Linked by Thom Holwerda on Tue 10th Nov 2009 09:31 UTC
Windows Last week, security vendor Sophos published a blog post in which it said that Windows 7 was vulnerable to 8 our of 10 of the most common viruses. Microsoft has responded to these test results, which are a classic case of "scare 'm and they'll fall in line".
Thread beginning with comment 394196
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[5]: Comment by simon17
by lemur2 on Thu 12th Nov 2009 01:44 UTC in reply to "RE[4]: Comment by simon17"
lemur2
Member since:
2007-02-17

"A script running in the web browser, outlook or the IM client, sent to the machine from some random on the net.
All operating systems are vulnerable to remote code execution bugs. In fact, the most recent serious vulnerability of this nature was a bug in the Java browser plugin and it affected all platforms. "

The point is that the many many thousands of malware payloads that could use such an exploit are virtually all Windows executables.

"An autostart script on a USB stick that was picked up when that stick was in another machine somewhwere (say, at the library, or at the photo print shop, or at the kids school).
Autorun on a USB stick was a brain dead idea and has finally been removed in Windows 7. "

Thank goodness. Why did it take Microsoft years to do that?

"Any hostile person who has unattended physical access to the machine for a few moments while it is logged on.
All operating systems are vulnerable to this. "

Nope. On secure systems, such a hostile person would require knowledge of a password in order to be able to elevate priveledges. On Windows 7, all that the same hostile person would have to do is click on 'allow'.

Reply Parent Score: 2

RE[6]: Comment by simon17
by PlatformAgnostic on Thu 12th Nov 2009 09:21 in reply to "RE[5]: Comment by simon17"
PlatformAgnostic Member since:
2006-01-02

Not true. There are several attacks one could perform on a logged on system to gain full privilege later on by fooling the user into giving up his password. Depending on path settings, or specifics of the environment, you can create a script/program that masquerades as a legitimate higher privileged application and takes control next time the user performs that activity.

Maybe there are some mitigations already in the Linux environment that I don't know about. Do the DEs in some way protect shortcuts to important apps from tampering (e.g. the launcher icon for the package manager)? Is the path in the shell always ordered so that privileged directories come before unprivileged ones? Is there no way for a malicious program to reorder the path once it is established, or launch a sub-shell later on with a reordered path?

Reply Parent Score: 2

RE[6]: Comment by simon17
by cb_osn on Thu 12th Nov 2009 09:31 in reply to "RE[5]: Comment by simon17"
cb_osn Member since:
2006-02-26

The point is that the many many thousands of malware payloads that could use such an exploit are virtually all Windows executables.

That's irrelevant. All it takes is one. Over many years of using different operating systems, the only machine I've ever had taken over remotely without any action on my part whatsoever was a Red Hat 9 box. The attacker had tampered with the PAM configuration, replaced /bin/login, and had about a dozen new accounts running IRC bots. I found evidence of one of those little script kiddie rootkit packages that you can download just about anywhere. This is not an attempt to damn Linux. The whole event was completely my fault for not keeping the system "up2date". The point is that hostile code exists for all platforms.

Remote code execution and privilege escalation exploits are becoming increasingly rare across the board these days anyway.

Thank goodness. Why did it take Microsoft years to do that?

I assume it has something to do with the behemoth size of the company.

Nope. On secure systems, such a hostile person would require knowledge of a password in order to be able to elevate priveledges. On Windows 7, all that the same hostile person would have to do is click on 'allow'.

Given physical access to any machine without encrypted volumes, it is trivial for anyone with a moderate level of skill to install whatever they want on it.

Reply Parent Score: 2