funsec mailing list archives
RE: Microsoft blames Vista insecurity on thirdparty applicati ons
From: "Fergie" <fergdawg () netzero net>
Date: Thu, 21 Dec 2006 00:47:34 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- Larry Seltzer <Larry () larryseltzer com> wrote:
Here's the quick test: Drop the .exe on the destop and double-click
it.
Did you get infected? Then you're not immune. How did you get the executable? That's the point Allchin is making. The usual vector is e-mail and any Microsoft e-mail client for the last 5+ years blocks them by default. (Web mail is very popular now, but all the major ones are AV-scanned.) As Nick pointed out, there are other potential vectors for this malware, open shares and stuff like that. I suspect these are much harder to get through in Vista than in XP, even SP2. It would be interesting to gather a good collection of the vectors actually in use and compare their status in Vista to previous versions. I'll start talking to vendors about it.
The real issue here is what happens when someone clicks on an embedded link in an e-mail (given the webmail example you give above) that is a malware executable -- this has become an enormous problem lately. - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.2 (Build 4075) wj8DBQFFidmfq1pz9mNUZTMRAlXgAKCdJZ7kX+oOXsoKdISPooVtdhILnwCeOhJW gKZlYoPwk2GtfyXy96J8mU8= =Torz -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: Microsoft blames Vista insecurity on thirdparty applicati ons Fergie (Dec 20)