Originally posted by: mechBgon
And perhaps not. The web attack vector was mitigated by IE7 Protected Mode on Vista, as you would know if you read every Windows security bulletin end-to-end Protected Mode is disabled when you disable UAC, as you may already know, reverting IE to WinXP-style operation. And whether you use IE yourself or not, malware could invoke it.
For another testimonial:
http://msmvps.com/blogs/hostsn...pbadware-database.aspx winhelp2002 talks about hitting 10,000+ known-malicious websites with IE7.
:light:?
No :light:, just a yawn. Yet another site proving nothing about the "superiority" of IE7 over Firefox and how it is so much more secure. Last references turned around and bit you in the butt and this is the best you can do?
All that site shows is that if you go to ridiculous websites and you have Vista with all it's features installed, plus NOD32 Antivirus, nothing got through. Well, yeehaw. I've never stated that these tools won't help you. But like I said, who in the world with a strong knowledge of computers and the internet would go to bearsxxx.porn-host.org?
And, if you had read the article, you would see that many of these were not caught by Vista, but by the anti-virus. For someone who just got hosed on his last set of links, you really should have done a better job with this one.
Now I have to give a lot of credit to my antivirus NOD32 from eset.com, which detected a lot of Malware before the site even finished loading. Which by the way was just awarded the highest rating from av-comparatives.org. You can view the full report here (.pdf)
That is certainly smart practice insofar as it goes. If you have absolutely nothing on your computer that you don't mind risking having splattered across the Internet, deleted from your HDD, or both, then that's a little unusual, but hey.
I have nothing on my computer that I'm worried about being shared. As for having files deleted, see my previous post on backing up my data.
I don't claim to have the usual approach to keeping my stuff safe. I've stated time and time again that what I do works for me. If you'd rather use UAC, go ahead. It's a great program. I just don't feel the personal need for it consider everything I already do. Why is this not alright with you? I'm not proclaiming that people need to shut it off. This is my personal opinion and experience and nothing else.
Right, right, but you can't get the traffic back from where it went to, unless Ethereal now includes Time Machine capabilities
I don't need to get it back. I'm not worried about it. To be honest, you should probably actually thank me for doing this. Why? Because I work in a position to be able to take this information and give it to the right people to have such sites shutdown. If someone screws with my computer and I have their information in my log, I can send it up the chain and have it taken care of. I'm sorry I can't go into more detail than that, but I think in reality I'm doing everyone a favor.
Nope. I have an interest in security matters and do actively hunt malware daily. Vista x64 with 64-bit IE7 PM, UAC, WIC, Microsoft Network Monitor 3.0 and forced full DEP (and a non-Admin user account with a disallowed SRP, of course) is my tool of choice for that role. I also use Kaspersky Antivirus 6, mainly as a tripwire indicating I'm finding the "good stuff"... it gets switched off when it's time to grab samples.
But I'd never disable UAC. I may disable it once I've built a dedicated "honeypot" Vista system that I actually intend to infect, though. For now, I use a Win2000 rig with FireFox 2.0.0.4 and IE6 as my "infect-me" box, and re-image it when it's time for the next sample.
If there's someone who should boast of his credentials, however, it would be bsobel, stash and Smilin, not myself. They all recommend and use UAC. hmmm.
Kaspersky, great anti-virus. I applaud your work and am happy to see you have found a setup that works for you. I have too. Can we just leave it at that?
And I would agree, those people all seem very intelligent and have found UAC to work for them. However, does that imply that anyone not using UAC can't boast in their credentials? Is this a new stipulation that I should be aware of? Personally, I think my implementation is pretty good. It's never failed. But then, I'm not here to boast about anything, so does it matter that I don't use UAC?
No, but if you and other people are going to throw away an extremely-powerful security tool just because it puts up prompts on your screen, I'd at least like to make sure you know it's not as superficial as prompts on your screen. And the type of proactive protection it provides, fills a gap where your firewall, signature-based and heuristics-based defenses can fall short.
You want to know the most powerful security tool? Unplug your computer from the internet when you're not using the internet. Do you do that for every computer you own?
Out of curiosity, since you have evidently given some thought to security, do you use a non-Administrator account for daily-driver stuff, or have you given it a try? If so, how did it work for you?
Sure, I've given it a try. Flip, anyone who's ever used Linux has done that. Didn't make a bit of difference. Well, I'm sure it would have it I even went to sites like bearsxxx. Well, actually, I guess you got me. When I downloaded my keygen and forgot to scan it first, it probably wouldn't have caused a problem. Oh well, guess that just sunk my boat. :roll:
Zero-day exploit FTW, then. :beer:
I have no illegal software, music, videos, or anything else that is illegal. FTW!!
I expect the same thing that happens normally with Windows vulns: the holes get patched, and the bad guys go back to the drawing board.
Yeah, but not before several hundred to thousands of computers get worked. Where's your UAC then? Sure hope to hell you not putting all your baskets into UAC. Fact is, no software is perfect. Nearly every piece of code has some potential for being exploited, including the tools I use. Difference is, there are a lot more people with a grudge against Windows then there are with a grudge against my tools.
EDIT: To give credit where credit is due, most of my network and security knowledge I gained from a man named Joe Doupnik, one of the smartest men I know. Does a lot of work with Novell, though tinkers a lot with Windows. He gave me a paper once on securing an XP machine and removing unnecessary Windows services. If I can find it, I'll let you know.
If you want a good laugh, type his name in google and look at his home page at Utah State University. He's a got pretty old and bad picture up there. Currently works at Oxford University though. Hopefully they have a better picture. Wrote part of the operating system that's currently being used on the space station.