Thread: Windows virus?

  1. #31
    C++まいる!Cをこわせ!
    Join Date
    Oct 2007
    Location
    Inside my computer
    Posts
    24,654
    While it may be good in theory to demand certification, I don't know if it holds in reality.
    How much does it cost to have such checks? Lots of money.
    Does that means that open source applications and those from individual developers are poor quality just because they aren't certified? I think not. They would, nevertheless, get the benefit of doubt by many and would probably be avoided in the end.

    No, what they should focus on is building good free tools to help programs in quality testing and make a stable operating system which will not crumble from poorly written software/drivers.
    Those are my thoughts.
    I would love to see prompts that asks for suspicious behavior from programs, on the note that I can allow permanently, of course. If a program tries to delete files, I want to know WHAT files.

    Although, I could see certification programs that are FREE to go a long way, provided they are fast, done by many and under the same rules. They could even have a certification-in-progress to ensure or calm users that the program is indeed going through certification but has not yet received it, since it would a way against fears when they see a program is not certificated (one might thing they would skip certification otherwise).
    Last edited by Elysia; 07-15-2008 at 07:56 AM.
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  2. #32
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Ireland
    Posts
    8,446
    Quote Originally Posted by Elysia View Post
    I would love to see prompts that asks for suspicious behavior from programs, on the note that I can allow permanently, of course. If a program tries to delete files, I want to know WHAT files.
    This type of functionality is again better left for 3rd party tools. Certain personal firewalls, for instance, already offer system level protection on an application, and even file, basis that will handle that and many other issues, if the user so wishes. At the cost of a download.

    Meanwhile, remember that wish when you realize temporary files are created and destroyed on windows all the time.

    What I want is an operating system that does little for me and asks me to do much for it. Linux and Windows XP offer that type of balance. Each in their own way (although my fav i still Windows 2000). There's nothing inherently insecure about Windows XP that hasn't been fixed with later service packs. Conversely, there's nothing inherently more secure about Vista that will not be exploited to exhaustion invariably subjugating it to Yet Another Microsoft Operating System.

    Buffer overruns and such only offer backdoors when exploited by malicious tools we allowed to creep in our system. That is the line of defense we tend to overlook and then blame it on the operating system alone, forgetting about our share of responsibility. I haven't be caught in a buffer overrun exploit for maybe a decade. And behold, I can sometimes skip 6 months without making a windows update.

    These malicious tools meanwhile are acquired from many sources, the most common ones being warez and pornographic websites... and again we blame it on the operating system when we don't even try and observe rudimentary internet safety pratices.

    Windows is as secure as Linux from a home computer point of view. That is by far not the reason I recently switched to Linux. And we don't need to be told what application deletes what file.
    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  3. #33
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,229
    With a considerable amount of tweaking settings, installing and configuring third party security programs, taking precautions like having to avoid warez and porn sites, Windows can arguably be as secure as out of box Linux.

    As for warez and porn sites, why should we try and observe ruimentary internet safety practices in the first place? If I don't give explicit permission to run a binary, I should be able to assume I am safe. I don't consider visiting a website giving it permission to run anything. That I guess is IE's problem, but it is hard to separate from Windows, being an integral part of the OS.

    Windows is as secure as Linux from a home computer point of view.
    Sure, but Windows just requires a lot more tweaking and installing and experience/knowledge. An average Joe is a lot safer with Linux than Windows.

  4. #34
    C++まいる!Cをこわせ!
    Join Date
    Oct 2007
    Location
    Inside my computer
    Posts
    24,654
    Quote Originally Posted by Mario F. View Post
    This type of functionality is again better left for 3rd party tools. Certain personal firewalls, for instance, already offer system level protection on an application, and even file, basis that will handle that and many other issues, if the user so wishes. At the cost of a download.
    I know. I have certain such protections installed, actually. I don't really care if it's 3rd part or the OS itself, just that the functionality should be there.

    Meanwhile, remember that wish when you realize temporary files are created and destroyed on windows all the time.
    So true, but here's why there's need for advanced rules. For example, I can I want to allow creation and deleting of files inside the temporary directories.
    But the biggest point is that we should be able to configure it to allow stuff we want and only ask if it's a suspicious ask we have not allowed.
    So if I suddenly get a virus of my computer, I instantly get popups that a strange program is doing something.
    Otherwise it just runs in the background, watching without interrupting.
    That's the kind of security I like.

    And behold, I can sometimes skip 6 months without making a windows update.
    Me too
    I only download service packs!
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  5. #35
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,229
    So if I suddenly get a virus of my computer, I instantly get popups that a strange program is doing something.
    I guess someone will have to write a good AI first that can distinguish between strange and normal activities (by human definitions). This is starting to sound a lot like Hollywood .

  6. #36
    the hat of redundancy hat nvoigt's Avatar
    Join Date
    Aug 2001
    Location
    Hannover, Germany
    Posts
    3,130
    But all virii exploit a bug in the OS (except social engineering ones). If there are no bugs (or if fixed rapidly enough), there won't need to be anti-viruses. Anti-viruses are like third party Windows bug fixing packs. Looking around the computer world, Windows is the only OS in the whole universe that needs a third party program to keep it safe.
    That's not quite fair. If people would spent a fraction of what they spend on *nix security on Windows security, they'd have a pretty stable, pretty good and virus proof operating system. But they don't. The same guy that spent the weekend installing a new *nix system will totally hose his Windows box, because obviously creating a second, non-root user even with GUI assistance is too much of a hassle when running Windows.

    Windows is pretty secure. But the security is turned off by default to appeal to the masses. I don't know why anyone running without administrative priviledges would need a virus scanner or other third party software. I do know people who blindly click on stuff and execute it. You could probably send them format.com by email and they'd format their harddisc, just because it seemed to be a good idea. No amount of security will prevent this. Dumb people are dumb people.

    The last years have shown a vast amount of virii and worms. And very few were actually worth worrying about. Most of them were simply fishing for the 90% of clueless users out there. Malware is on the rise because dumb people using computers are on the rise. Security in Windows has improved tremendously from '95 to Vista. Average user education has gone down the drain at an even steeper rate. That's the problem and no software will ever fix it, the same way nobody can produce a knife that is both useful and safe enough for idiots to not cut themselves. There is no way this will work.
    hth
    -nv

    She was so Blonde, she spent 20 minutes looking at the orange juice can because it said "Concentrate."

    When in doubt, read the FAQ.
    Then ask a smart question.

  7. #37
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,229
    That's not quite fair. If people would spent a fraction of what they spend on *nix security on Windows security, they'd have a pretty stable, pretty good and virus proof operating system. But they don't. The same guy that spent the weekend installing a new *nix system will totally hose his Windows box, because obviously creating a second, non-root user even with GUI assistance is too much of a hassle when running Windows.
    Hmm. Ubuntu installation takes ~ half an hour on my machine. I spend an additional hour or so installing programs I need. I don't need to consciously do anything to improve security.

    On Windows, especially before Vista, it's practically impossible to use a limited user account (the UNIX way), simply because programs were designed assuming the user has admin priviledge, which has pretty much always been the case. I have tried it, and with so many programs requiring admin priv for normal operation, I was pretty much running as admin.

    It's more of a practical thing than a theoretical thing. On Linux, no one runs root, and it has been like that for decades, and softwares are designed with that in mind. It's the contrary on Windows.

    You could probably send them format.com by email and they'd format their harddisc, just because it seemed to be a good idea. No amount of security will prevent this. Dumb people are dumb people.
    That is what I meant by social engineering - the part that I am not blaming the OS about.

  8. #38
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,229
    That's not quite fair. If people would spent a fraction of what they spend on *nix security on Windows security, they'd have a pretty stable, pretty good and virus proof operating system. But they don't. The same guy that spent the weekend installing a new *nix system will totally hose his Windows box, because obviously creating a second, non-root user even with GUI assistance is too much of a hassle when running Windows.
    Hmm. Ubuntu installation takes ~ half an hour on my machine. I spend an additional hour or so installing programs I need. I don't need to consciously do anything to improve security.

    On Windows, especially before Vista, it's practically impossible to use a limited user account (the UNIX way), simply because programs were designed assuming the user has admin priviledge, which has pretty much always been the case. I have tried it, and with so many programs requiring admin priv for normal operation, I was pretty much running as admin.

    It's more of a practical thing than a theoretical thing. On Linux, no one runs root, and it has been like that for decades, and softwares are designed with that in mind. It's the contrary on Windows.

    You could probably send them format.com by email and they'd format their harddisc, just because it seemed to be a good idea. No amount of security will prevent this. Dumb people are dumb people.
    That is what I meant by social engineering - the part that I am not blaming the OS about.

  9. #39
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Ireland
    Posts
    8,446
    Ok cyberfish. It's pretty obvious you have your mind made up. I just find it ironic that while you lament over windows apparent complexity, many windows users lament over *nix complexity. It's a case to say I've seen it all on what comes to unfounded criticism. Have it your way...

    But one word of advise; Admitting your lack of skill with Windows should at least make you ponder the arguments been used here and not summarily dismiss them. Especially when done by people with two decades of experience with Microsoft operating systems.

    As for me, I'm going out for an icecream while leaving windows online. Just because I can.
    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  10. #40
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,229
    I have openly admitted my lack of skill with Windows, which made my Windows insecure.

    What I was trying to say is, we need skill and effort to make Windows secure, and any Linux newbie can already enjoy the priviledge of secure Linux.

    With a considerable amount of tweaking settings, installing and configuring third party security programs, taking precautions like having to avoid warez and porn sites, Windows can arguably be as secure as out of box Linux.
    I never said that Windows cannot be made secure, just that it takes a lot more effort.

  11. #41
    Registered User VirtualAce's Avatar
    Join Date
    Aug 2001
    Posts
    9,607
    Especially when done by people with two decades of experience with Microsoft operating systems.
    Are we really getting that old? My first OS was 2.10 with a copyright of 1980 (79, 80, 81?). You were lucky then if the OS did 'anything' for you except hook interrupt 21h and run your disk drive. Thanks now I feel really old.

    Now people are complaining about how much the OS does 'for' you. I'm happy with XP. It's intrusive enough to be safe and secure yet not intrusive enough to be downright annoying.

    Here's to hoping they produce a lean and mean version of the next Windows (post-Vista) so I can choose how much bloat I need for my little corner of the world.
    Last edited by VirtualAce; 07-15-2008 at 08:24 PM.

  12. #42
    Registered User VirtualAce's Avatar
    Join Date
    Aug 2001
    Posts
    9,607
    Ah, unless it's ActiveX. Why is opening email giving it permission to run whatever's in the mail? By that logic, when opening a Word document, you can expect it to format your harddrive?
    This is most likely using VBA and another thing about that is you can turn this off in Outlook, Powerpoint, Excel, and Word. When it's off it will be in permission mode and will say that the file has scripts that want to run and will ask you if it's ok. At that point the VBA code will execute. Last I worked with VBA there were not any functions that could format a drive. VBA is a nice feature but I really don't like coding with it.

  13. #43
    Registered User
    Join Date
    Dec 2006
    Location
    Canada
    Posts
    3,229
    This is most likely using VBA and another thing about that is you can turn this off in Outlook, Powerpoint, Excel, and Word. When it's off it will be in permission mode and will say that the file has scripts that want to run and will ask you if it's ok. At that point the VBA code will execute. Last I worked with VBA there were not any functions that could format a drive. VBA is a nice feature but I really don't like coding with it.
    That's what I meant. The default is not safe. With so many unsafe default settings, one needs to be very experienced/knowledgeable with it to make it secure.

    The formatting was just a random guess. How about randomly deleting files? I am guessing there is local filesystem access in VBA, just to make it user friendly, unlike Javascript.

  14. #44
    Registered User VirtualAce's Avatar
    Join Date
    Aug 2001
    Posts
    9,607
    To be honest I don't remember much about VBA except that it was application-centric. Basically if the application did not expose it you couldn't access it. Very different from programming in VB but allowed you to make use of some nice APIs in Word, Excel, and PowerPoint. You could also mix in some database stuff through Accel although I never messed with any of that.

  15. #45
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Ireland
    Posts
    8,446
    Admittedly VBA was not built with security in mind. Thank goodness the technology has been dropped for a few years already.

    Quote Originally Posted by cyberfish
    With so many unsafe default settings, one needs to be very experienced/knowledgeable with it to make it secure.
    Drop the "very", and you'll basically hit it.

    Yes, one needs to be knowledgeable about the operating system in order to use it safely. What I question is why you question this? Where exactly is the problem in being knowledgeable about the operating system? I'm even more surprised when this argument comes from a Linux user who are reportedly very knowledgeable people about their own operating systems.

    Let me try and break it down to you in the following manner - If anyone sees some flaw in my reasoning please do correct me.

    Up until recently (up until mid-life of the XP operating system, I would wager) Microsoft strategy was to place security features out of the way of the user. They were still built at the core, and through OS internal tools, but for the most part they were set so that that they didn't interfere with the user day to day operations. If a security feature could be turned on without affecting user experience, it would. Otherwise its default would be off. All this in the name of a friendlier user experience. This strategy had its pros and cons. Power users liked it, newcomers didn't know what to think, and other platform evangelists used it to blurb about Windows not being secure. All in all, Windows kept on moving which is more or less what mattered.

    It was then the task of the user to set those features they wanted. In the meantime, the Windows operating system always spawned a considerable market of commercial and non-commercial 3rd party tools which addressed many security concerns and established themselves through time as the standard means of securing your computer. Anti-virus, personal firewalls (don't confuse with software firewalls which don't offer application level protection), system maintenance tools, etc...

    This is the way we do it in Windows. And you better get used to it, instead of complaining about it, since the latter will get you nowhere. Except for...

    Somewhere down the line, and along the life of Windows XP, it became noticeable that Microsoft started to shift their position regarding OS security. On behalf of so many complaints like the ones you do, Microsoft started to push security in front of user experience and forcing us to work the other way around (disable security features, instead of enabling them). This culminated in the Vista operating system which is, right after installation, arguably the least user friendly operating system Microsoft ever developed.

    In fact, because people always preferred to complain about the non existing lack of security in the windows operating system, instead of educating themselves on those features and learn how to use them, is the reason we have Vista the way it is... a dumb down operating system that tries to think for you, obviously can't, and shuns away from power users who, in the face of so much "simplicity", can't understand how to work with it.

    That is the price of... ermm... success. Because so many use it, and because the vast majority doesn't want to become computer savvy, the operating system is made to be stupid, pretty and with big buttons. Vista is pretty much the archetypal blond.

    So, if you want that kind of stuff cyberfish, there you go. Get Vista and some (not all) of your security concerns will be addressed right of the box. You'll love UAC. Meanwhile, windows XP is not for you. It has been built differently, in a different time when Microsoft was still walking with its arms outstretched in search of the user-friendly and secure paradigms.

    If on the other hand, you decide to draw from your Linux experience and understand that:

    a) Windows was just created to be like this and that is the acceptable way of working with it (up until Vista that is. Lets see if they drop all this nonsense with the next version);

    b) Complexity is only apparent. It's a false perspective. You change the way you do things and that seems complicated, when it isn't in fact. Complexity is just the result of lack of training. Being myself a newcomer to Linux I could report to you the fact the damn thing was so confusing in the beginning, I messed up three times already forcing me to reinstall it. And yet, you don't hear no whining from me, do you? "Oh Linux is so complicated. Buaah!"

    c) You don't want to be another numbered Duh in the wold of computer users. We are creating a generation of big Duhs with all this ridiculous User-Friendly pop culture byproduct. By complaining about how complicated it is, you are effectively telling your teacher you don't want to learn philosophy because your head is too small and you are more interested on iPods and 3rd season TV series.

    You'll pull up your sleeves and stop the whining, mate.
    Last edited by Mario F.; 07-16-2008 at 06:58 AM.
    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Trojan horse generic
    By crvenkapa in forum Tech Board
    Replies: 8
    Last Post: 06-04-2007, 08:49 PM
  2. how to make a windows application
    By crvenkapa in forum C++ Programming
    Replies: 3
    Last Post: 03-26-2007, 09:59 AM
  3. Question..
    By pode in forum Windows Programming
    Replies: 12
    Last Post: 12-19-2004, 07:05 PM
  4. IE 6 status bar
    By DavidP in forum Tech Board
    Replies: 15
    Last Post: 10-23-2002, 05:31 PM
  5. Manipulating the Windows Clipboard
    By Johno in forum Windows Programming
    Replies: 2
    Last Post: 10-01-2002, 09:37 AM