funsec mailing list archives
Re: Microsoft blames Vista insecurity on thirdparty applications
From: Blue Boar <BlueBoar () thievco com>
Date: Wed, 20 Dec 2006 15:29:04 -0800
Thanks for the links to Allchin's blog, I've been looking for it. Though, I could have guessed MS's take on it without looking. I found many articles talking about the Sophos and Allchin blog entries, all of which had no links to them (or I missed them, anyway.) Is there some prevailing editorial policy that frowns on linking to blogs? I certainly do so when writing my articles for Windows Secrets. Larry Seltzer wrote:
No, he's misrepresenting what Jim Allchin, the author of the blog entry says. What Allchin says is that while the malware in the study might technically execute on Vista it wouldn't, as a practical matter, get through to the point of executing because any decent mail client would block executable attachments, even in ZIP files, etc.
Yes, the article is taking the fact that one infection vector has been closed under very narrow circumstances, and claiming that "malware doesn't run anymore." That's what I take exception to. That's the Mac zealot view of how malware works. And yet, reading the blog... "What we found was that if you are using only the software in Windows Vista (e.g., Windows Mail and no add-on security software), then you are IMMUNE to all ten of the malware threats that Sophos cited." (CAPS emphasis mine.) I wonder where the article author got hist misguided idea? Here's the quick test: Drop the .exe on the destop and double-click it. Did you get infected? Then you're not immune. Ryan _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Microsoft blames Vista insecurity on third party applications Fergie (Dec 20)
- RE: Microsoft blames Vista insecurity on third partyapplications Blanchard_Michael (Dec 20)
- Re: Microsoft blames Vista insecurity on third party applications Blue Boar (Dec 20)
- Re: Microsoft blames Vista insecurity on third party applications Brian Loe (Dec 20)
- RE: Microsoft blames Vista insecurity on thirdparty applications Larry Seltzer (Dec 20)
- Re: Microsoft blames Vista insecurity on thirdparty applications Blue Boar (Dec 20)
- RE: Microsoft blames Vista insecurity on thirdparty applications Larry Seltzer (Dec 20)
- Re: Microsoft blames Vista insecurity on thirdparty applications Blue Boar (Dec 20)
- Re: Microsoft blames Vista insecurity on thirdparty applications Nick FitzGerald (Dec 20)
- Re: Microsoft blames Vista insecurity on thirdparty applications Blue Boar (Dec 20)
- RE: Microsoft blames Vista insecurity on thirdparty applications Nick FitzGerald (Dec 20)
- Re: Microsoft blames Vista insecurity on third party applications Brian Loe (Dec 20)
- Re: Microsoft blames Vista insecurity on third party applications Nick FitzGerald (Dec 20)