Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New Malware Report Hits Vista's Security Image

kdawson posted more than 6 years ago | from the cracks-in-the-armor dept.

Windows 258

An anonymous reader recommends a Computerworld article on a new report from Australian security vendor PC Tools. The company released figures on malware detection by its ThreatFire product, and in its user base 27% of Vista machines were compromised by at least one instance of malware. From the article: "In total, Vista suffered 121,380 instances of malware from its 190,000 user base, a rate of malware detection per system [that] is proportionally lower than that of XP, which saw 1,319,144 malware infections from a user base of 1,297,828 machines, but it indicates a problem that is worse than Microsoft has been admitting to." Microsoft hasn't responded yet to this report.

cancel ×

258 comments

Sorry! There are no comments related to the filter you selected.

What kind of malware? (5, Insightful)

J_DarkElf (602111) | more than 6 years ago | (#23472842)

Malware is not defined anywhere in the article. I know from experience that some "malware" scanners tend to mark even cookies (such as Doubleclick's) as malware, which will appear on any computer.
I would also like to see how many of these "infected" computers had UAC and automated updates turned off.

Looks like just another Vista bashing article (so it will no doubt be really popular here).

I don't think this article will be popular (5, Funny)

patio11 (857072) | more than 6 years ago | (#23472852)

After all, the survey missed classifying Vista as malware -- how accurate could it possibly be?

technical limitation (5, Funny)

CarpetShark (865376) | more than 6 years ago | (#23473138)

After all, the survey missed classifying Vista as malware -- how accurate could it possibly be?


This was my first thought too. But then I realised that they've obviously omitted that fact on purpose, to solve an infinite recursion paradox:

Vista is malware
Vista can host malware
Therefore vista is self-hosting

Vista is unstable
Therefore, vista can't host a stable OS
Therefore Vista can't host itse..

Oh, never mind. It works out just fine.

Re:What kind of malware? (4, Interesting)

Dwedit (232252) | more than 6 years ago | (#23472906)

How about Wild Tangent bundled games that come with many PCs? Those trip up the spyware detectors too.

Re:What kind of malware? (4, Interesting)

setagllib (753300) | more than 6 years ago | (#23473108)

Because Wild Tangent is spyware.

Re:What kind of malware? (3, Interesting)

Jesus_666 (702802) | more than 6 years ago | (#23473310)

Spyware that's hard to defend against. Trojan-style malware doesn't need security flaws to enter the system, thus Vista's new security features won't help much against it.

Re:What kind of malware? (4, Informative)

Skrynesaver (994435) | more than 6 years ago | (#23472922)

Malware is not defined anywhere in the article.
While incomplete it did say that:

PC Tools has publicized details of some of the malware types it has found on Vista systems during its scans, including three pages of variants based on Trojan.Agent, a few of which were described as serious.
Not a definition of what they classed as malware, but 3 pages of Trojans would seem to indicate that they found something, no?

Re:What kind of malware? (4, Insightful)

Tim C (15259) | more than 6 years ago | (#23472956)

He didn't say that they didn't find anything, he was merely wondering if there were any details as to what exactly they did find.

He's entirely correct about the tracking cookie thing, every malware scanner I've used (apart from Windows Defender, I *think*) flags cookies as malware. My ex's new Vista laptop came with Norton pre-installed, and it flags a tracking cookie every time it runs (and only the cookie - so her laptop would possibly contribute to the report's number, despite being clean)

Re:What kind of malware? (4, Funny)

nschubach (922175) | more than 6 years ago | (#23473336)

Slightly off topic, but your post reminded me of Dilbert today: http://www.dilbert.com/fast/2008-05-20/ [dilbert.com]

Not saying there's a correlation to be made...

Re:What kind of malware? (2, Funny)

Alpha232 (922118) | more than 6 years ago | (#23473036)

Next J_DarkElf will debate the page sized used, was it Letter, Legal, A4, Memo?

Re:What kind of malware? (1)

Macthorpe (960048) | more than 6 years ago | (#23473086)

I'd like to know what about his comment you thought wasn't relevant to the issue. Care to elaborate?

Different vendors describe malware in a variety of ways, so it would be useful to know which definition they're using here to get an accurate overview of what they're trying to say. After all, statistics without context are useless.

Re:What kind of malware? (1)

Tim C (15259) | more than 6 years ago | (#23473146)

I didn't say that I didn't think his comment was relevant to the issue. I was merely responding to his closing remark:

but 3 pages of Trojans would seem to indicate that they found something, no?

I see nothing in the original comment that implies that the poster believes that nothing was found. As I read it, the original poster believes that the issue is being blown out of proportion, and that without more detail we can't tell whether or not this is the case. Given that malware tools do indeed flag some perfectly innocuous things, that this is slashdot and that the report was produced by a firm that sells PC security software, I'd say that it would seem likely that the issue has been somewhat overstated.

I think we're arguing the same point - the report is meaningless without more detail.

Re:What kind of malware? (4, Insightful)

LO0G (606364) | more than 6 years ago | (#23473314)

The big thing I found missing from the article is how the machine got infected.

If I download and install the cool icons for my IM client and malware comes along for the ride, is it Vista's fault that it allowed me to install it?

As far as I know, all MSFT has claimed is that Vista is more secure than XP, not that it is immune from malware.

There's nothing that an OS vendor can do to protect the user from their own actions.

Re:What kind of malware? (4, Insightful)

BadAnalogyGuy (945258) | more than 6 years ago | (#23473396)

it is immune from malware

This is key. Any OS which can run 3rd party code is vulnerable to malware. Whether the damage is restricted to the single running user or can damage anything the OS allows it to, software written for the express purpose of breaking something will work correctly given the right privileges.

So it doesn't matter if you're on Mac, Windows, or Unix, if you run code that is intent on deleting something and you give it the right permissions, it will do it.

There are various levels of protection you can offer here.

0. Let the malicious code run wild without any permission barriers
1. Run the malicious code as root
2. Run the malicious code as current user
3. Run the malicious code as special unprivileged user
4. Run the malicious code for privileged APIs and stop the malicious code on unprivileged APIs
5. Run the malicious code in a sandbox
6. Run only "signed" code
7. Do not run non-preinstalled software

As the levels go higher, the more hassle it is for users to install new software. Obviously we don't want to go back to DOS and level 0. And we've seen what happens when we run with level 1 restrictions. Running code at level 2 is a possibility, but it also leaves the user open to localized damage, specifically damage to their own accounts and data.

Microsoft decided that for their systems, a compromise between level 2 and level 1 was necessary. And in order to do anything to the system as a whole, UAC was implemented to request a means to elevate user privileges temporarily.

It's an ugly, annoying dialog, but what is the alternative? If you (the general 'you') think that another system does this better, in what ways specifically do you feel the system provides an adequate amount of protection and flexibility?

Re:What kind of malware? (1)

Vectronic (1221470) | more than 6 years ago | (#23473434)

"...Mac, Windows, or Unix..."

[nitpicking] Ahh, but Linux is impervious [/nitpicking]

Re:What kind of malware? (1)

Jugalator (259273) | more than 6 years ago | (#23473356)

Maybe that's because Vista doesn't come with a built-in antivirus, only antispyware (which doesn't catch trojans).

I'm not really surprised, and can't really blame Vista either that much. AFAIK, it will put up UAC prompts by default to warn users opening e.g. malicious e-mail attachments (or hyperlinks via Live Messenger), but if they then say "Yes, OK, I approve", what more can it do? Vista on the other hand should allow users to start executables.

Re:What kind of malware? (1)

maxume (22995) | more than 6 years ago | (#23473562)

If those 3 pages of trojans are only present on 2,000 machines, (or 150 for that matter), it says something entirely different than if they are present on 50,000 or 100,000 machines.

Re:What kind of malware? (5, Interesting)

nozzo (851371) | more than 6 years ago | (#23472934)

Yeah this is an extremely valid point. My Vista PC had 100's of 'malware' items on, all were tracking cookies. So from that someone extrapolates Vista has poor security. sheesh.

Re:What kind of malware? (1)

aliquis (678370) | more than 6 years ago | (#23473306)

Hint: They want to sell their antivirus/-malware tools to Vista users aswell. (Hey, with the current market coverage by Vista that may add up to TENS of licenses! ;))

100% of Vista machines affected with malware (0, Flamebait)

Wiseman1024 (993899) | more than 6 years ago | (#23473018)

Windows Vista is Defective by Design. It includes Digital Restrictions Malware designed to turn your computer into a mafiaa corporations' surveillance unit, taking control of your files, prohibiting you from performing certain operations on your own files, and prohibiting you from accessing and modifying your own kernel, even in memory.

Therefore, all machines running Vista area ffected with malware.

+1 Insightful +1 Troll (0)

Anonymous Coward | more than 6 years ago | (#23473280)

While you are obviously trolling, I'm not saying you're wrong.

Re:What kind of malware? (2, Interesting)

complete loony (663508) | more than 6 years ago | (#23473096)

Self selection bias?

How many of these machines were scanned only *because* an infection was already suspected or known?

On a related note... (1)

stupidflanders (1230894) | more than 6 years ago | (#23473478)

This article [zdnet.com] seems to say that Vista is MORE secure than XP, or OSX.

Here's another good article [darkreading.com] about detecting Rootkits in XP vs Vista using antivirus suites and online scanners.

Re:What kind of malware? (3, Informative)

Dekortage (697532) | more than 6 years ago | (#23473496)

To quote TFA:

"It is important to highlight that all systems used in the research pool were at the very least running PC Tool's ThreatFire and that because the technology is behavioral-based, the data refers to threats that actually executed and triggered our behavioral detection on the client machine", said PC Tools' CEO, Simon Clausen.

I don't use ThreatFire, but "behavioral-based" and "threats that actually executed" doesn't sound like a cookie. They could mean it, but it doesn't sound like it.

Self-selection bias? (1)

robo_mojo (997193) | more than 6 years ago | (#23472844)

27% of people reporting using the product are infected. Is this a result of self-selection bias? What does it say about the actual population?

Also, no I didn't rtfa.

(frist prost?)

Re:Self-selection bias? (2, Funny)

Ethanol-fueled (1125189) | more than 6 years ago | (#23472878)

Please read the article first so that the statistical numbers sink in.

Next, think about an Ubuntu install vs. a Vista install. Vista caught a lot of flak for the "cancel vs. install" thing but sudo('s GUI counterpart) is not much different, right down to the dark fade as it asks the user what to do. Since Linux clearly stole that idea from Windows, well, won't some leet folks please write a virus for Linux and level the playing field? Linux users are so tired of having nothing to painstakingly tweek.

Re:Self-selection bias? (5, Informative)

joelstobart (1238490) | more than 6 years ago | (#23472988)

Seriously,

27% of all the machines were owned by a marketing company. Its sunk in.

Sudo copied Windows - hmmmm ... "Sudo was originally written by Bob Coggeshall and Cliff Spencer "around 1980" at the Department of Computer Science at SUNY/Buffalo".

As for the virus remark - Its more difficult to write Linux viruses. User level permissions are more rigorous. The browsers don't have ActiveX. People who use Linux tend to know what a firewall is; and don't click yes in reply to "would you like to install" dialogues so much.

Re:Self-selection bias? (-1)

Anonymous Coward | more than 6 years ago | (#23473236)

Facts?! The browsers have NPAPI(http://en.wikipedia.org/wiki/NPAPI).
Where`s the difference to activeX?

And I wouldn`t call UNIX permission rigorous or fine grained.

Re:Self-selection bias? (1)

aliquis (678370) | more than 6 years ago | (#23473328)

Even less so when said "dialogues" looks like Windows ones ;D

(Well, one would expect people would get a hint when it shakes around all over the screen, but no, must be real, better click it! It looks very important! Doesn't it?)

Re:Self-selection bias? (1)

robo_mojo (997193) | more than 6 years ago | (#23472996)

Next, think about an Ubuntu install vs. a Vista install. Vista caught a lot of flak for the "cancel vs. install" thing but sudo('s GUI counterpart) is not much different, right down to the dark fade as it asks the user what to do.

Did you interpret my post to be an attack against Vista? Honestly I did not intend for it to be either an attack or a support.

As for the GUI sudo, what does that have to do with it? Much like with UAC, the user must know what he is doing when he enters his root password (whether using Linux or Vista). If not, there isn't really much else that you can do. I'm not really sure what your point is, anyway.

won't some leet folks please write a virus for Linux

Shit. I just wasted my time replying to a troll post. :(

Re:Self-selection bias? (0)

Anonymous Coward | more than 6 years ago | (#23473016)

Since Linux clearly stole that idea [sudo('s GUI counterpart)] from Windows...
LOL, what???

Re:Self-selection bias? (1)

Ethanol-fueled (1125189) | more than 6 years ago | (#23473162)

Here: [/sarcasm], for those of you who didn't understand it.

The point I was trying to make is that Windows is trying to have the benefits of *nix(e.g. shifting the blame onto the user via sudo) without all of the rock-solid file permissions and idiot-proofness of, well, Unix-like operating systems(all rm -rf jokes aside).

Re:Self-selection bias? (1)

aliquis (678370) | more than 6 years ago | (#23473344)

won't some leet folks please write a virus for Linux and level the playing field
Well, maybe Wine enables you to run Media Player, Internet Explorer and Outlook? =P, if nothing else I guess VmWare got you covered!

(I'm mostly shooting for the DRM-makes-it-a-virus-part in http://tech.slashdot.org/comments.pl?sid=558098&cid=23473018 [slashdot.org] but maybe you can run into other issues aswell.)

Re:Self-selection bias? (1)

mrbluze (1034940) | more than 6 years ago | (#23473072)

27% of people reporting using the product are infected. Is this a result of self-selection bias? What does it say about the actual population?
What? You're trying to apply scientific principles to a slashvertisement dressed up as negative press for Vista? Shame on you ;)

What a surprise... (-1, Troll)

Anonymous Coward | more than 6 years ago | (#23472846)

Another poorly built M$ product is a major target of malware? Who'd have thought it...

Oh and first post.

the problem is combining ... (0, Flamebait)

crazybit (918023) | more than 6 years ago | (#23472854)

... a dumb user with a dumb OS.

Re:the problem is combining ... (5, Informative)

J_DarkElf (602111) | more than 6 years ago | (#23472888)

No need to slam Vista (or Windows in general) -- the problem is combining a dumb user with /any/ OS he can get admin rights on.

No matter how good your antivirus/antispyware/OS, once an idiot user figures out that by closing a certain app or clicking "yes" somewhere he can run the funny application he got by e-mail, he will do so, and the system is potentially infected.

Re:the problem is combining ... (2, Funny)

Anonymous Coward | more than 6 years ago | (#23472994)

clicking "yes" somewhere he can run the funny application he got by e-mail, he will do so, and the system is potentially infected.
I do not!! now for the pron... your damn right I do

Re:the problem is combining ... (4, Insightful)

NickFortune (613926) | more than 6 years ago | (#23473020)

No need to slam Vista (or Windows in general) -- the problem is combining a dumb user with /any/ OS he can get admin rights on.

I don't think that works as an excuse for Microsoft.

The trouble with that Windows is supposed to be the operating system of the common man. At least, every time Linux gets a cool feature, the Redmond apologists start roll out their hypothetical Joe Sixpacks and Great Aunt Mildreds and tell us how these ordinary people can never cope with Linux, but windows, focus-grouped to death as it is, has been designed for these exemplars of non-geekiness, and is therefore superior.

But that makes it kind of hard to blame bad security on the users. Windows is supposed to be designed with the click-on-the-dancing-monkey demographic in mind. They can't really throw their hands in the air and say "it's not us, it's the stupid users" without admitting that, really, they haven't a clue how to make a secure operating system.

Re:the problem is combining ... (2, Interesting)

DigitalisAkujin (846133) | more than 6 years ago | (#23473362)

No dude lol... just plain no.

A Network admins know that the common man or woman doesn't know their computers from their asses. It's like the saying goes, PEBKAC.

The fact of the matter is that Microsoft is king because Linux software isn't even there yet when it comes to quality. Whenever you have new hardware you probably can't even use linux because the drivers haven't come out yet or are beta and/or a bitch to install.

Linux continues to be dogged down by too many deal breakers for so many people. You can have Linux be good for 15 / 20 uses and even throws in 5 - 10 new ones but the few you got left might include deal breakers for so many people. This is the challenge the open source community will need to overcome before it ever wins this war. It will eventually win though. We're only 15 years into a networked world. 60 years from now software companies will only make money from custom code.

Re:the problem is combining ... (1)

NickFortune (613926) | more than 6 years ago | (#23473416)

The fact of the matter is that Microsoft is king because Linux software isn't even there yet when it comes to quality.

Well, that's not an opinion I share, obviously.

But even if I did - I still don't see how that would Vista off the hook in terms of security.

Re:the problem is combining ... (1)

Vectronic (1221470) | more than 6 years ago | (#23473456)

Dude? Get Off My PEBKAC...

Problem
Exists
Between
Keyboard
And
Chair

For anyone wondering...

Re:the problem is combining ... (0, Flamebait)

MrMr (219533) | more than 6 years ago | (#23473256)

Score: 0 Flamebait, Ha, that'll teach you to piss off the MSerables during office hours.

PR != Security (4, Insightful)

pla (258480) | more than 6 years ago | (#23472896)

New Malware Report Hits Vista's Security Image

Come again? Does anyone but Microsoft actually believe Vista has an "image" of better security?

Vista has one and only one major security-impacting feature - The "Train users to always click yes" interface to privilege escalation. And I feel confident saying that very, very few of us consider that a "good" thing.

Re:PR != Security (2, Interesting)

BadAnalogyGuy (945258) | more than 6 years ago | (#23472966)

Let's say that the UAC is a mistake and users should be 1) prevented from installing programs blindly, 2) not informed when a program is attempting to run without authorization.

How would you design a system that fulfilled the two items above while still allowing the flexibility to actually install programs when desired?

Ask Loki (0)

Anonymous Coward | more than 6 years ago | (#23473070)

The installer allowed you to install for the current user (in their home directory) or, if they wanted it in a central location, as root in /usr/local/games.

Loki did it in Linux.

Why can't MS do it in their installers?

Does that help, though? (1)

BadAnalogyGuy (945258) | more than 6 years ago | (#23473106)

The user would still be vulnerable to regular hosings due to malicious programs having full reign on all the user's stuff. Even if the damage is restricted to the one user, who wants to be that user?

It's definitely a good start, but local program installation without user notification still presents the same problems (though to a lesser degree of damage) as running as administrator or root all the time.

Re:Does that help, though? (1)

aliquis (678370) | more than 6 years ago | (#23473436)

But the same is true for all (?) oses so what's the difference? I guess one can try to prevent it with password protected partitions or whatever but it will just fail anyway.

Re:Does that help, though? (1)

tepples (727027) | more than 6 years ago | (#23473500)

Even if the damage is restricted to the one user, who wants to be that user?
You're right that nothing replaces backups to a CD-R or DVD-R. This is true on any platform open to microISVs.

Re:Ask Loki (1)

dhavleak (912889) | more than 6 years ago | (#23473158)

The installer allowed you to install for the current user (in their home directory) or, if they wanted it in a central location, as root in /usr/local/games. Loki did it in Linux. Why can't MS do it in their installers?
It does - the default path is program files, and you are free to change that to your home directory if you wish. Anyway, what has that got to do with security/trojans/UAC?

Re:PR != Security (1)

clang_jangle (975789) | more than 6 years ago | (#23473166)

How would you design a system that fulfilled the two items above while still allowing the flexibility to actually install programs when desired?


See OS X, most any desktop Linux or BSD distro for the answer. Of all the desktop OSes it's only the ones made by MicroSoft have this problem.

Re:PR != Security (1)

BadAnalogyGuy (945258) | more than 6 years ago | (#23473194)

Of all the desktop OSes it's only the ones made by MicroSoft have this problem.

First, are we talking about *all* Microsoft operating systems? I'm not. I'm only talking about Vista because it is the only consumer desktop OS by Microsoft that has UAC.

Second, are you saying that OSX, "any Linux", and BSD distro will install anything, without warning, automatically, and without root privileges? If so, that sounds like exactly the problem that UAC was intended to stop. UAC exists to temporarily raise the current user's privilege level in such a way that at the very least the user is informed and prompted for confirmation. This is akin to sudo on Unix-like systems.

Are you seriously arguing that prompting the user is only something that happens on Windows?

Re:PR != Security (1)

clang_jangle (975789) | more than 6 years ago | (#23473276)

Are you seriously arguing that prompting the user is only something that happens on Windows?


I feel so misunderstood -- Can't imagine how you got that idea....

You said
How would you design a system that fulfilled the two items above while still allowing the flexibility to actually install programs when desired?


And I was simply pointing out that no other popular desktop OS has this issue with munging security so badly

Re:PR != Security (2, Insightful)

clang_jangle (975789) | more than 6 years ago | (#23473348)

I thought you were asking "how can a system be made idiot-proof and still let users easily install software without having to know anything about actually using the system?"

I have no trouble with my OS X, BSD, or Linux software installs affecting security. Heck, I know some MS users who have no trouble with that.

So I guess it's like driving. Everyone thinks they can do it, but in fact maybe one in five of us can actually do it without causing problems. So incompetent people wreck their cars and have problems with the computer. Big deal. Besides, there's lots of money in that. :)

Re:PR != Security (1)

SuiteSisterMary (123932) | more than 6 years ago | (#23473438)

See, this is one of those correlation/causation fallacies.

Linux has fewer of these 'user blindly runs stupid shit' problems because, at the moment, it's only run by people who also know about that sort of thing.

If Linux was the everyday OS, it would have just as many idiots blindly typing in their root passwords on demand.

I've never understood the thousands of HOWTOs and install guides that say 'now, don't run this as root!' then preface damn near ever step with 'sudo and type in your root password.' There's not a whole lot of difference there.

Back-compat is the hurdle (1)

tepples (727027) | more than 6 years ago | (#23473474)

And I was simply pointing out that no other popular desktop OS has this issue with munging security so badly
No other popular desktop OS has had a continuously maintained API going back to an operating system with a single-user kernel. The Win32 API has been around since the single-user Windows 98, and end users expect binaries compiled and tested on Windows 98 to run on Windows Vista. Apple solved this on Mac OS X (Classic environment) and CodeWeavers solved this on Linux (Wine) through partial virtualization of an old operating system to run its applications.

Re:Back-compat is the hurdle (1)

clang_jangle (975789) | more than 6 years ago | (#23473616)

No other popular desktop OS has had a continuously maintained API going back to an operating system with a single-user kernel. The Win32 API has been around since the single-user Windows 98, and end users expect binaries compiled and tested on Windows 98 to run on Windows Vista. Apple solved this on Mac OS X (Classic environment) and CodeWeavers solved this on Linux (Wine) through partial virtualization of an old operating system to run its applications.


That's a good point. So why didn't MS virtualize win98, XP, etc rather than carrying the troublesome APIs over to Vista? Certainly they have the resources to do it. Why does MS stubbornly cling to a failed paradigm?

I'll bet it's greed. Something like, "Hey that virtualization is hot hot hot yo, we can't squander that tech on people who only bought an OEM install -- we got to get paid for this one!".

Re:PR != Security (4, Interesting)

JasterBobaMereel (1102861) | more than 6 years ago | (#23473346)

Users should be prevented from installing programs blindly - Full stop

Users should be informed the program is trying to run as an admin and so has been killed

Users should ask to install a program, be asked for admin password to continue and then go ahead without repeated warnings ....!

Asking for permission to do something means the program was not installed properly (when installed it should request all permissions it will need), or should not be doing it

Windows Vista does all the wrong things
    Prompts for permission on both installed and uninstalled programs repeatedly
    treats an install the same as running a program

Linux/OSX are not perfect but seem to have got the balance more correct (mainly due to a legacy of doing the right thing and so not having to support user programs that assume full admin rights)

Re:PR != Security (2, Interesting)

BadAnalogyGuy (945258) | more than 6 years ago | (#23473482)

To take that idea a step further, how should scripts that rely on a runtime be restricted? Let's say Perl is installed, and it requests full system access at installation. When you run a script that erases the hard drive, should it automatically run at the Perl permission level? Or should it run at the user level without automatically gaining Perl's permission level? Or should a text file be considered "executable" and require installation as well?

I agree that installed apps should not ever bring up the UAC. And that getting over the legacy app problem is a huge hurdle for MS.

Re:PR != Security (1)

dhavleak (912889) | more than 6 years ago | (#23473552)

Windows Vista does all the wrong things
- Prompts for permission on both installed and uninstalled programs repeatedly
- treats an install the same as running a program

That's actually quite inaccurate:

The question is do you need admin creds to run the program / installer or not?
- For most installers the answer will be "Yes".
- For many programs (say office/notepad/firefox/cmd.exe) the answer will be "No"
- For the same programs, the answer could sometimes be "Yes" (cmd.exe, firefox to install a plugin, etc.)

Note that you won't get asked to elevate everytime you launch the app -- though you can configure it that way if you wish. The app needs to be coded correctly to understand when it needs to elevate (for example the way firefox will pop a UAC prompt only when it wants to upgrade itself or install a plugin -- but otherwise pretty much runs UAC-free. This is pretty much as it should be.

If an application actually needs to run as administrator to function correctly (even when the app doesn't actually do anything that requires admin privileges) -- it means it's a pre-vista application that was poorly written and ignored MS's platform development guidelines (for XP). UAC annoyances serve to expose those apps, and their next iterations will be better. Tough decision on MS's part, but it had to be made, and it was definitely the right call.

Mandatory Windows Logo testing (1)

tepples (727027) | more than 6 years ago | (#23473516)

How would you design a system that [silently blocked unwanted software installations] while still allowing the flexibility to actually install programs when desired?

By verifying that executables have been signed by the Windows Logo Program on every machine that doesn't have a current subscription to MSDN. Yes, this would force many ISVs with fewer than 10 employees to target Ubuntu and not Windows, but the makers of BREW phones, iPhone, and Xbox 360 have already accepted this collateral damage.

</sarcasm>

Re:PR != Security (5, Informative)

Kalriath (849904) | more than 6 years ago | (#23472990)

Vista has one and only one major security-impacting feature - The "Train users to always click yes" interface to privilege escalation. And I feel confident saying that very, very few
of us consider that a "good" thing.
Get users on Linux, and we'll be seeing the "Train users to always click yes (or in CLI mode, prefix with "sudo") approach to privilege escalation"

Wait, that sounds familiar. Oh, wow! Both my post and yours are virtually identical!

Seriously, people bash UAC, but it's pretty much identical to sudo.

Re:PR != Security (1)

Chutulu (982382) | more than 6 years ago | (#23473062)

Seriously, people bash UAC, but it's pretty much identical to sudo
dude, this is /.

Re:PR != Security (4, Insightful)

dhavleak (912889) | more than 6 years ago | (#23473254)

Seriously, people bash UAC, but it's pretty much identical to sudo.
In fact, I can think of a scenario in which UAC is actually better than sudo:

In a social engineering attack where you download some program (malware) and run it -- the malware could spoof a UAC prompt -- if you are foolish enough to click "Allow", well, nothing really happens because the program didn't get elevated privileges (since it was a fake UAC prompt). In the sudo case, the equivalent level of foolishness has you entering your password instead of merely clicking "Allow". Result is that the malware has your password now, so it's basically Game Over.

Of course, this is probably a moot point because a better social engineering attack would actually do something causing a genuine UAC prompt (instead of bothering to spoof it). The level of foolishness required to click "Allow" is probably the same in both cases.

I guess where UAC becomes valuable is when an attacker has managed to exploit a hole, to execute code remotely without requiring you to fall foul of a social engineering attack. This way you know you haven't done anything to deserve the UAC prompt that just popped up, so you know that you should click "Deny" here. This might still fail to protect users that have absolutely no clue, but honestly they shouldn't be running an admin account anyway (and hence should not be able to elevate a process).

Re:PR != Security (1)

azgard (461476) | more than 6 years ago | (#23473454)

There is a problem in this thinking. The sudo prompt is only expected to appear in certain situations (such as clicking on administrator mode button in certain dialogs), not randomly when browsing the web. AFAIK, on Vista it can appear anytime application asks for it (but I am not Vista user).

Re:PR != Security (5, Insightful)

pla (258480) | more than 6 years ago | (#23473466)

Seriously, people bash UAC, but it's pretty much identical to sudo.

Key difference - Using sudo represents an active request by the user for privilege escalation. Telling UAC to continue approves apassive request that the user might not actually have made (or known they made). When enough of them pop up at random times, it conditions the user to just say okay to make it go away - By comparison, no one would ever just randomly sudo a command for the hell of it.

Re:PR != Security (1)

aliquis (678370) | more than 6 years ago | (#23473470)

Nah, they wouldn't need to click yes, they would just login as root for convenience.

IANAVU (I'am not a vista user), but I suspect that the difference of UAC and Sudo are that the Windows developers haven't cared earlier and therefor do all kinds of bad stuff because nothing have prevented them from doing so earlier, and therefor UAC bothers the users more so they get annoyed and start pressing yes for all (much as I suspect my sister does for her antivirus, antimalware and firewall I installed for her.)
But are Microsoft really to blame for that? Especially since they had already tried to tell the developers to not do it earlier if I remember correctly, sure they made it possible in the first place but most OSes did back then.
And now they try to fix it, and in the end it will probably lead to less applications trying to do stuff which need higher privileges and therefor less UAC boxes and eventually better security. Just as in the case of unix.)

Re:PR != Security (1)

CrackerJackz (152930) | more than 6 years ago | (#23473632)

Part of the problem is the Vistas UAC prompts users (even local admins) far to often. If I'm a local admin on a workstation, there are certain tasks that I would expect to be prompted for (installing software, patching software, deleting file from C:\Program*\, ETC.) but changing the system time? Opening the system management MMC? This simply means that most admins will turn it off, which significantly reduces its functionality ;)

Re:PR != Security (1)

BlueTrin (683373) | more than 6 years ago | (#23473056)

The problem is that I can hardly see an OS forbidding you to do some stuff you want at home.

Most users would complain. In a corporate setting that is totally different ...

Lockout chip business model (1)

tepples (727027) | more than 6 years ago | (#23473526)

The problem is that I can hardly see an OS forbidding you to do some stuff you want at home.
For example, an unmodded Xbox console cannot run a media player [xbmc.org] or video games self-published by a microISV.

Security PR (5, Interesting)

404 Clue Not Found (763556) | more than 6 years ago | (#23473226)

That's not fair. Vista security might not have a very good image on Slashdot -- I doubt any Microsoft product ever will -- but in actuality, there are improvements over XP. Vista has more than just UAC (which was made slightly less annoying in SP1, by the way):

* IE runs in a sandbox by default
* IE has anti-phishing filters on and ActiveX off by default
* Windows Mail disables ActiveX and blocks executable attachments by default
* An anti-spyware program, Windows Defender, is included
* Windows Firewall was upgraded and now scans outgoing connections as well
* BitLocker adds full-drive encryption
* Parental Control allows other accounts to be locked down and monitored, either for children or guest users

Wikipedia has a more extensive list: Security and Safety Features new to Windows Vista [wikipedia.org]

Vista was overhyped and it failed to deliver everything Microsoft promised, but at least give it SOME credit where security is concerned. The first three features killed off some of the most common attack vectors of previous Windowses. Vista started with great ideas; it's the execution (lookin' at you, UAC) that made the final user experience intolerable. Hopefully, that'll be refined in future service packs.

But do those features actually work as intended? (1)

Marrow (195242) | more than 6 years ago | (#23473404)


Its only an improvement if the features work and are reliable and do not cause any other problems or side-effects.

Oh no, now you've done it (2, Insightful)

dreamchaser (49529) | more than 6 years ago | (#23473494)

I expect Twitter to come rushing out with one of his many sockpuppet accounts and attack you at any moment! How dare you cloud a perfectly good Vista bashing with a few facts! Shame on you!

Vista isn't great and was overhyped, but it's not nearly as bad as most people here seem to think. I'd hazard that the loudest critics haven't even used it.

Re:Security PR (-1, Troll)

Anonymous Coward | more than 6 years ago | (#23473520)

* IE runs in a sandbox by default
* IE has anti-phishing filters on and ActiveX off by default
* Windows Mail disables ActiveX and blocks executable attachments by default


Windows Update still uses ActiveX. If it is off by default, it means Vista machines won't be updated.

* An anti-spyware program, Windows Defender, is included

Isn't that the one that Windows Update keep bugging us XP users to download again? Not an improvement over XP then.

* Windows Firewall was upgraded and now scans outgoing connections as well

Protecting the internet against infected Vista machines... Looks like even Microsoft doesn't believe the claims about security.

* BitLocker adds full-drive encryption

Which protects against nothing once the encryption key is entered to be able to boot the system. Malware won't care, thiefs won't care (they are after the hardware anyway). Terrorist and pedophiles will care, though.

* Parental Control allows other accounts to be locked down and monitored, either for children or guest users


Oh, re-inventing user accounts... I'm sure Microsoft wish they came up with that idea back in NT 3.5.

Windows is basically a wrong architecture (0, Troll)

freedom_india (780002) | more than 6 years ago | (#23472918)

Windows 98, XP, and now Vista all have security loopholes one way or the other.
The vaunted UAC on Vista is useless.
Blaming the user for running as Administrator and exposing loopholes is like blaming the car driver for driving with the windows down.
Yeah, the wind can be heavy when driving at 100mph but that is not the reason for having a burn when driving a Pinto.
This is a good test case and lesson for wrong software architecture.
By Design Windows is flawed. Blaming the construction is like blaming the poor builders of Leaning Tower of Pisa.
Vista was done from ground up ripping out all old code but still has all problems in addition to UAC, BECAUSE Microsoft thinks Security is an add-on.
Mac OS X thinks security is part of OS and hence Administrator is different from root.

One should not need UAC to install software, and the registry concept should be thrown out.
Why the fcuk should a software write to a registry? It was originally meant for Windows only and should have been locked out instead of allowing every joker to write to it.

It will be great if Windows adopted Linux [kernel] as a base and bolted WINE as a backward way to run Windows Apps and Games.
Imagine the muscle Microsoft could bring if it adopted Linux Kernel for Windows. MSDN, TechNet, etc.,
I bet that would be the day Apple would realize the game was up.

Re:Windows is basically a wrong architecture (3, Insightful)

Anonymous Coward | more than 6 years ago | (#23473160)

Blaming the user for running as Administrator and exposing loopholes is like blaming the car driver for driving with the windows down.

Some other commenter pointed out that being trained to clicking "Yes" was comparable to running everything as super doer. Rightly so. Do you know how tremendously difficult it is to convince Peter average user to have strong passwords, to keep user accounts and administrative accounts separate, and so on? As soon as he finds out how to run programs with administrative privileges, he'll stick to this new "freedom".

By Design Windows is flawed.

So is any other OS with an UI, because they require a user. The user is the problem.

One should not need UAC to install software, and the registry concept should be thrown out.

While I agree, I do this because I think an operating system should have user accounts with no rights to install anything, and an administrative account without any GUI. Please explain Peter average user he has to use CLI to install/uninstall software. (This works with my Peters, because I manage their Linux workstations for free. But it won't work with most users.)

It will be great if Windows adopted Linux [kernel] as a base and bolted WINE as a backward way to run Windows Apps and Games.

But still, the user has to install software on the system. Unfortunately, he wants to do so without any hassle.

Being Masturbation in 3, 2, 1. ... (-1, Troll)

Anonymous Coward | more than 6 years ago | (#23472942)

All the linux fan-bois can commence self-rocks-off in 3, 2, 1, ...

Wait a moment... (5, Funny)

hyperz69 (1226464) | more than 6 years ago | (#23472960)

Vista Had a Positive Security Image?

Re:Wait a moment... (2, Funny)

Legrow (1023457) | more than 6 years ago | (#23473286)

Vista Had a Positive Security Image?
'Positive' in the 'HIV Positive' sense.

They would, wouldn't they? (4, Insightful)

Harold Halloway (1047486) | more than 6 years ago | (#23473038)

Why might "Australian security vendor PC Tools" claim this? Could they have a vested interest in saying this?

Re:They would, wouldn't they? (2, Funny)

FamineMonk (877465) | more than 6 years ago | (#23473126)

step 1: Start a support/news website.

step 2: Publish story "OMG Malware!!1!"

step 3: ????????

step 4: Profit!

Re:They would, wouldn't they? (0, Redundant)

mithras invictus (1084169) | more than 6 years ago | (#23473176)

Could doctors have a vested interest in finding disease?

That's because... (0)

cthellis (733202) | more than 6 years ago | (#23473046)

...security programmers aren't used to coding upside-down yet. Even the OSI model gets messed up!

Consider the source (5, Insightful)

Gadget_Guy (627405) | more than 6 years ago | (#23473100)

So a company that sells security software [pctools.com] puts out a press release to say that you still need to buy their software even if you run Vista. I can't think of a single ulterior motive that they might have to do this!

How many of the anti-virus companies don't issue doom-and-gloom style press releases? It is just their way of drumming up business. I would rely on these figures as much as I would rely of Microsoft's "research" that might suggest that Vista is completely immune to any security issue. The truth lies somewhere in between - which shouldn't surprise anybody.

And before anyone jumps down my throat, no Microsoft didn't says Vista was that perfect.

Cracks in the armour (1)

Toreo asesino (951231) | more than 6 years ago | (#23473164)

The only cracks is the armour are the users, them being the one's that say "Yes, this unsigned potentially dangerous piece of software that inexplicably wants admin rights to my machine can do whatever it wants."

There's a difference between the prompts when the exes are signed or not, for example here - http://www.autoitscript.com/autoit3/docs/intro/autoit_on_vista.htm [autoitscript.com]

Clearly Microsoft must give an URGENT update! (1)

Colin Smith (2679) | more than 6 years ago | (#23473372)

Obviously Microsoft must send out an urgent update to Vista!

Disable the Yes button!

Phone them up and demand this urgent security feature!

 

27% of Vista machines were compromised (0)

Anonymous Coward | more than 6 years ago | (#23473218)

"60% of the time it works every time"

Image (1)

Vyse of Arcadia (1220278) | more than 6 years ago | (#23473234)

You guys remember 80s and 90s ecological cartoon villains? The ones that were made of pollution so that the only way to hurt them was with clean air and water? Vista's security image is kinda like that. The only way to actually hurt it at this point would be if the results were surprisingly good.

Re:Image (2, Funny)

Jesus_666 (702802) | more than 6 years ago | (#23473384)

Or we combine the powers of water, air, earth, fire and love to form Captain Planet. Or - even better - we combine Cheetos, Coke, anonymity, too much spare time and Linux to form Captain Fanboy, with the power of writing scathing flames on Slashdot.

Of course, Microsoft could counter that by combining the powers of Soviet Russia, old Koreans, Nathalie Portman, hot grits and Cowboy Neal to form Captain Meme, who drowns out everything Captain Fanboy posts with a flood of +5, Funny posts.

Hey vista don't work unless you buy my stuffs! (1)

Sheen (1180801) | more than 6 years ago | (#23473260)

This is about as relevant as giving out a statement saying that engines run better on non bio fuel.

Re:Hey vista don't work unless you buy my stuffs! (1)

Sheen (1180801) | more than 6 years ago | (#23473272)

This is about as relevant as giving out a statement saying that engines run better on non bio fuel.
hmm apperantly slashdot removed partly what i wrote. its supposed to say ...about as relevant as a oil company giving out a statement that engines run better on non bio fuel.

Big Impact on Opinions (3, Insightful)

FurtiveGlancer (1274746) | more than 6 years ago | (#23473270)

Instead of "obnoxious security" as highlighted by the apple commercial [apple.com] , now we have "less effective than advertised obnoxious security that's still better than XP."

Can we possibly bring ourselves to acknowledge that M$ actually brought about an improvement in PC security? It shouldn't hurt too much since it appears to be verifiable.

Re:Big Impact on Opinions (1)

SuiteSisterMary (123932) | more than 6 years ago | (#23473418)

And lets face it, if the user runs it, can it be considered a security failure on the OS part?

It's not Vista's fault that the user said 'Run SnowWhiteNailsDopey.scr.exe! Yes! Yes! Allow! Yes! I'm Sure! Yes! Yes! Don't Care That It's a Virus!'

Lets face it, if Vista didn't allow this, Slashdot would be running stories about how Big Bad Microsoft doesn't let users run programs on their own computers, that DRM watches you pee, and so on.

Sure, Vista is indeed safer .. (1)

cheros (223479) | more than 6 years ago | (#23473508)

.. since a lot less people run it than XP :-)

Sorry - you left that door wide open :-). Having said that, there appears to be hope at last. I read an article somewhere where someone has taken the utter total heap of crud that Sony made of Vista on its laptops (the thing that caused me to nuke it as soon as I managed to find time) into something that actually made it work, especially after Service Pack 1. IMHO, anyone who uses a new MS OS in production before the first SP has been issued should be made to admit to board level that he uses the entire company as MS beta-test site. Or, in case of Vista, alpha test.

And I hate the interface changes, every time a new OS comes out you spend weeks playing a game of menu based hide and seek with the toolset. Clever move, putting a search facility in the program list and then still making sure all program names start with "Microsoft". Duh.

But heck, most of my work can be done with OOo and Linux and most of our dev guys don't even have any MS software installed, so I probably postpone looking at it until I get brutally bored..

---

Keep up the good work, and don't bother me with it..

huh? (4, Funny)

Peter_The_Linux_Nerd (1292510) | more than 6 years ago | (#23473342)

"New Malware Report Hits Vista's Security Image" -- Vista had a security image?

Solutions? (4, Funny)

cluge (114877) | more than 6 years ago | (#23473524)

27% of Vista machines were compromised

This is indeed troubling (notice position of tongue and cheek). How can we fix this? I propose a five step program

5. Electro shock all users the click "install now" without thinking
4. Remove the fingers of users that follow the links on penis enlargement spam
3. Publicly flog all users that attempt to install that "special media player" to get to "free p0rn" from a any site in the former communist block.
2. Revoke all credit card, debit card, home depot card and sears charge cards for those that purchase a fake Rolex based on an email they got
1. Remove any and all computers from folks that say "My computers running slow, you know about computers, can you look at mine"

Respectfully,
Cluge

PS - A more meaningful less painful solution would be an OS lock down - IE think a live image distro where the Hard Drive is only used to store user data. Every reboot takes you back to square one - a heavily locked down environment with basic abilities allowed, but little else.

Vista has been analysed and researched now (1)

gilesjuk (604902) | more than 6 years ago | (#23473570)

Initially Vista was prone to security by obscurity. It is now however well researched by the makers of malware and it's business as usual.

Well (2, Insightful)

Anonymous Coward | more than 6 years ago | (#23473582)

I've purposedly ran some shady programs, with antivirus disabled on Vista. No WAU prompt, nothing. Yet, my PC was infected and had processes running. It was even harder to clean out then simular virii in XP.
Al these prompts and other crap, it's useless. It's just to "make you feel secure" and "annoy the hell out of you". Effectiveness is ZERO.

Vista and UAC .. (4, Interesting)

rs232 (849320) | more than 6 years ago | (#23473584)

"Vista suffered 121,380 instances of malware"

I thought Vista with UAC didn't get malware. Didn't Allchin say Vista didn't need [theinquirer.net] any anti-virus software.

What they didn't say... (1)

Zorque (894011) | more than 6 years ago | (#23473610)

...was what percentage of computers are running Vista, and what percentage of attacks are specifically targeted at Windows in general, it being the most common OS by a long shot. Besides the already-mentioned fact that this company is overinflating their results to sell their product, people should be aware that malware is, these days, mainly spy- and adware. The entire goal of these programs is to deliver advertising to -or information on- the largest audience possible, i.e. the most used OS.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>