Linked by David Adams on Fri 26th Mar 2010 15:47 UTC
Privacy, Security, Encryption For the first time security researchers have spotted a type of malicious software that overwrites update functions for other applications, which could pose additional long-term risks for users. The malware, which infects Windows computers, masks itself as an updater for Adobe Systems' products and other software such as Java, wrote Nguyen Cong Cuong, an analyst with Bach Khoa Internetwork Security (BKIS), a Vietnamese security company, on its blog.
Thread beginning with comment 415397
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: I knew it!
by OSNevvs on Fri 26th Mar 2010 19:26 UTC in reply to "I knew it!"
OSNevvs
Member since:
2009-08-20

there's one thing Microsoft did get right: User Account Control.


It's not that good actually. I know some computer-illiterate co-workers and friends who actually always click ok, not knowing why they're asked to click. They find the UAC annoying and as soon as they see the prompt, they click nervously, just to get rid of the nag ASAP.

it was the one for unsigned apps (the one with yellow background and the Allow button) instead of the one for signed apps (the one with green background and Continue button.)


Even I wasn't aware of this color detail. I guess most illiterate folks out there in companies, where they only use the computer once in a while, don't know about this stuff.

If you don't keep your security tools and if you click on Allow or Continue without reading carefully those pesky UAC dialogs, then you are definitely the one to blame, not Windows, when your PC gets screwed by malware.


I agree. Many people, actually most computer-illiterate people keep their antivirus out-of-date with the "Warning" message in the system tray. Same for browser updates, Adobe Flash updates and Windows updates left aside or even canceled. Just because people don't want to bother and/or because they don't want to be annoyed. They also think there's nothing dangerous about it, they don't know about botnets, computer zombies, spambots, etc...

Reply Parent Score: 1

RE[2]: I knew it!
by nt_jerkface on Fri 26th Mar 2010 19:53 in reply to "RE: I knew it!"
nt_jerkface Member since:
2009-08-26

It's not that good actually. I know some computer-illiterate co-workers and friends who actually always click ok, not knowing why they're asked to click. They find the UAC annoying and as soon as they see the prompt, they click nervously, just to get rid of the nag ASAP.


Yes that's the dancing pigs problem but UAC is still a valuable improvement. When they click on something in their email they at least get a warning that something wants to change the system. It also gives them a second chance if they clicked on it by accident. XP put too much trust in the user and assumed all system changes were intentional.


I agree. Many people, actually most computer-illiterate people keep their antivirus out-of-date with the "Warning" message in the system tray. Same for browser updates, Adobe Flash updates and Windows updates left aside or even canceled.


That is why defender exists, so they at least have a basic scanner that removes some the nastier stuff. Windows7/Vista really do cut down the malware for problem users which is why general use of XP should be discouraged. A lot of those old XP machines are being used for botnets and other forms of criminal activity.

Reply Parent Score: 2

RE[3]: I knew it!
by darknexus on Sat 27th Mar 2010 02:27 in reply to "RE[2]: I knew it!"
darknexus Member since:
2008-07-15

Nice theory, but Defender's definition updates come via Windows Update... which, as was already stated previously and I can vouch from experience is true with the average public, is ignored as thoroughly as they ignore their Antivirus. Defender doesn't help that much. Personally I'd think the way to go is to silently update Defender as Google does with Chrome, but if Microsoft did that I'm sure the EU would jump on them for not providing an Antivirus ballot or something equally as stupid. That's Microsoft: Damned if they do and damned if they don't. I'd feel sorry for them if their own practices hadn't landed them in this spot.

Reply Parent Score: 2