Posted on 11/03/2009 9:35:44 PM PST by Gomez
Now that we in the northern hemisphere have had some time to digest the Windows 7 hype and settle in for the coming winter, we thought we would get some more hard data regarding Windows 7 security.
On October 22nd, we settled in at SophosLabs and loaded a full release copy of Windows 7 on a clean machine. We configured it to follow the system defaults for User Account Control (UAC) and did not load any anti-virus software.
We grabbed the next 10 unique samples that arrived in the SophosLabs feed to see how well the newer, more secure version of Windows and UAC held up. Unfortunately, despite Microsoft's claims, Windows 7 disappointed just like earlier versions of Windows. The good news is that, of the freshest 10 samples that arrived, 2 would not operate correctly under Windows 7.
User Account Control did block one sample; however, its failure to block anything else just reinforces my warning prior to the Windows 7 launch that UAC's default configuration is not effective at protecting a PC from modern malware.
Lesson learned? You still need to run anti-virus on Windows 7. Microsoft, in the Microsoft Security Intelligence Report released yesterday, stated that "The infection rate of Windows Vista SP1 was 61.9 percent less than that of Windows XP SP3."
But let's not get complacent. Microsoft seems to be saying that Vista is the least ugly baby in its family. You can be sure the next report will highlight its even less ugly younger sibling, Windows 7.
Why do I say this? As of October 31st www.netmarketshare.com states that Windows Vista has a 19% market share against Windows XP's 70.5% and Windows 7's 2%. Approximately 1 in 5 Windows users is using either Vista or Windows 7. These users often have newer computers, automatic patching, and firewalls and anti-virus software in place.
With millions of hosts still infected with Conficker, ZBot and Bredo, it is obvious a lot of unprotected machines are still out there, and it is no surprise that most of those are XP.
As the chart above shows, Windows 7 users need not feel left out. They can still participate in the ZBot botnet with a side of fake anti-virus. Windows 7 is no cure for the virus blues, so be sure to bring your protection when you boot up.
I likewise happily use Windows, Mac, Linux, Unix, etc. depending on what best suits my task, and have done so for many decades. Details here if you're curious.
I don't think you mean "Mac users". Most Mac users, like most Windows and other users, are just trying to get their stuff done, and don't give a ratsass for flame wars.
I think you mean "Mac fanboys", "Windows fanboys", "Linux fanboys", etc... Each of them can be arrogant in their own way, based on their chosen platform's characteristics.
My advice is to ignore them. No need to get all worked up. ;-)
Indeed, it appears that Conficker alone has a pool of some 7 million infected computers to its name:
After One Year, Conficker Infects 7 Million Computers
Robert McMillan, IDG News Service
Friday, October 30, 2009 1:40 PM PDTThe Conficker worm has passed a dubious milestone. It has now infected more than 7 million [m] computers, security experts estimate.
On Thursday, researchers at the volunteer-run Shadowserver Foundation logged computers from more than 7 million unique IP addresses, all infected by the known variants of Conficker.
[...]
http://www.pcworld.com/businesscenter/article/181103/after_one_year_conficker_infects_7_million_computers.html
Here’s seven
Aside from Klez, other major threats affecting Linux/UNIX platforms are the Lion.worm, the OSF.8759 virus, Slapper, Scalper, Linux.Svat, and the BoxPoison virus—just to mention a few.
http://articles.techrepublic.com.com/5100-10878_11-5054187.html
And here’s the discussion on the 863 Linux viruses (as of 2006):
In a report titled “2005: *nix Malware Evolution,” the Russian antivirus software developer pointed out that the number of Linux-based malicious programs — viruses, Trojans, back-doors, exploits, and whatnot — doubled from 422 to 863.
http://www.internetnews.com/dev-news/article.php/3601946
Viruses exist on all platforms. Deny it if you chose, but no matter how far you stick your fingers in your ears, or how loud you yell “lalalalalala” there’s still malware out there targeting your OS, maybe not much, maybe it’s not effective, but it still exists.
I’m sick of their crap!
If I thought they were extolling the advantages of some infallible machine then I would certainly join them in their chorus.
And you are right, I didn’t mean all Mac users. Those comments were for the Mac elitists.
I don't deny the existence of flaws in every operating system, nor do I have my fingers in my ears. I've been doing this kind of work for 35 years, and I know the weaknesses all too well.
So perhaps you should have taken a few minutes and checked the sentences you copied from your source. They do not support your position. I asked you to name four Unix viruses/worms since 2000 that spread to at least a few thousand machines. You failed to do so.
> Here’s seven
> Aside from Klez
Klez is a Windows worm passed via email or Windows SMB (including Samba) shares. The email or samba volume may be stored in a Unix mailserver or fileserver but that doesn't make it a Unix worm -- it doesn't touch the Unix operating system. Or were you just joking??
> Lion.worm
Lion.worm is not a Unix worm, it's a Linux worm. You -do- know that they're entirely different operating systems, right? Are you joking around? From http://news.cnet.com/2100-1001-254672.html, here's a description of their "Worm of the Year":
The SANS Institute said they have had five confirmed reports of worm infections: four companies and one university. The worm ... infects only servers running Red Hat's version of Linux. "To my knowledge, no one has recorded that they have been breached by an attack. They simply noted that the worm infected them and they're looking to get rid of it," said Elias Levy, Chief Technical Officer of SecurityFocus.com.That was in 2001, so the numbers may be out of date, but I don't find evidence that anything like thousands of Linux machines were infected, much less thousands of Unix machines.
> OSF.8759
Likewise, a Linux virus, not Unix. As are the rest...
... except BoxPoison (also known as Unix/SadMind), which affected unpatched installs of Solaris 7, which was released in 1998 and replaced by Solaris 8 in 2000. C'mon. Do you really want to go there? Do you really want to drag Windows98 back out from under a rock and look at -its- security? Or how about Mac OS 8, which was current in 1998 and similarly full of holes? Perhaps I should have been more explicit and asked for four viruses that affected Unix systems released since 2000, and compared that against Windows 2K, XP, Vista, and Win7.
So you managed to name two, not four. One of which infected half a dozen systems, and the other of which infected an obsolete version of Solaris (I couldn't find any figures on how many systems were affected.)
Thank you for proving my point with regard to the Unix question.
Now, I'm going to ask you to carefully read what you wrote:
> And here’s the discussion on the 863 Linux viruses (as of 2006): In a report titled “2005: *nix Malware Evolution,” the Russian antivirus software developer pointed out that the number of Linux-based malicious programs — viruses, Trojans, back-doors, exploits, and whatnot — doubled from 422 to 863.Are you aware there's a difference between "viruses" and "whatnot"? That a Trojan that convinces the user to do something stupid is not a virus?
The thing you seem to be missing is that, now that Windows is at long last joining the ranks of operating systems that take security and robustness seriously, the virus writers are turning to "social engineering" and other "human-vector" attacks. Naturally those attacks can be made to work on stronger operating systems, because they don't attack the operating system at all! They attack the user, and co-opt the user into attacking their own operating system.
Perhaps you're thinking of the well-known "Amish Virus", which can affect Unix, Linux, Mac, Windows, and all other operating systems, which appears in an email message like this:
Of course there's malware for every consumer operating system out there -- it would be astonishing if there weren't.
Anyway, I do appreciate the link to the list of Linux malware, especially those targeting RedHat derivatives, since those are my usual distros when doing Linux. The list is not as useful as I'd hoped (I'm a System Administrator, always on the lookout for more information on such things), but every bit helps.
Thanks for sharing.
Yep, it gets to me too, sometimes.
> If I thought they were extolling the advantages of some infallible machine then I would certainly join them in their chorus.
As would I, but all systems have flaws.
> And you are right, I didn’t mean all Mac users. Those comments were for the Mac elitists.
Yep. Swordmaker has been trying to calm down the Mac fanboys, with surprising success... Now if we could only stop the Linux fanboys from calling everything that's not FOSS "evil", and the Windows fanboys from calling Mac users "gay" or worse, we'd be well on our way to enlightenment! ;-)
Of course, (and I say this as one who favors Unix) the Unix fanboys will still be there, looking at everything else in the marketplace, saying:
What? You call that an "operating system"???? THIS is an operating system!!!*sigh*
Ok, find some. So far there are ZERO self-installing, self-replicating, self-transmitting viruses for Mac OS X. That's in eight years of trying.
NAME THE MALWARE. What is it. i know you can google some Proof-of-concept virus candidates... but please tell me where these infected Macs are? I manage a large number of Macs and have yet to see even one.
The Cult of Mac is about to have an awakening.
You may think you created that sentence but we Mac users have been reading the same ten words for eight years.
Eight years, and we're still waiting... tick, tick, tick.
True... but those C64s are nowhere near the 40,000,000 OS X Macs, 99% of them running bare-assed naked on the internet...
Can't you come up with and example that is younger than 22 years???
Let's play "Name that virus." Please.
If this is true, why is YOUR experience so different from ours... we who work with Macs daily and for years in production environments. None of the Macs I'm responsible for run any AV at all. I ran my own personal Mac for over three years with the firewall turned off!
Quite frankly, I simply don't believe you. You've been challenged to put up but you haven't. instead you respond with ad hominem attacks. That shows you DON'T have any facts to back up your assertion.
The only arrogant a-hole on here seems to be you.
That's better... you're up to Jun 25, 2003, but one of the more salient of the mere EIGHT comments on this article is this one:
While pretty much everything this article says is technically true, it's presented in a way that is misleading. This article is, unfortunately, mostly the consequence of major computer security firms (such as those listed as offering antivirus solutions for Linux) beginning to spread FUD about Unix/Linux security to pad their own sales revenue in an emerging market.
Another interesting comment is this one, very familiar to OS X Mac users:
THe point is that once devlopers begin to focus their resources on Linux/Unix, then it will be as Microsoft is now. Had the tide run the other way back in the early 80's, then Linux might well be the current OS of choise AND the target of malicious folks around the world where as Windows would be sitting in the back ground calmly saying "Not to worry, I am safe"
I think the more you brag about the lack of malware written for Linux, the greater the chance is that you will attract the attention of some one who write one just for spite.
Gee, they Linux/Unix world is ALSO still waiting... tick, tick, tick
By the way, Klez was a Windows virus.
Have a great day! And enjoy your obsessive compulsive tendency to step all over all those who do not agree with you.
Hmmmm. Why didn't you include the next paragraph in your quote:
In a report titled "2005: *nix Malware Evolution," the Russian antivirus software developer pointed out that the number of Linux-based malicious programs -- viruses, Trojans, back-doors, exploits, and whatnot -- doubled from 422 to 863.
Numerically, that pales compared to the 11,000 Kaspersky found for Windows in the second half of 2005 alone.
Sure would like to know what "Whatnot" includes... I don't think I've ever seen a computer whatnot...
I’m still waiting to see that mythical open source Exchange killler.
hmmm. "Ad homonym"... That's really funny. Pardon me while I wax sarcastic.
"ad" is latin for the phrase "to the", as in ad astra, meaning "To the stars."
"homonym" means "Each of two or more words that sound the same that have different meanings and/or spellings." examples: to, too, two; there, their, they're; fair, fare; pair, pear, sole, soul; merry, marry, Mary.
So you are accusing me of using "to the words that sound the same?"
Wow! That stings. No! It really looks as if you might really know this is true about me.
I guess I will just have to plead guilty to that, too bad. That's at least two times now that I've been accused of doing something I actually really do regularly. Mon Dieu! That must be due to too much morning dew falling on my head. Mea Culpa! I'll have to start mourning my guilt tomorrow... as soon as I stop laughing.
Don't you just love it when someone steps up to demonstrate their ignorance by correcting someone who is already correct? I do.
May I suggest a good dictionary... or some Latin lessons? Here is some help for you with this well known, correctly spelled phrase "ad hominem"
Irony is such a bitch, isn't she?
Enough sarcasm.
"Whatnot" is a category used to artificially inflate a number that the author (in this case Andy Patrizio) feels is too small to warrant anybody paying attention to him.
Sort of like a penis-enlarger. ;-)
I never said they were numerically equivalent. Remember this whole discussion spawned because somebody said “other operating systems don’t seem to have this problem” and I pointed out that while the numbers vary and the level of effectiveness varies there’s malware targeted at every OS. It is a universal problem and the only thing that actually changes is the specifics.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.
