On November 30, Sophos issued its monthly report on the top ten threats reported to them in November of 2006. As a part of this, Sophos also studied Windows Vista's vulnerability to these malware threats. I found the information and press discussion confusing, so I thought I would clarify what this really means for customers.
In order to understand what was really going on here, I asked the team to go look at the technical facts behind the story, and that started in the lab. We began by observing first-hand how these various forms of malware affect a Windows Vista system using a machine that was configured with the default settings and without any additional security software. What we found was that if you are using only the software in Windows Vista (e.g., Windows Mail and no add-on security software), then you are immune to all ten of the malware threats that Sophos cited.
View: Full Article @ Windows Vista Blog
In order to understand what was really going on here, I asked the team to go look at the technical facts behind the story, and that started in the lab. We began by observing first-hand how these various forms of malware affect a Windows Vista system using a machine that was configured with the default settings and without any additional security software. What we found was that if you are using only the software in Windows Vista (e.g., Windows Mail and no add-on security software), then you are immune to all ten of the malware threats that Sophos cited.
View: Full Article @ Windows Vista Blog
It's the same with drivers, Vista or XP is a stable system so long as you use signed drivers and/or the ones offered from Windows Update. When people start using beta drivers or unsigned ones they can't complain to Microsoft about the lack of stability when its clear that Microsoft will only support signed (WHQL) drivers!
agreed. This is a frontpage report that should include both sides of the conclusion. boo..
It is supposedly a test of Vista defaults for users. Now, users who use online mail services (many do! Perhaps even you use one) such as gmail, Yahoo mail, or MSN can still use Vista in default configuration, but this article points out that this may bypass some Vista security improvements.
I think it is a valid point, and it isn't due to "other apps" on the system. Did you read the link to the original article posted above? It was about using a web browser to check mail bypasses Windows Mail - and Jim Allchin deliberately skirts that issue and plods down the "Windows Mail" route (which does have the additional security).
He is "spinning", not informing.
The point is that a standard configuration of Vista for users of web mail will unknowingly bypass Windows Mail and be more vulnerable to malware.
That's all. It's not about running .exe files. Please read both articles.
Any guesses?
Doesn't the vanilla flavor of vista include an embedded browser? The bigger focus should be on an operating system's ability to repel or survive a malware attack after it has been let in. This is where the Sophos report does a good job and where Allchin is lacking.
Any guesses?
yes yes, i wasn't trying to prove you wrong
The point is that a standard configuration of Vista for users of web mail will unknowingly bypass Windows Mail and be more vulnerable to malware.
bypass Windows Mail???? Please don't say stupidities!
There are not flaws in Vista! A malware comes with an exe and an exe is a program and you can't stop people to click on it because it's a program (this happens also in linux and Mac OS X, in every OS !!!!! ).
Fortunately, in Vista all users are Standard Users with fewer privileges and they're protected by UAC and so a malware can't be installed without user's consent and it can't damage the system.
Last edited by franzon on 20 Dec 2006 - 17:33
The point is that a standard configuration of Vista for users of web mail will unknowingly bypass Windows Mail and be more vulnerable to malware.
bypass Windows Mail???? Please don't say stupidities!
There are not flaws in Vista! A malware comes with an exe and an exe is a program and you can't stop people to click on it because it's a program (this happens also in linux and Mac OS X, in every OS !!!!! ).
Fortunately, in Vista all users are Standard Users with fewer privileges and they're protected by UAC and so a malware can't be installed without user's consent and it can't damage the system.
The point is that exe's are almost never legitimately sent via email, so blocking them by default is the right thing to do. If you use webmail, it's the browser or webmail server's job to block exe downloads. If you have a crappy webmail provider, you might still be able to download exe attachments and potentially run them.
As for standard users, malware can still do damage to user documents, files, settings, etc... They can still add themselves to run at user logon.
The point is that exe's are almost never legitimately sent via email, so blocking them by default is the right thing to do. If you use webmail, it's the browser or webmail server's job to block exe downloads.
IE7 already blocks the exe, you have a lot of warning. UAC also warns you.
If you have a crappy webmail provider, you might still be able to download exe attachments and potentially run them.
In Vista, users have to authorize it
As for standard users, malware can still do damage to user documents
this happens in EVERY O.S.
, settings, etc...
NO. The settings are protected by UAC
They can still add themselves to run at user logon.
NO. There's the UAC and you have to authorize it
Last edited by franzon on 20 Dec 2006 - 18:16
There are not flaws in Vista! A malware comes with an exe and an exe is a program and you can't stop people to click on it because it's a program (this happens also in linux and Mac OS X, in every OS !!!!! ).
Fortunately, in Vista all users are Standard Users with fewer privileges and they're protected by UAC and so a malware can't be installed without user's consent and it can't damage the system.
This is just a report how malware can slip in a bit easier for webmail clients over POP clients. That's all. Take a deep breath and relax.
detecting it as a virus is a protection
detecting and blocking its intrusive activities after running it is pro active protection
excluding EXE file is just dumb default configuration for novice, it doesn't deserve the word protection IMO
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.