Linked by Thom Holwerda on Tue 10th Nov 2009 09:31 UTC
Windows Last week, security vendor Sophos published a blog post in which it said that Windows 7 was vulnerable to 8 our of 10 of the most common viruses. Microsoft has responded to these test results, which are a classic case of "scare 'm and they'll fall in line".
Thread beginning with comment 393889
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Let's be more specific
by twitterfire on Tue 10th Nov 2009 17:50 UTC in reply to "RE: Let's be more specific"
twitterfire
Member since:
2008-09-11

It's probably easier to craft some trojan with "social" abilities and people will download it and use it without suspecting anything until it's too late.


That doesn't have anything to do with the software platform. Any software platform is vulnerable in that respect.

Reply Parent Score: 1

PlatformAgnostic Member since:
2006-01-02

Yeah. I get the feeling that it was these Trojans that Sophos tested with. The OS doesn't really do much against those except via the Malicious Software Removal Tool, that only targets the absolutely most 'popular' malware.

It is pretty much impossible to keep trojan programs out because they don't violate the security model of the OS.

Reply Parent Score: 2

Bill Shooter of Bul Member since:
2006-07-14

Yes, but wouldn't it be better to protect yourself and your company from these attacks as much as possible?

Reply Parent Score: 2

RE[3]: Let's be more specific
by lemur2 on Tue 10th Nov 2009 22:24 in reply to "RE[2]: Let's be more specific"
lemur2 Member since:
2007-02-17

"It's probably easier to craft some trojan with "social" abilities and people will download it and use it without suspecting anything until it's too late.
That doesn't have anything to do with the software platform. Any software platform is vulnerable in that respect. "

More or less true.

There is however one desktop system available that allows one to hold to a policy of not downloading any software except via auditable channels (package managers). To hold to such a policy, all that a user has to do is refrain from supplying his/her password anywhere except for the login screen and the package manager (which is the expected norm anyway).

If one simply sticks to such a policy, then no amount of cleverness in trojans with social abilities will be able to compromise the system.

Reply Parent Score: 2