For the first time security researchers have spotted a type of malicious software that overwrites update functions for other applications, which could pose additional long-term risks for users. The malware, which infects Windows computers, masks itself as an updater for Adobe Systems’ products and other software such as Java, wrote Nguyen Cong Cuong, an analyst with Bach Khoa Internetwork Security (BKIS), a Vietnamese security company, on its blog.
I love Windows, but I have stayed away from it, especially because I can do most of my tasks on Ubuntu. The reason for not using Windows: insecurity. I would always reboot into Ubuntu to pay my stuff online, to open my Paypal account, etc… This is not a sustainable option. I have my Windows apps on Ubuntu with WiNE (MS Office, Photoshop), and they work great, really. At the university, I don’t open my Gmail account because they use Windows, and I’m afraid the PCs have viruses. They certainly do despite all security measures (limited user accounts; antivirus). You sadly can’t use Windows if you need security.
I thought of such approach years ago… damnit, I should have patented it 🙁
This is why most Linux users use repositories with digital signatures. Every so often a new Linux user will complain about:
“How come Firefox doesn’t automatically update itself. Why do I have to wait until a new version hits the repository”.
To me, this is one of the greatest strengths of the Linux distribution system. I automatically get security updates for ALL of my software, and it comes from digitally signed repositories. It may not be perfect, but it is miles ahead of allowing/requiring each application to update itself.
which is that users have to wait longer for a flaw to be patched while package maintainers sort out dependency issues. It also results in companies sticking with old versions of software because they don’t want package updates to break their systems.
The ideal is probably somewhere in the middle where there is a central updating service but applications are not interdependent.
I’ve been predicting this type of malware for quite a while, I’m amazed it wasn’t around sooner. What else could be the result when you have so many updaters running at once? What a perfect way to hide.
This could be even more devastating on OS X if there was a malware targeting Sparkle, which is used by most software as an updater.
Here we go again… Users blaming Windows for their lack of responsibility. For all the things I still hate about Windows Vista, there’s one thing Microsoft did get right: User Account Control.
A couple of weeks ago, I got the notification for an update to Adobe Flash so I chose to install it. I knew something wasn’t right when I got a UAC dialog but it was the one for unsigned apps (the one with yellow background and the Allow button) instead of the one for signed apps (the one with green background and Continue button.) Updates from Adobe do come signed by Adobe, so I canceled that installation from within UAC and ran a virus scan just in case.
If you don’t keep your security tools and if you click on Allow or Continue without reading carefully those pesky UAC dialogs, then you are definitely the one to blame, not Windows, when your PC gets screwed by malware.
Edited 2010-03-26 18:59 UTC
It’s not that good actually. I know some computer-illiterate co-workers and friends who actually always click ok, not knowing why they’re asked to click. They find the UAC annoying and as soon as they see the prompt, they click nervously, just to get rid of the nag ASAP.
Even I wasn’t aware of this color detail. I guess most illiterate folks out there in companies, where they only use the computer once in a while, don’t know about this stuff.
I agree. Many people, actually most computer-illiterate people keep their antivirus out-of-date with the “Warning” message in the system tray. Same for browser updates, Adobe Flash updates and Windows updates left aside or even canceled. Just because people don’t want to bother and/or because they don’t want to be annoyed. They also think there’s nothing dangerous about it, they don’t know about botnets, computer zombies, spambots, etc…
Yes that’s the dancing pigs problem but UAC is still a valuable improvement. When they click on something in their email they at least get a warning that something wants to change the system. It also gives them a second chance if they clicked on it by accident. XP put too much trust in the user and assumed all system changes were intentional.
That is why defender exists, so they at least have a basic scanner that removes some the nastier stuff. Windows7/Vista really do cut down the malware for problem users which is why general use of XP should be discouraged. A lot of those old XP machines are being used for botnets and other forms of criminal activity.
Nice theory, but Defender’s definition updates come via Windows Update… which, as was already stated previously and I can vouch from experience is true with the average public, is ignored as thoroughly as they ignore their Antivirus. Defender doesn’t help that much. Personally I’d think the way to go is to silently update Defender as Google does with Chrome, but if Microsoft did that I’m sure the EU would jump on them for not providing an Antivirus ballot or something equally as stupid. That’s Microsoft: Damned if they do and damned if they don’t. I’d feel sorry for them if their own practices hadn’t landed them in this spot.
The problem with anti-virus software is that it costs money to renew which is why people ignore warnings. If Windows 7 isn’t set to automatically install updates it will nag the user when defender’s definitions becomes outdated.
Defender is a good program because it can remove common malware like Renos without the user having to install new software. Of course it isn’t as good as something like Nod32 but it isn’t trying to be. It’s a basic line of defense.
My point wasn’t on the quality of Defender, simply that no matter how much it nags people ignore it just as they ignore other nagging. People don’t want to be nagged, they want the damn thing to do its job without bothering them.
A way to auto-update antivirus software without violating any kind of law would be to tell people at install time “By clicking next here, you give this software the right to do all its usual work that require no acknowledgement (including updating and auto-scanning) silently, without notifying you about anything it does.”
In other words : now, the software installs some updater without telling you about it, and then at every boot yells “Hey ! I’ve got to do something, may I ?”. You can’t blame people for being angry and ignoring it. They turn on their computer to do some work, not to update their antivirus and various plugins. Such annoyance slows them down in their task. So that software which needs updates should only ask for permission to update one time, and then STFU.
(Note : This does *not* mean that software should go the Mac way and not notify you about anything at all, leading to situations where you click “send” in a webmail while wireless has been disconnected for several minutes, and lose all of your data in a magistral “The site could not be loaded”. It means that popups should only be kept for tasks which really require them).
Edited 2010-03-27 07:33 UTC
happy ubuntu user here.