wild. It talks about malware, which it claims is increasing, but does not list any specific item. It doesn't say if any of the malware is a virus or if any of it is propagating in the wild. You've failed in that regard.
Parent
Re:Not News!! (Score:5, Insightful)
I can't, but google can:
[...]
http://images.google.nl/search?q=osx+virus+in+the+wild [google.nl]
I guess you did not bother to actually check the search results, right?
Because I can't find any report about a real virus in the wild.
Oh, by the way, Google says Barack Obama is a Jew:
http://www.google.com/search?rls=en&q=barrack+obama+jew [google.com]
(Hint: He's not.)
Parent
Re:Not News!! (Score:5, Insightful)
Why would you need an anti-virus if you have a router whose firewall is worth a damn, have a browser that doesn't develop un-patched exploits like college kids develop acne and you don't click and run every damn executable bit of code you see on web site?
If you have a good firewall and secure applications, the only remaining way to get a virus is if you download it and run it yourself.
Virus and virus-checker free for over 8 years.
Parent
Re:Not News!! (Score:5, Insightful)
Out of curiosity, how exactly do you verify that you are infection free without a scanner? Sure, you probably don't have anything overt, like a botnet hijack, but what about less obvious things like rootkits?
You should probably take your magical ninja virus detection powers and do some consulting for those poor bastards who run Norton....
Parent
Re:Not News!! (Score:4, Interesting)
Parent
Re:Not News!! (Score:4, Insightful)
On that note, if a virus did sit idly doing nothing for years on end, why would I care that I had it?
That would already make it 10X better than running McAfee to avoid getting it.
Parent
Re:Not News!! (Score:5, Informative)
Anyone who uses any computer (including Mac AND Linux) without anti-virus is asking for what they get.
Yep, I've been "asking for what I get", and getting what I ask for, by running Macs without anti-virus for almost 25 years now.
I use Avast Home Edition. It's free (just registration required), fast, and small-footprint.
Yeah, I'll pop that right onto my Macs, especially after reading these five-star reviews [cnet.com]. Five reviews with one star each makes five stars, right?
Parent
Re:Not News!! (Score:4, Funny)
Anyone who uses any computer (including Mac AND Linux) without anti-virus is asking for what they get.
HAH! What else? Should Slashdotters buy boxes of condoms, just in case?
Parent
Actually, that is sort of news (Score:4, Informative)
Over the past 5 years, that's the only time I've ever run a virus check. It came up with 0 viruses. I conclude that the likelihood of me getting a virus on a mac is still small compared to my XP box, which every time I run a virus check flags *something* new as wrong/suspicious. Sometimes I can even tell if the something is innocuous or dangerous...
Slashdot likes to say that anecdotal evidence is meaningless (which of course it is), but when a sufficiently large collection of anecdotes all say the same thing, we call that consensus. The general consensus is (I believe) that Macs are a lot less likely to be infected than Windows boxes, so your 'Anyone who uses any computer (including Mac AND Linux) without anti-virus is asking for what they get' statement is in fact news to me.
Simon
Parent
Re:Not News!! (Score:5, Insightful)
No, people who run shit they shouldn't are asking for what they get.
I don't run a real-time scanner, it's too much of a resource hog, I do let AV do an overnight scan once a week though. I've done this for years and never had a virus. Why? Because I don't run shit I know may not be safe to run. I do not open attachments I was not expecting to recieve.
It's not as if AV software is even that effective anyway, even when it does detect threats half the time it fails miserably at dealing with it and just gives the option of deleting, and sometimes some AV software doesn't even manage that. The paradigm used for AV software is that which has been used for a couple of decades, and it never even worked particularly effectively back then, let alone now that viruses have evolved whilst AV software really hasn't. Again, the best option is really to cover all the attack vectors - don't run executables you don't trust, don't have Javascript enabled on sites you can't be sure are safe, don't open attachments you weren't expecting and so on.
Parent
Re:Not News!! (Score:5, Insightful)
None of the 10 they picked!
Parent
Re:Not News!! (Score:5, Informative)
Been running AVG for years, but ever since I installed SE it's caught shit in video files before they've even finished downloading. As well as a couple JavaScript attacks from websites I wouldn't think twice about visiting. I can't even remember the last threat AVG found aside from cookies.
Parent
MS did by default (Score:4, Informative)
So in Vista, UAC had only two settings: On and off. When it was on the system functioned with real separate privileges. You had to escalate to perform administrative actions. Ok well people bitched and whined and bitched and whined about that since you had to do it for things like changing file permissions or accessing system control panels. Thus Microsoft relented and watered it down for 7, having two settings in between on and off. It is set to one of those by default. More or less it asks for permissions for a program trying to get admin access, but not a user initiated operation.
Parent
Re:MS did by default (Score:5, Informative)
That's why some things still require two steps. The 'first click' causes explorer (or whatever part of Windows you're dealing with) to automatically elevate and switch to a high integrity level. But since that click could have been injected by unprivileged malware, rather than an actual mouse click, the program then requires a 'second click' confirmation. Since it's running at a high integrity level now, that second click can only come from other high privilege programs or drivers. One special case is the UAC settings control panel... that places itself into a high integrity level immediately so that malware can't inject keystrokes to turn off UAC.
Parent
Re:Firewall? (Score:5, Interesting)
Side thought: Of course, this WAS written by Sophos, an AntiVirus marketer. One could hardly expect them to choose viruses/worms that cast "naked Windows 7" in a good light, now could they?
Parent
Re:Firewall? (Score:5, Informative)
The things "non-admin" stops are the important things, like installing drivers, installing rootkits, installing LSPs, hooking system files, patching system files, etc etc etc. THOSE are all that matters. If you have a computer set up for the family to use with a non admin account (on XP), the point isnt that you think itll prevent them from getting crapware, its that the crapware wont affect other parts of the system (hopefully).
Its also a hell of a lot easier to remove viruses installed with non-admin priveleges-- the difference is night and day. Non admin viruses usually just stick a single entry (maybe 2) in the startup list, and SysInternals Autoruns or HijackThis cleans that in about 15 seconds. Admin-installed viruses tend to take on the order of 15-30 minutes of manual removal, or booting into linux, or running combofix, or some combination of the 3, and if you screw up once and miss a file the whole thing reinstalls.
FWIW Im an IT consultant (part of my job is helpdesk) and I have yet to deal with a nasty virus / rootkit on Vista. XP on the other hand, I've seen viruses that took 45 minutes to remove even with tools like SDFix, the SysInternals suite, and launching ubuntu to manually remove the infected DLLs sorting by date.
Parent
Re:Best anti-virus next? (Score:4, Insightful)
So...what's the best anti-virus software for Windows 7?
Disconnect it from the network.. You asked..
Parent
Re:Error in summary (Score:5, Insightful)
Parent