On Wed, 20 Jan 2010 16:53:06 EST, Larry Seltzer said: > On Vista and Win7 the odds that it will execute > are too remote to bother with. Even on XP, it only works 1 in 3 chances.
Ya know, 1 out of 3 chances is a good way to start on collecting your share of those 140 million pwned boxes out there. I bet a good fraction of them got whacked at much lower odds than 1 out of 3. > Security firms never tell you that you need to run as administrator to > be vulnerable to something or that it won't execute reliably or that you > had to choose to run it manually. They just want you to be afraid. Somehow, I can't fault security firms for not telling you "you can only get hit if you do XYZ", if XYZ is something we all know is done *all the frikking time by actual users*, like running as admin, or clicking on shit you shouldn't. Yeah, it's sleazy if they fail to reveal the exploit only works if you have on your disk an MP3 of the Finnish national anthem as sung by a Vietnamese boy's choir. But "only if you run as admin" and "choose to run it" are hardly in that category.
pgpogaiNkwQLR.pgp
Description: PGP signature
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
