Win 7's Malware Infection Rate Climbs, XP's Falls

BogenDorpher writes "Microsoft released data today showcasing that Windows 7's malware infection rate has climbed by more than 30% during the second half of 2010, while the infection rate for Windows XP has dropped by more than 20%."

And this is a surprise?

[black6host]

What would one expect as usage of XP decreases and Win7 increases?

Re:And this is a surprise?

[Khoa]

What would one expect as usage of XP decreases and Win7 increases?

The changing usage rate between the two OS's is controlled for. FTFA: It's infection rate per 1000 machines.

Re:And this is a surprise?

[John Hasler]

The changing usage rate will also drive malware authors to concentrate on Win7.

Re:

[Dthief]

yes, but fewer are making malware for XP, because of the lower usage and move to Vista & 7 so although the numbers are normalized, the obvious trend of people focusing on the more popular versions to infect is exactly what one would expect "as usage of XP decreases and Win7 increases"

Re:

[fuzzyfuzzyfungus]

Depends on how OS agnostic the malware is: For basic trojan/social engineering style stuff, I would tend to expect that anything designed to work with 7's somewhat tighter security structure would also work with XP. Only for things that require exploits specific to particular versions would a focus on 7 be directly protective of XP.

I suspect that the fact that 7 now means "home user" while XP is increasingly the domain of control-freak corporates has a lot to do with it.

In other news, Model-T fords

[unassimilatible]

have less accidents than Honda Accords, per 1000 vehicles. Hmm....

Re:

[rhook]

If you read the article you will see the XP has 14 infections per 1000 machines while Windows 7 only has 4 infections per 1000 machines.

Re:

[cpu6502]

If this keeps-up my WinXP computer will actually be *safer* than the my recent Win7 purchase.

Of course the safest OS I own is GEOS-64. No viruses whatsoever on 8 bit machines! And the second-safest is the 64-bit AmigaOS (because very few use it). Looks like XP is headed down the path of security through obscurity.

Re:

[Luckyo]

Point is that much if not most of modern malware is done in the name of profit. As a result, the higher installed base goes, the more effort will be done to infect the machines.

In this regard, both absolute amount and amount proportional to total installed base should shift towards w7, as has happened.

Re:And this is a surprise?

[Missing.Matter]

While the article says that the number of Win7 infections have gone up while the number of WinXP infections has gone down, the infection rate on XP is still higher at 14 per 1000 compared to 4 per 1000 in Win7.

Re:

[HermMunster]

Only insofar as the users have agreed to report their infection to Microsoft.

And, if 4 in 1000 is the measure I have had x out of thousands in my shop of late.

Re:And this is a surprise?

[sortius_nod]

Corperate environments are usually controlled and less likely to get malware.

That's not true at all. Having worked support in various corporations I can assure you that the infection rate is still very high. I remember working for a large bank and they had conficker on 1500 servers and 20000 workstations. This is supposed to be a sterile environment as it's a bank, not so. Where you have staff who aren't exactly computer literate you will have large infection rates.

Re:

[Labcoat Samurai]

less likely

That's not true at all. [...]the infection rate is still very high.

So... minor nitpick, but he didn't say it wasn't high, he said it wasn't *as* high. Are you saying that the infection rate is equivalent? I mean, by pure virtue of people looking at more porn on their home computers than work computers, I'd expect it to be lower, even if you don't account for security and firewalls and whatnot that are erected as IT practices.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Mordok-DestroyerOfWo]

A drunk driver smashing his car whether it be a Pinto (XP), a Gremlin (Vista), or a Toyota (7) is still at fault even if the basic design of the car may lead to more serious consequences. There is no service pack for sheer idiocy and short of a walled garden stupid people will always find a way to get themselves infected.

Re:And this is a surprise?

[TheCouchPotatoFamine]

This is nonsensical. But to extend your analogy, it's as if microsoft's vehicle has no brakes. nothing to stop the user from smashing into anything after they've touched the gas. You act like it's just perfectly normal that drive-by downloads from IE aren't avoidable by a bit of proper engineering from the "car maker".

While it's possible for user to be misguided, the majority of errors come from the computer being complicit in allowing bad actions to happen merely so that a fringe of "convenience" can let users operate without having to remember their passwords, for instance.

Marketing wins over engineering, and THAT'S why you have crap OS's and apps that have exploits attached, like burrs. Walled gardens from single corporations aside, communities SHOULD run app-repositories of trusted code and that's obvious. Bad engineering, both technical and social...

Re:

[smash]

Give them root access / log them in as root for a fair comparison to the typical windows user's setup and see how long that lasts.

Re:

[colinrichardday]

But perhaps part of the point is that his parents don't need root access in Ubuntu. Perhaps you should disallow root access for the average Windows user to achieve a fair comparison.

Re:

[smash]

I don't give 80% of my windows users admin access. I don't have a high volume of machines getting owned. Unfortunately Windows' results are skewed by the fact that it is the most common home user operating system (i.e., the non-technical end user is also the administrator, and logged in as such) by at least an order of magnitude.

Re:And this is a surprise?

[smash]

There's no reason codecs (or ANY SOFTWARE) installed on linux or any other OS can't own the user's data or operating system either.

There are three ways people get owned: remote exploits (count the number on 7 vs linux in the past 2 years - they're not so far apart), application exploits (again, count em) and user stupidity (no solution, other than sandboxing the user to contain the damage).

Even with a sandboxed app, it still has access to all of the data you have in the sandbox. If you've downloaded and installed a "virus scanner" and enabled it to access your entire filesystem, you're fucked.

Re:

[Runaway1956]

*sigh*

Instead of "codec" in the above post, use "singing dancing ponies". The idea is, a codec was presented to the user as a necessary component for something he wanted to see or hear. The fact is, the codec itself was malware. And, the clueless consumer agrees to installation, and clicks through all of the OS's warnings about unsafe, unsigned, unauthorized, unwarranted, unwanted, unfit bullshit.

Yes, a codec with privileges WILL own a Mac, a Linux, a BSD, a Unix, or any other box.

But, few of us grant pr

Re:

[smash]

What's your point? Thats basically what i suggested. If you run as root on a linux or bsd box (not suggested, neither is running as admin on windows), you're going to eventually get tripped up. At least windows uses code signing, I'm not aware of Linux perfoming any code signing checks on binaries that an end user downloads from their web browser before enabling them to run it.

Re:

[Runaway1956]

My point was, Windows users routinely run as Admin and grant Admin rights to anything that asks. Few Linux users run as root, and those seem to be a little more careful about the things they install and run.

"trusted source" in my distro of Linux means that the repository itself has a signed key, which I trust. With three exceptions, my machine does indeed have "signed" code. The exceptions came from sources that I've learned to trust over the years.

Random example here: https://help.ubuntu.com/community [ubuntu.com]

Re:

[Runaway1956]

"In the jungle at night and you can hear the predators circling alone. ..."

Ah-ha-ha! Big belly laugh. You poor sod - you don't realize that you are NOT alone. All those XP and Win7 users without a clue are your fellow tribesmen! The predator isn't circling - he's crunching the bones of your tribesmen!! And, when the food runs out, and you're the only target left, rather than the toughest target, he'll be coming after you!

That's one good reason for using Linux, I guess. All the Windows tribe will be co

Re:And this is a surprise?

[rhook]

Windows Vista/7 are already known to be much more secure than MacOS.

http://blogs.computerworld.com/15605/hacker_pwn2own_organizer_windows_7_is_safer_than_snow_leopard [computerworld.com]

http://www.pcworld.com/article/189760/hacking_impresario_windows_safer_than_mac.html [pcworld.com]

http://news.cnet.com/8301-27080_3-10444561-245.html [cnet.com]

Re:

[rhook]

Any time you write an exploit it is a targeted attack.

Re:And this is a surprise?

[smash]

Yes, sure. However my point is that both machines were specifically targeted (i.e., here's a mac, here's a windows box, try and own them both - at a hacking convention). In the real world, the market share of OS X is not worth bothering with, when you can get 85-90% of desktops by targeting windows. The effort expended is not worth the potential return.

Thus, although in theory, on the test bench windows is more secure - in reality, there are a lot more Windows boxes getting owned, simply because the volume of expoits out there being developed, and the prevelance of them on the internet is much greater.

Look, i'm not disagreeing with the results you presented. I'm merely suggesting that in the real world you're a lot less likely to stumble across a trojan/exploit for your OS X box, because Windows is the focus of so much more exploit development.

Ditto for those still running, say Windows 98 or OS/2. No one codes exploits for it any more because its market share is so close to zero - yet its architectures is FAR less secure than Windows XP or 7.

Re:

[rhook]

Security through obscurity is nothing more than an illusion.

Re:And this is a surprise?

[somersault]

Security through obscurity is nothing more than an illusion.

I always find this funny. Passwords, PINs, encryption/decryption keys, hardware tokens etc are all just forms of security through obscurity, too.. they just are a bit more obscure than running an an obscure OS when you use combinations of them, or pick a really good random password, etc.

Re:

[smash]

he day you guys come up with something apart from "Blame the operator" is the day Microsoft has a chance of making a secure OS.

If you're running as a non-admin with UAC and firewall on, win7 is as secure as anything else.

If you're the type of person who sees "free shit" (trojans) and runs to install them because they're free, you're going to get owned irrespective of what you run. Linux (or OS X for that matter) doesn't get this type of infection yet because it isn't targeted in this manner yet.

Re:

[clang_jangle]

The day you guys come up with something apart from "Blame the operator" is the day Microsoft has a chance of making a secure OS.

I don't care much for Microsoft, but there is no such thing as a secure OS. Users can be secure of they know what they need to know, but no OS is "secure" in the hands of the average user. Sad but true...

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[CastrTroy]

I got a feature. Multiple Desktops. Unix/Linux has had this feature for longer than I can recall. I wish Windows would support this natively. No, none of the current hacks that provide similar functionality work as well as the same features on Linux.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[colinrichardday]

We Windows users DO NOT WANT and have no desire for alt tabbing all over the damned place.

So who has to alt tab? I have a small display of my 12 desktops. I can see which ones are running emacs, firefox, or a terminal.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[drsmithy]

What would one expect as usage of XP decreases and Win7 increases?

The commonly accepted "wisdom" on Slashdot is that marketshare is irrelevant. Ergo, infection rates should not change.

Re:

[erroneus]

The infection rate depends on targeting the gullible. I'm just going to say it directly because it's the simple truth. As more users change operating systems, the target changes to follow them.

Especially of late, malware targets the users more than it targets machines with particular OSes.

I think it is just about time that people give a rest to the "which is more secure" debate...at least not where malware is concerned. Malware doesn't need root or administrator to do damage -- it just needs to run. Per

Re:

[drsmithy]

Microsoft's kernels simply aren't built right to take advantage of i386 as illustrated by the device driver model.

Huh ?

Re:

[erroneus]

Drivers running at ring-0 is not necessary. A device driver with complete access to the kernel is not necessary and frequently causes problems when they misbehave. In the early days, programmers used to bypass the BIOS by writing directly to the hardware for better performance. But by breaking the rules, they cursed the environment preventing good evolution in development. But when the i386 came into being, the promise of a good evolution was renewed. But then Microsoft went and spoiled it by making dr

Re:

[man_of_mr_e]

You do realize that both Apple and Linux run device drivers in Ring 0 as well, right?

Re:

[RobertM1968]

Microsoft's kernels simply aren't built right to take advantage of i386 as illustrated by the device driver model.

Huh ?

He's correct. The only "mainstream" (past/present) OS that actually utilized the CPU's protection levels to any decent extent was OS/2 - which is also why it was a bitch to run in numerous virtual machines (most notably due to poor virtual Ring 2 support). And in reality, Microsoft glomming a whole bunch of things into Ring 0 is a step backwards.

Re:

[Confusador]

The commonly accepted Wisdom is that marketshare is not the most important factor. So, for example, if a more secure OS became more popular than a less secure OS, it would be more targeted, but still safer than the other. Like how XP went down but is still at .18%, and 7 went up but is only at .04%, for example.

(Does anyone else feel like those numbers are ludicrously low?)

Re:

[HermMunster]

Win7 was supposed to be something that had technologies at the heart of it to protect users. Serious protection. I've seen a spike in my shop of Win7 infections, especially 64bit. And, on top of that these guys have been owning the machines, literally taking over and disabling the whole puzzle in order to stay active on the computer. It's really amazing.

Win7 has been owned by these malware authors and I only expect it to get worse. Getting rid of the malware always leaves damage, such as disabled featu

Re:

[kevinmenzel]

You're assuming that the OS is the biggest hole. It's not. The USER is. No amount of protection will stop malware instalation that the user initiates. If they want to see that video their friend posted on facebook of Osama being shot, they damn well will do whatever they need to. What's that? New video codecs are needed? OK download this, install as admin... Do you seriously think the same thing couldn't happen on Linux? Or OSX? "You must download this file and type sudo blah blah blah at the console..." S

Re:

[oakgrove]

couldn't happen on Linux? Or OSX?

Seems to me the exploit writers would have a much harder time if the market was split between a half dozen linux distros, windows, os x, android, chromeos, and the ipad. I'm doing my part.

Posted from my Xooml

Re:

[TheLink]

Not much harder, perl malware would run on most linux distros, OS X, AIX, Solaris, *BSD. It'll even run on windows if you use pp to create an exe.

If malware users (who aren't always the writers) could get people to type in passwords decrypt encrypted zip files to install the malware (this actually happened!), they'd be able to get people to jump through hoops and run "perl Makefile.PL" to install "Antivirus 2011".

If the malware's purpose is to send spam and/or DDoS and/or copy user secrets (.ssh, client cer

Re:

[oakgrove]

Reread my post.

half dozen linux distros, windows, os x, android, chromeos, and the ipad.

Half of the operating systems I mentioned will not run your perl script.

Re:

[ancientt]

B) Eliminate all the stupid users. This is frowned upon by society.

Great line. I'm making that my sig.

Your sentiments are mirrored in large part by an article at codinghorror, it's a bit dated, but I keep referring back to it as I try to find ways to keep our work network safe from ourselves. The problem as simply as I can restate it is that users with the power to do what they want will also do bad things unintentionally even if they have to work at it. I wonder if there might be a third path however, besides the two you've outlined.

What if the UAC was not activated for

Re:

[Gadget_Guy]

Wouldn't 30% - 20% == 10% ?

It does not work that way. In absolute numbers the XP infection rate went down from 18 to 14 PCs per 1000, while Windows 7 went up from 3 to 4 PCs per 1000. If you say it in percentages then it seems like the infection rate went up more than it went down, but look at the actual figures and you find the reverse. This is a bit of a misleading article really, because a drop of 3 PCs per 1000 does not equal an increase of 10%.

Also, when you read the security report you see that the most commonly detected threat

Re:

[rubycodez]

Windows 7 is more secure than Microsoft Xenix?

Re:

[sjames]

There are way too many confounding factors. First, the rates are based on detection by a single tool (where it is installed) without knowing the absolute numbers (rather than per 1000) it's hard to say much about the overall condition.

It could mean an absolute drop in infections, a simple shift in infections, or even that virus writers are getting better at evading the Malicious Software Removal Tool.

Sensationalist article much?

[ferongr]

TFA: As ComputerWorld reports, during the second half of 2010, the data shows that 32bit Windows 7 computers were infected at an average rate of 4 PCs per 1,000, compared to 3 PCs per 1,000 that took place during the first half of 2010.

A difference of 1 thousandth is beyond statistical significance. How did this entry even get to the frontpage? It boggles the mind.

Re:Sensationalist article much?

[John Hasler]

That is not a difference of one thousandth. It is a difference of 33%.

Re:

[dhavleak]

Not sure if you're joking or serious. You know it's both right? 3 thousadths of win7 PCs used to be infected, now 4 thousdandths are infected. That's a difference of 1 thousandths, or 33%, depending on how you choose to represent it.

Lastly -- that's only for 32-bit win7. 64-bit win7 is more resiliant according to the article, but not enough data to work out exactly what that means (before and after numbers from x64 win7 not provided, relative installed base of 32 and 64 bit win7 not provided).

Re:

[Idbar]

That is actually a one thousandth difference. You're mistakenly confusing it with a 33% "increase". You may as well go ahead an say it was a whole 100% computer.

Huge sample size

[pavon]

According to the Microsoft Report [microsoft.com] this is based on a sample size of 600 million computers. That is plenty large enough for the results to be statistically significant.

It was trollish for the summary to omit that Windows 7 still has 1/5 of the infection rate of Windows XP, though.

Re:

[stms]

What boggles my mind is that Microsoft can announce "3 or 4 in 1000 computers running Windows are infected" and think anyone will believe them.

Re:

[dhavleak]

I could believe them.. you think it's less than that? I know Win7 is pretty rock solid, but users will still find ways to defeat security measures, y'know..

Re:

[im_thatoneguy]

Anti-Microsoft article boggling the mind?

You must be...

Re:

[HermMunster]

It's a 1 in 1000 increase. You are not increasing from 3 to 4, you are increasing from 3 per 1000 to 4 per 1000. But, this is only for those that report their infection. And 64bit seems to get hit harder in Win7 than 32bit contrary to what some have said in this thread.

The most secure Windows ever!

[HangingChad]

"Microsoft released data today showcasing that Windows 7's malware infection rate has climbed by more than 30% during the second half of 2010...

In fairness it was the most secure Windows ever. It lasted longer than XP.

Re:

[dbIII]

The horrible thing about it is all the fanboys screaming about it being impregnable has led to otherwise intelligent people being convinced that it is safe enough to use without antivirus. Thus even a *nix guy like me has had to wade through malware shit and clean the Win7 boxes (that really should be reinstalled from scratch) because it consumes more time than those who only work on the MS platform have. Yes it's more secure than Win95 but it still has the a similar policy of trusting nearly everything.

Except

[Dunbal]

Microsoft calculated the infection rates using its Malicious Software Removal Tool (MSRT) by detecting and deleting selected malware such as fake antivirus programs, worms, viruses, and trojans.

One VERY important point is that Microsoft's Malicious Software Removal Tool considers certain programs which can be used to bypass Windows Activation as "malware", which is probably skewing the results.

Re:

[Brian Recchia]

Almost everybody who pirates Windows 7 does so using Windows Loader which, once they started encrypting it, has never been targeted by MSRT.

Re:

[Dunbal]

Which would explain why the rate is so low, lol...

Re:

[TheThiefMaster]

Have you disassembled that keygen/crack to see if it is safe? Convincing someone to run an arbitrary executable file that may or may not do what it claims is exactly the goal of malware authors, after all.

New OS

[hduff]

Same clueless users.

So newer is NOT better?

[metalmaster]

The article doesnt cover this, but im inclined to believe that malware authors have an easier time and higher infection rates when they target 3rd party software packages. As far as i know, the biggest thing to change from XP to Win7, from the user standpoint, is the more in your face security model. That makes the malware authors jump through extra hoops if they wanna get their code executed silently. However, attack a bug in a PDF reader or browser and things can be made to look like business as usual

Re:

[sabt-pestnu]

Humans are always going to be the weak link. Cause too many alerts, get the operator to shut that alert mechanism down, and hey, presto!

UAC window, anyone?

Re:

[metalmaster]

That was sort of addressed in transition from Vista to 7. Vista would throw up a UAC prompt if you looked at your monitor the wrong way. Windows 7 only does so when you sneeze

Re:

[Bengie]

It only alerts when something is trying to change system settings. It's not MS's fault it pops up so much, it's all the fail software that want admin privs.

Effectively, any software that prompts UAC would not run correctly without admin. Just goes to show how much software would break from faulty designs.

No malware for...

[sauge]

No malware for my IBM 5120. The old are far to wise for that malarkey!

and....

[smash]

... even with those figures, i'm still repairing a lot more Windows XP machines.

If you turn off UAC / run as admin, and put a retard at the controls, Windows 7 will get infected by "free antivirus" software just as easily as anything else.

This is more a symptom of it being adopted by regular end users rather than bleeding edge types than any new inherent security problems discovered in 7.

TL:DR FUD

[Deathlizard]

Article makes it sound like Win7 is getting inundated with viruses, but when you look at the counts it paints a different story.

Windows 7: Increase of 33%
1Q2010: 3/1000
2Q2010: 4/1000 - 64 Bit: 2.5/1000

Windows XP: Decrease of 22%
1Q2010: 18/1000
2Q2010:14/1000

Basically, You're still safer using windows 7 vs other Windows versions.

Current Numbers from MS are Here. [microsoft.com] Not exactly sure how computerworld got those numbers since MS numbers are higher and lower than others but there you go.

Slashdot fail with IE9

[cooldev]

Why does /. fuck up under IE9. I want concrete standards compliance issues.

Re:RTFA

[snowraver1]

I have a HARD time believing that only 14 in 1000 windows XP machines are infected.

Re:RTFA

[Penguinisto]

I have a HARD time believing that only 14 in 1000 windows XP machines are infected.

The reason why they came up with that number is in TFA:

"Microsoft calculated the infection rates using its Malicious Software Removal Tool (MSRT) by detecting and deleting selected malware such as fake antivirus programs, worms, viruses, and trojans."

In other words, they used their internal tool, which would certainly not catch all the bugaboos lurking in a given box.

Re:

[RobertM1968]

The truth is, as anyone who's dealt with such stuff for a living will tell you, it catches near nothing. I've had (recently, and for the last few years) machines come in with hundreds, or even thousands of infections... Win 7, Vista, XP... and on only ONE occasion (out of a few hundred machines in the last year or so), did it notice anything (and it was one infection out of about 700 on that particular machine that it noticed).

I suspect any stats generated using a highly useless tool are equally useless.

Re:

[colinrichardday]

As opposed to a Malicious Software Fashioning Tool (MSFT)? One would think that Microsoft would be more careful about acronyms.

Re:

[lowlymarine]

Windows Update will still install "important" updates even if your system fails WGA. This includes the MSRT.

Re:

[rhook]

And it's not like there aren't ways around WGA too.

Re:

[MobileTatsu-NJG]

I have a HARD time believing that only 14 in 1000 windows XP machines are infected.

That's because you read a lot of sensationalist Slashdot headlines.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[CannonballHead]

This. It's hard to criticize a company for users who are ignorant or stupid (the former is understandable; the latter isn't). Statistics that are generic like this COULD point to something... but they might not, too. For example, if I came up with a statistic that said that Ford cars were crashed 10% more often than Chevy cars ... well, *maybe* there's a defect in Ford cars. Or maybe more Ford drivers are insane. Who knows?

Unfortunately, we automatically go to "ah-ha, must be a defect" as a conclusion.

Re:what is malware?

[cyber-vandal]

Norton Antivirus is a well recognised trojan offering 'to protect your machine from threats' but in reality siphoning money from your credit card once a year and bringing your machine to a standstill.

Re:

[rhook]

That's why now days I just run this.

http://www.microsoft.com/en-us/security_essentials/default.aspx [microsoft.com]

Re:

[RobertM1968]

That's why now days I just run this.

http://www.microsoft.com/en-us/security_essentials/default.aspx [microsoft.com]

From reading all of your posts on this topic, I swear you must work for Microsoft, or for an advertising/marketing company they pay, or for benefits given to you by them.

Of all the infected machines I see, that are running, FULLY up to date anti-malware software on FULLY up to date versions of Windows, the top two culprits for missing things are (in this order) McAfee and MSE.

Again, I am only counting machines where the software is up to date and where Windows is up to date (and verifying the malware in

Re:

[DJRumpy]

The problem with giving application level authorization is that a common virus always represents itself as the original program you think it is. If you allow program 'x' to bypass UAC then that becomes an immediate vector of infection.

Re:

[istartedi]

virus always represents itself as the original program you think it is

Then don't authorize the application. Authorize a secure hash of the application's executable, which is computed when it's loaded into memory. It shouldn't add that much time to application startup on modern hardware.

Re:

[cyber-vandal]

Not letting you easily run Explorer.exe as admin is more stupid. I know it can be done but it's a pain and should instead just ask for credentials if you want to write to a directory that the standard account doesn't have permissions on.

Re:

[DarkOx]

No it might miss the security/usability trade off mark for but its actually not that badly implemented. Take Visual Studio and try to write a program that can circumvent UAC. Really try it, you will FAIL. It was specifically engineered to be difficult for malware that is not already running highly privileged to disable, or to "click yes" on the users behalf. Its very effective at that. What you want is for them to open up a whole bunch of new surface area to attack which would lessen the value of UAC as

Re:

[techno-vampire]

Sudo for instance is not nearly as strong as UAC in many regards, especially if you have the timeout configured.

Which is why I don't use it on my Fedora box. I've given out accounts on my home box to a few friends, so they can do network trouble-shooting (pings and traceroutes) over a different ISP and/or backbone segment. None of them have the root password. When I need to do something that requires escalated privileges, I use su for multiple commands or su -c for a single command. The only reason I'd

Re:UAC

[Man On Pink Corner]

I'm a little unclear on how authorizing on a per-application basis, using a hashed ID as the other user mentioned above, would open up a significant attack surface. I agree that UAC works, and that it isn't easily circumvented... but still, I should have the ability to disable it on a per-application basis, and optionally for any processes spawned by that application.

Obviously that''s an insecure practice on my part and should be done only with care, but turning UAC off entirely really does expose a huge attack surface, and that's what I'm doing now, along with a few million other Windows users who might or might not understand the implications of what they're doing.

Re:

[dhavleak]

AFAIK, in Win7 UAC uses both whitelists, and blacklists, and is also configurable in terms of what it will prompt you for (haven't looked up level of granularity.. couldn't really be bothered)..

Why on gods green earth do you run Visual Studio elevated? IIRC there was a bug that requried that some time ago, but has been fixed since a very very long time.

Re:

[im_thatoneguy]

That works great until a virus spoofs whatever system UAC would use to check the identify of the exe.

Re:

[0123456]

The problem is the expectation that users will know when to say yes to a UAC prompt. Until users start saying cancel to UAC prompts they don't fully understand, malware will only increase.

Have you ever seen a UAC prompt you do understand?

Normally it's along the lines of 'Do you want to allow TrojanHorse.exe to: Access local disk?' What the hell is that supposed to mean? Is it trying to write to a file in its own Program Files directory, or is it trying to overwrite Windows core DLLs and install a root-kit? If I can't tell, how can Joe Sixpack?

Re:

[kevinmenzel]

I understand that I'm being asked to trust the actions of "TrojanHorse.exe". Which is what UAC really does - tells the user that the application is about to do something that requires you trust the application. It doesn't tell you what that application is going to do, just asks "Hey, do you trust this? It's doing things which are outside the bounds of normal trust". So the question isn't "Can I understand the prompt" per se - because it's always a relatively simple question. More often it's a question of "S

XP is getting better.

[mevets]

At least according to this.