![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
eWeek reports discovery of a massive ID theft ring powered by CoolWebSearch. Yeah, only Windows is vulnerable -- anyone surprised? ....No? Didn't think so. Why people put up with this shit is beyond me, let alone why people who surely KNOW how dangerous it is running around out there with an insecure OS will still just click on this shit and install it with no idea what it's actually doing and in the knowledge that they have no way to find out. Sometimes I wish one of these crooks would come along and clean out forty million people's bank accounts, just because I can't help but think it'll take something on that scale to get people's attention.
Trend Micro has a free online scanner that will detect and remove CoolWebSearch. Then again, anyone stupid enough to install a piece of untrusted code like that in this day and age probably isn't reading, or paying any attention to, this anyway.
Footnote: I don't particularly wish Microsoft would crash and burn. I don't particularly wish Windows would dry up and blow away in the wind. Not only are Unix and the Mac not for everyone, but a monoculture of ANYTHING is a bad. I just wish Microsoft would start taking security seriously and actually make a real effort to make Windows secure. I've heard some intimations Longhorn Vista may finally make some progress in that direction, provided that doesn't get dropped before release as well.
no subject
Windows security
As a Microsoft employee, there are limits to what I can say without breaching corporate confidentiality rules but what I can tell you is that Microsoft really is making very large changes to its culture with regard to security. It has been going on for several years now, and it continues to progress. We have made fundamental, and I mean *really* fundamental changes to our processes to incorporate security into the development, testing, and distribution of our products. Windows Server 2003 is the most secure OS we've put out and the stats prove it.
We also have this guy (http://blogs.msdn.com/michael_howard/) working for us. Perhaps you've heard of a little book he wrote called "Writing Secure Code." () He, along with a team of very very smart people are dedicated full-time to making sure that we don't repeat the mistakes of the past. Yeah, some things will always get through, but that's going to happen to everyone, not just Microsoft.
As for the unprivileged user messing up the OS, Windows Vista is going to have some *significant* changes which will go a very long way toward preventing that kind of problem. Actually, the problem with XP is not that an unprivileged user can screw up the system; a "regular" user actually can't. It's that running as a regular user makes it hard to do a lot of things that you want to do, such as setting the system date and time or even set up a game to play. Therefore a lot of people run with Administrator privileges all the time. Vista will solve a lot of these problems. I don't know how much of this is public knowledge yet, so I'll stop here.
Re: Windows security
Aha!
s/a ref=/a href=/