Linked by Thom Holwerda on Tue 10th Nov 2009 09:31 UTC
Windows Last week, security vendor Sophos published a blog post in which it said that Windows 7 was vulnerable to 8 our of 10 of the most common viruses. Microsoft has responded to these test results, which are a classic case of "scare 'm and they'll fall in line".
Thread beginning with comment 394127
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: Comment by simon17
by lemur2 on Wed 11th Nov 2009 22:22 UTC in reply to "RE[2]: Comment by simon17"
lemur2
Member since:
2007-02-17

If he doesn't have malicious software running to begin with, who else but the user could possibly issue the 'click' that starts up a trojan?


A script running in the web browser, outlook or the IM client, sent to the machine from some random on the net.

An autostart script on a USB stick that was picked up when that stick was in another machine somewhwere (say, at the library, or at the photo print shop, or at the kids school).

Any hostile person who has unattended physical access to the machine for a few moments while it is logged on.

Edited 2009-11-11 22:26 UTC

Reply Parent Score: 2

RE[4]: Comment by simon17
by cb_osn on Thu 12th Nov 2009 00:02 in reply to "RE[3]: Comment by simon17"
cb_osn Member since:
2006-02-26

A script running in the web browser, outlook or the IM client, sent to the machine from some random on the net.

All operating systems are vulnerable to remote code execution bugs. In fact, the most recent serious vulnerability of this nature was a bug in the Java browser plugin and it affected all platforms.

An autostart script on a USB stick that was picked up when that stick was in another machine somewhwere (say, at the library, or at the photo print shop, or at the kids school).

Autorun on a USB stick was a brain dead idea and has finally been removed in Windows 7.

Any hostile person who has unattended physical access to the machine for a few moments while it is logged on.

All operating systems are vulnerable to this.

Reply Parent Score: 2

RE[5]: Comment by simon17
by lemur2 on Thu 12th Nov 2009 01:44 in reply to "RE[4]: Comment by simon17"
lemur2 Member since:
2007-02-17

"A script running in the web browser, outlook or the IM client, sent to the machine from some random on the net.
All operating systems are vulnerable to remote code execution bugs. In fact, the most recent serious vulnerability of this nature was a bug in the Java browser plugin and it affected all platforms. "

The point is that the many many thousands of malware payloads that could use such an exploit are virtually all Windows executables.

"An autostart script on a USB stick that was picked up when that stick was in another machine somewhwere (say, at the library, or at the photo print shop, or at the kids school).
Autorun on a USB stick was a brain dead idea and has finally been removed in Windows 7. "

Thank goodness. Why did it take Microsoft years to do that?

"Any hostile person who has unattended physical access to the machine for a few moments while it is logged on.
All operating systems are vulnerable to this. "

Nope. On secure systems, such a hostile person would require knowledge of a password in order to be able to elevate priveledges. On Windows 7, all that the same hostile person would have to do is click on 'allow'.

Reply Parent Score: 2