MacDailyNews - Where Mac news comes first

Should we expect anything different?

My original prediction was that the malware would be ready before the boxed copies hit the shelves. Looks like I was off by 2 months. (Boxed copies are supposed to be available by Jan 30)

"Windows Mail Client -- the Vista replacement to Outlook -- will block the worms, but businesses running third-party e-mail clients such as Lotus Notes, or that permit Web-based mail such as Yahoo or Gmail, could be vulnerable."

Is Micro$oft throwing their weight around or what? There's works, others don't (on purpose).

How much does a Windows Mail Client license cost?

I love my Mac!

MDN: Laugh. Out. Loud. Take. Amazing.

Duh, if they were going to build a secure OS, they wouldn't have called it Windows. After all, it's just no Windows without swiss cheese security.

Not. A. F*cking. Surprise. To. Anyone. With. Any. Sense.

It's worse than "on the first day of release."

These are not new malware problem. These are old vulnerabilities. I think Mac OS X is more secure (not because of the "safety through obscurity" myth, but ) because Microsoft Windows is an infinitely easier target for the hackers of the world.

Oh. Emm. Gee.

-c

MW: 'methods' (speak louder than plans)

Should we warn the Allchin Kid?

Can you DIGG it! Can you DIGG it! Can you DIGG it!

- The Warriors

Absolutely false. This article is simply fear mongering from security software manufacturers and the Apple elite who are cowering in fear of Microsoft's mighty Vista. There are NO flaws in the Vista kernel. Let me repeat this with the hope that maybe one or two of you Mac fanboys gets it: There are NO flaws in the Vista kernel.

Maybe that 30-year old cobbled together OS X needs to weighted down with antivirus, firewalls, patches and spyware detection systems, but not Vista. Unlike you-know-who in Cupertino Microsoft doesn't rush products out to market. Vista is safe. Why do you think Microsoft says they're "people ready"? Companies don't say stuff like that unless it's true.

The Zune is another excellent example of Microsoft's approach which is quality, design and the end user experience. Hey Apple, you might want to try one of those approaches next time you copy Microsoft.

Your potential. Our passion.

Zune Tang -

Its a good thing that Vista doesn't need any of those security programs:

http://www.zdnet.com.au/news/software/soa/Most_security_tools_not_quite_ready_for_Vista/0,130061733,339272507,00.htm

BTW, I find it highly amusing that the number of known vulnerabilities (3) out-number the number of working AV products (McAfee and MS = 2)

Zune. Tang. Shut. Up.

Oops, I meant exploits, not vulnerabilities. Who knows how many vulnerabilities there might be?

The Titanic is NOT sinking. I repeat the Titanic is not sinking. The manufacturer had stated clearly that it is an iceberg proof ship.

So go back to your cubicles and rest assured that Windows in NOT sinking.

Blub ... blub ... blub .........

Zune Tang.....!?!?!?!?!
Where are you? What planet are you on?
"Unlike you-know-who in Cupertino Microsoft doesn't rush products out to market." Rush out product? the last update to Apple's OS was over 2 years ago. Meanwhile Microsoft has admitted that they had to completely scrap "Longhorn" and start all over. Please know what you are talking about befor you go spewing all over Mac sites.
"Companies don't say stuff like that unless it's true." How old are you? 12?
Don't worry, I am not offended. I am just thrilled to have had such a great laugh today!
Thanks Zune Tang!!!

Zune Tang likes to dabble in the art of satire. He/she is really quite good at it.

So just how long will it take an unprotected Windows Vista system to get infected with virus and spyware? And running all the regular application like a browser, mail, Office, etc... Regular daily stuff. And connected to the internet.

And before the Windows folks get up and arms about not having any extra virus protection on the Windows box - That is how most Macs run - and not a virus or spy ware yet.

1 hour? 1 half hour? 1 minute?

Pfft. Who cares. I got a Mac.

"Should we warn the Allchin Kid?"

I *just about* blew milk all over my keyboard. bwahahahahaha!!

-c

MW: 'last' (in line, may never come home)

I opened the windows and influenza.

Lets face it, Microsoft is the bung hole of technology as we know it. They may have market share, but that just scares me. How many ignorant people there must be in the world. For all of the reluctant PC users out there, it is not so scary to switch to mac. It is very scary not to.

Zune Tang,

Why the FSCK are you even leaving messages on this site when you are fscking clueless? Your comments are useless, inaccurate and above all, plain stupid. You're living in the bung hole that is Microsoft.

Zune Tang, great at satire? Now that's a laugh. If Tang is as droll as he imagines himself to be, he wouldn't have to keep repeating the same material. I think that Tang should change his name to Tedium.

What is the least secure area of your home? The doors & windows --- that is where someone breaks in. Vista is single pane glass that can be shattered by nearly any small stone on the sidewalk, OSX is a thick brick wall --- you might get through but it will take you a long time. During tornados, hurricanes or earthquakes you don't hang out near the windows. Windows.... just not safe & secure.

Zune Tang,

We know you're trying to be funny, but you sound like a parody of an indoctrinated Nazi parroting his Fuhrer. Does your MDN persona believe Vista and Zune are the start of MS's Thousand Year Reich?

As for Vista, it's VERY BAD NEWS that MS's shiny, "all-new", Holy Grail OS is vulnerable to old hacks right out of the box. In short, OMFG. It's pretty solid proof of what little has changed under the hood.

Did the Vista team really accomplish anything besides resource-hogging UI effects for XP?

Yeah, at first I found Zune Tang refreshingly funny and clever, ... but the whole show is starting to wear a little thin now. So, Zune Tang - whoever you are - it's getting old. There IS such a thing as sticking with a joke too long. Not funny now, not clever now, boring.

I just skip over his posts.

Microsoft's security can be summed up in one word-
shockinglycrappy

Just behind the Zune, Vista goes plop, into the porcelain bowl and will follow the former as it swirls its way towards another Microsoft disaster.

If Vista is seen by corporations as a security risk, Mac OS X and Linux will squeeze Windows to death over the next few years.

Die Microsoft, die!

MW: blood, as in: Microsoft's blood on Apple's mouse.

"Microsoft's security can be summed up in one word-"

Horrific. Craptacular. Pathetic.

I can't just stop with one word.

Of course, all the little MacDaily trolls ignore the real facts:
(1) this collection of malware requires user execution (i.e., no auto-exection), as I far as I can see.
(2) The Windows Mail client successfully blocks the files, whereas the third party softwares are not set up to block them. That is, if there are any "vulnerabilities," they're in the third-party software.

Further, this ignores the larger issue, conveniently unmentioned by Sophos:
(3) Does Vista's UAC (User Account Control) feature come into play during execution of these programs? I.e., do they need 'Admin' permissions to run successfully?

The fact that programs written for pre-Vista versions of Windows run on Vista is rather obvious. I'd mark this as hype created by a very scared anti-malware software provider.

Y'all need to learn to think for yourselves.

Good luck!

Wow, so Truthfully speaking, OSX allows third-party software to be vulnerable? Or is that a Windows thing?
Am I phrasing that right?

1) Yes, but we're just getting started.

2) The Windows Mail Client blocks the files because of the multiple extensions, but it is a flaw in the Window OS that allows the files to be disguised in the first place.

3. UAC doesn't enter into it, based on your first statement (user will execute the file).

I think the software vendor is doing a service, because of Jim Allchin's earlier statements, some users might think they don't need AV software with Vista. They would be wrong. Even Allchin went back and clarified this later, but some people may think Vista is ok without AV software (e.g. Allchin's 7 year old son).

Please draw your own conclusions on the ramifications of this:

The annual report by the U.S.-China Economic and Security Review Commission, released Nov. 16, stated that there are "clear examples of computer network penetrations coming from China," including those linked to Titan Rain.
The report said the Chinese military has "information warfare units [that] are developing viruses to harm the computer systems of its enemies."

http://www.washtimes.com/national/20061130-103049-5042r_page2.htm

Even "satire" has word "tire" in it. And I think some are beginning to "tire" of Zune Tang's musings.

Then again, the reactions to Tang's inanities with regard to our favorite Redmond target has clearly been the next turn of the screw - some of the knee-jerk outrage has been pretty funny, too. Just because it's so blatantly vitriolic without context.

MDN's pet troll is still going strong!

(Those of you who remember can be glad Sputnik has finally burned out in the atmosphere.)

Zune Tang, it's refreshing to hear your Voice of Reason™.
I always get a good laugh, a chill down my spine or the combo effect.

So folks, I believe that the clueless ones are those who take Zune Tang seriously. ZT uses irony and sarcasm brilliantly. He's the Stephen Colbert of MDN!

Check out this site for similar chuckles:
http://demotivators.com/

MDN Magic Word: i have a FEELING that some folks are levity challenged around here.

Here's some truth:

I searched Sophos for "mac exploits" and read the 2 pages.

http://www.sophos.com/search/search-results/?product_search=site_search;search=mac exploits;action=search&page=0&advanced;=


I did the same for "windows exploits" but didn't have the time to read all 232 pages.

http://www.sophos.com/search/search-results/?search=windows+exploits&product_search=0&submit;.x=14&submit;.y=7&action=search

@Mr. Reese
"So folks, I believe that the clueless ones are those who take Zune Tang seriously. ZT uses irony and sarcasm brilliantly. He's the Stephen Colbert of MDN!"

Yeah, well, I'm sick of Colbert's schtick too.

Hey Ferf Muckmeyer, F*CK YOU! ZT is f-ing hilarious and his wit can't be matched so take the huge stick out of your ass and chew on it, then sit back and enjoy the humour in ZT's posts. Eat sh*t you douchebag.

MDN: quality, as in zune tang's comments are of the highest quality

Mm, I see my points were largely dismissed out-of-hand. I'll address some of the responses below.

Keep in mind, security is a function of the user AND the OS. An OS can only prevent so much before the user must accept responsibility for his own actions.

1.) "UAC is not a factor"
If you dismiss UAC, you also dismiss OS X's Admin prompts (and similar Linux features [read: sudo]) as a form of 'security' and/or protection. UAC and OS X's security prompts add more hoops for the user to jump through before the security of the system is compromised entirely.

2.) Multiple file extensions:
Yes, this is a weakness. However, I believe Microsoft introduced APIs in XP SP2 to allow third party software to detect and block it as well. This issue addressed by sophos is, from what I can tell, almost exclusive to online email such as gmail. This means the following, assuming Vista's UAC is activated by the malware:
a. The user must download the file
b. The user must attempt to execute the file
c. The user must choose to allow the program to elevate to the admin-level when UAC comes up.

What more can Windows, OS X or Linux do to protect user data (i.e., the only thing of value)?

3.) " OSX allows third-party software to be vulnerable? "
What does this even mean? Yes, it does. There is no mechanism in OS X that prevents mallicious software from being executed by the user or written by a developer with mallicious intent.

For people interested in a somewhat lower-level analysis of Vista versus XP, I suggest you read up on Micrsoft's Secure Development Lifecyle and watch the most recent videos at http://channel9.msdn.com/ and blogs such as http://blogs.msdn.com/michael_howard/ . There's also some decent whitepapers around.

Only time will tell if the work done in Vista will decrease malware prevalence, but it's fairly obvious that Sophos is creating something from nothing in this instance. The worst thing to happen to malware companies is Microsoft's new found commitment to security. If you believe them incapable, look at the results obtained in SQL Server 2005 and IIS6. Perfect? Of course not. Vastly superior security compared to previous versions? Decide for yourself.


Here's FSecure's opinion on Sophos article:
http://www.pcworld.com/article/id,128050-c,vistalonghorn/article.html

Quote:
"New Security Measures Work, Says F-Secure
Additional Vista security mechanisms should protect users, said Mikko Hypponen, chief research officer at F-Secure. If a customer opens an infected malware file, Vista would warn and question the user before allowing the malware to wreak havoc. "These particular examples of malware probably wouldn't still be able to successfully infect the machine unless the user specifically allows it," he wrote in an e-mail exchange."

Good luck!

I love The Zune Thing. Er, I mean, Zune Thang.

Hi guys...
just a small advice: IGNORE Zune Tang.....he 's just here to piss us off, so don't give any comment to his brainfarts...

MacB, NL

RE: dogfrined & Malware numbers.

Is that really the best argument you have?

Vista's higher-profile security additions include:
1.) Protected Mode IE
2.) UAC
3.) Service hardening
4.) ASLR

If you're unfamiliar with any of these, I suggest, again, that you do some research. Vista has the potential to be quite secure. Time will tell.

The important debate issues relative to the malware amount would be:
1.) How many of these require user execution? (Read: social engineering)
2.) How many exploit vulnerabilities in Windows (e.g. WMF exploits, Blaster)
2a.) How many were zero-day vulnerabilities? (Patch not available prior to exploit)
And so forth.
3.) How many hoops must pre-existing malware jump through to execute successfully on Vista?
4.) What role does security-through-obscurity play for OS X and for Vista (during the initial years)?

It's clear this is not an appropriate venue for such a discussion. I'll leave you to consider the importance of such questions.

There is an astounding lack of irony perception here. What the fsck is the matter with you people?

To Zune Tang:
Keep up the good work, mate! You make my day.

not surprised, and Jim Allchin said what?

Whatever, Steve Ballmer will just love the timing of this statement/news..

Zune Tang hits another home run. I, too, think he/she is an excellent satirest - playing the Baghdad Bob for Microsoft. Keep 'em up, they make my day.

RE: The Truth

I don't the technical aspects of software security to either refute or support what you say. However, I do know a little about decision making. If I were making a choice between the 2 systems using history and trend as the criteria I'd choose Mac. Perhaps the trend for MS's security measures for Windows is getting better, but as you said only time will tell. I also do believe the Mac obscurity theory is false. Any hacker worth his salt knows the assertions of Mac fans and the security record of Macs. That would make Macs a challenge in it self, it would be worth if for a competant hacker/virus writer to take on OSX just to monkey stomp on a shit ton of Mac fans.

I think you'd have to agree.

Windows of Opportunity...

Such an appropriate branding!