Linked by Thom Holwerda on Tue 10th Nov 2009 09:31 UTC
Windows Last week, security vendor Sophos published a blog post in which it said that Windows 7 was vulnerable to 8 our of 10 of the most common viruses. Microsoft has responded to these test results, which are a classic case of "scare 'm and they'll fall in line".
Permalink for comment 394234
To read all comments associated with this story, please click here.
RE[6]: Comment by simon17
by cb_osn on Thu 12th Nov 2009 09:31 UTC in reply to "RE[5]: Comment by simon17"
cb_osn
Member since:
2006-02-26

The point is that the many many thousands of malware payloads that could use such an exploit are virtually all Windows executables.

That's irrelevant. All it takes is one. Over many years of using different operating systems, the only machine I've ever had taken over remotely without any action on my part whatsoever was a Red Hat 9 box. The attacker had tampered with the PAM configuration, replaced /bin/login, and had about a dozen new accounts running IRC bots. I found evidence of one of those little script kiddie rootkit packages that you can download just about anywhere. This is not an attempt to damn Linux. The whole event was completely my fault for not keeping the system "up2date". The point is that hostile code exists for all platforms.

Remote code execution and privilege escalation exploits are becoming increasingly rare across the board these days anyway.

Thank goodness. Why did it take Microsoft years to do that?

I assume it has something to do with the behemoth size of the company.

Nope. On secure systems, such a hostile person would require knowledge of a password in order to be able to elevate priveledges. On Windows 7, all that the same hostile person would have to do is click on 'allow'.

Given physical access to any machine without encrypted volumes, it is trivial for anyone with a moderate level of skill to install whatever they want on it.

Reply Parent Score: 2