> I think that the changes that Microsoft have made in Vista > are awesome, but they won't stop the Trojans that take > advantage of security vulnerabilities. Unless you think that > Vista won't have any security holes (yeah right). The > average user that is prone to let their PC become a zombie > doesn't apply patches. So the first big security hole that > is exploited will spawn a whole batch Vista zombies. Hence > why it's important to run antivirus.
Viruses aren't, by definition, simply exploits that take advantage of existing vulnerabilities. They typically require user intervention. If a user doesn't have the ability to run unapproved executables, then the user can't run the executable containing the virus. Preventing a user from running a program that may or may not contain a virus is a much more effective countermeasure than trying to detect the virus when a user runs a program; especially if, as you noted, people don't keep their machines (including virus signatures) up to date. And, of course, patches generally don't protect you from trojans and viruses, which again typically require user intervention and permissions. If I run an executable program, and I have adequate permissions to allow that program to do whatever it wants to do, there's no patch for that. Patches are much more important when it comes to protecting against remote exploits, but a firewall is a more reliable protection against that sort of thing. So, to the extent that Vista's UAC prompting actually makes people think about what they're doing, it will, in fact, stop trojans, which like viruses rely on people running programs within a privileged security context. If, on the other hand, people disable this or just click through it without thinking, then we're back where we started, and no amount of antivirus software will prevent it. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:261918 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
