potential major explooit in ALL versions of windows

OrryW said:
It will cause people to switch to Mac which will make people's wallets very vulnerable?
Click to expand...

Being a former Apple employee, I can tell you that there are a LOT of viruses and venerabilities in OSX...not as many as windows, but they are there and a threat... :p ...OSX doesn't save you...Jesus does! :D
 
XionTawa said:
Being a former Apple employee, I can tell you that there are a LOT of viruses and venerabilities in OSX...not as many as windows, but they are there and a threat... :p ...OSX doesn't save you...Jesus does! :D
Click to expand...

Any Operating System is going to be rife with vulnerabilities, whether from the OS itself of the software installed on it. It's how quickly they can be found and fixed that makes an OS secure -hence the reputation of Linux being the more secure OS, due to its openness and number of people constantly working to improve it.
 
Market penetration plays a major role in virus propagation (i.e. effectiveness). Seeing how Windows still holds the lion's share of the market they will naturally be perceived as the OS that is more prone to viruses.

If I were to write a virus (which I wouldn't) I would naturally want it to be deployable on the largest percentage of computers since the number that actually get infected is a percentage of the total that can possibly be infected. That number is considerably higher if I write one for Windows. It's simple mathematics.
 
XionTawa said:
Being a former Apple employee, I can tell you that there are a LOT of viruses and venerabilities in OSX...not as many as windows, but they are there and a threat... :p ...OSX doesn't save you...Jesus does! :D
Click to expand...

Actually, independent testing shows OSX has a lot more vulnerabilities, but a lot fewer people will attempt to exploit said vulnerabilities.

http://www.zdnet.com/blog/security/mac-versus-windows-vulnerability-stats-for-2007/758

Total in 2007 they found 44 flaws for Vista + XP, and 243 for OSX.

Granted, it only takes one to be exploited.
 
Market penetration is definitely a large issue. Along with that is herd immunity. If you are infected with a virus that 9/10 of your friends are not susceptible to, the virus will not spread. If 9/10 of your friends ARE vulnerable...now we're talking.

One thing I will say - it's one thing to poke fun of Windows in a home environment where people have TERRIBLE security practices. I mean really, can you blame the OS if someone clicks on freemoney.jpg.exe.? What's funny is - in a networked environment (read: every business environment), Windows has the best security at its core. Conversely, Unix-based systems have the worst, despite a reputation otherwise.
 
RyanB said:
Market penetration is definitely a large issue. Along with that is herd immunity. If you are infected with a virus that 9/10 of your friends are not susceptible to, the virus will not spread. If 9/10 of your friends ARE vulnerable...now we're talking.

One thing I will say - it's one thing to poke fun of Windows in a home environment where people have TERRIBLE security practices. I mean really, can you blame the OS if someone clicks on freemoney.jpg.exe.? What's funny is - in a networked environment (read: every business environment), Windows has the best security at its core. Conversely, Unix-based systems have the worst, despite a reputation otherwise.
Click to expand...

Pretty much this, the largest security flaw with Windows is the user. And there are a lot of Windows users.
 
[gfc#6]suicidebomber;388402 said:
Well the vulnerabilities threat profile has expanded:
http://www.f-secure.com/weblog/archives/00001994.html

If the .lnk is inside a document windows will execute the code. Again..i hope this fizzles..if it doesn't I want folks to be aware.
Click to expand...

Now that's definitely worse...can embed .doc files in internet explorer, or email spam like the link suggests. Still would require a user manually saying "yeah ok, run this", and would require something malicious locally to execute, unless I'm missing what all you can do with a .lnk file. Can these be used to execute command line-like code?
 
no this is a remote code execution W/O user intervention....the simple act of viewing something(a folder, usb drive, document..etc etc etc) with a .lnk triggers the vuln and the exploit with no user interaction. There's another vector as well.

List to this videocast from Steve Gibson..it's well explained.
http://www.twit.tv/sn258
 
Last edited:
Microsoft is issuing a fix.

Slashdot on Jul 31, 2010 3:14:00 AM
http://rss.slashdot.org/~r/Slashdot...Emergency-Fix-For-Windowsnobr-wbrnobrLNK-Flaw

Trailrunner7 writes "Microsoft will issue an out-of-band patch on Monday for a critical vulnerability in all of the current versions of Windows. The company didn't identify which flaw it will be patching, but the description of the vulnerability is a close match to the LNK flaw that attackers have b ...
 
You must log in or register to reply here.
Back
Top