Spyware Sucks

For your viewing pleasure.. an excellent video from TechEd

Windows Vista System Integrity Technologies
http://www.microsoft.com/emea/itsshowtime/sessionh.aspx?videoid=223

Steve Riley is a fun presenter... messy blonde hair, sneakers, red pants, blue shirt, shell fragment necklace, leather wrist bands with tassels and earring

My primary interest, when looking at this video with a mind to highlighting it on my blog, was its relevance to IE7.  That being said, there are a lot of gems in Steve's presentation.

I do recommend, if you are technically inclined, that you watch the entire video (but be warned, its more than an hour long).  If you don't want to sit through the entire thing, you can jump straight to the section where Steve explains how Protected Mode for Internet Explorer in Windows Vista helps protect users from the bad guys when they are surfing the internet.

Basically, a user will have to approve up to *three* different dialogue boxes for programmes sourced from the Internet.  He or she will have to say:

1) Yes, I want to run that programme...
2) Yes, I trust the Web site that I got the programme from...
3) Yes, I want to give that application Full (User) Privileges...

Steve says "what is the problem that we're trying to solve here... when somebody downloads some attachment and it has some sexually formatted subjectline "click here to see the dancing pigs".. those dancing pigs will win every time won't they... people don't know how to be secure so we have to do it for them..."

As much as I *dislike* the phrase, there are people out there who just want to see the "dancing pigs" and will say yes to anything and everything to obtain access to said pigs. For them, three prompts will not be enough to stop them from infecting their machines.  Heck, they may even complain about the inconvenience.  But you know what?  MS can only go so far to protect people from themselves. 

After years of very vocal "Windows is too insecure" complaints there are some who complain about how much harder Vista makes things for developers and users - for example:
http://www.msgpluslive.net/news/2006/08/05/opinions-on-windows-vistas-release-date/

Its a little ironic that Patchou is complaining about difficulties when working in Vista, considering the ongoing battle to stop malware being distributed via his sponsor programme (stopping the spread of malware being one of the primary reasons behind the tightening up security in Vista).

I disagree with Patchou... I say bring on Vista.  Reality is that malware pushers are not going to go away voluntarily, nor will people stop trying to earn an income from the pop-ups or banner ads that are used as a conduit to computers by the malware pushers.  The bad guys are not going to give up their income stream willingly, and they will continue to look for ways to get their wares on to as many machines as possible, including by deceiving those selling pop-up and banner advertising space.  There are people who need to generate an income via pop-ups and sponsors and who have every intention of refusing malware pushers access to their advertising space, but reality is the bad guys are getting in there anyway.

Attempted malware download via MP Sponsor Programme generated popups:
http://msmvps.com/blogs/spywaresucks/archive/2006/06/30/103407.aspx

The bad guys use a myspace banner ad to spread malware:
http://msmvps.com/blogs/spywaresucks/archive/2006/07/21/105450.aspx

Myspace again - this time its embedded videos and Zango:
http://www.vitalsecurity.org/2006/07/interview-with-zango-myspace-affiliate.html

During Steve's presentation he talks about how he did not reduce the privileges granted to his wife's user account, which was a local administrator account, and how his wife's computer was therefore vulnerable to, and ended up being infected by, malware ... Steve mentions that Jesper makes his wife and children run as guest), but Jesper's willingness to lock down his systems is an exception, rather than standard operating procedure out there in the world.
http://blogs.technet.com/jesper_johansson/archive/2006/06/22/438316.aspx

We have to get used to UAC and no longer being King on our computers.  As Steve said, there is no such thing as perfect, hack proof or impenetrable (tell that to some of the Linux/Firefox apologists).  He also says "For every way you can think of to stop a bad guy the bad guy will think of another way. You can't.  You cannot know everything that is bad. But what do you know? You know everything that is good... So why not make a statement of what you allow based on what you know is good and then by default block everything else."

His comments remind me of Peter Tippett and what he said years ago (Peter Tippett, by the way, apparently developed the product that eventually became Norton Antivirus).

Back in May 2005 I reported on an magazine article about Peter in which Peter said:

"The first version I produced stopped any virus that could be produced. 'No updates required' was the byline.  It recorded the state of all software on your system and anything new just wouldn't run ... As an afterthought we added virus signature scanner and sold it to Symantec. ... Symantec felt that nobody could understand the generic new software-blocking stuff, so that feature quietly dropped away.”

http://msmvps.com/blogs/spywaresucks/archive/2005/05/05/45762.aspx

We have now reached the stage where needing to stop the bad guys outweighs the need to make things easy for those who cannot understand the "generic new software-blocking stuff" or want to be King on their computer.