First up is a good article over on zdnet's blogs by Ryan Naraine. A lot of people are complaining about UAC verging on nagware in it's invasive questions, despite the fact they're expected to protect us from ourselves installing things that we dont understand the behaviour on. The piece that made me want to blog about this was in the observation of what hackers and ISV's actually specfically code for. Previously they've all coded for the full admin world-o-fun offered by Windows XP, now because UAC forces users to run within the realms of standard admin rights and be prompted for any elevated permissions. Now in a Vista world they'll code for that environment. This quote from the article from Mark Russinovich hits the spot:"The malware author will say, 'I can live in a Vista world without needing to take over the entire box'. They will end up thriving in the standard user environment, setting up botnets, grabbing your keystrokes"
It comes back to what UAC was designed to actually do, it's not supposed to be a massive barrier system, or a firewalling like solution that protects users.. it's damage control, it's limiting the level of exposure users have by saving them from themselves.
And dont think MAC users can be smug.. your day has come.. Apple have long escaped the eyes of malware writers and hackers not due to the operating system's security levels, but due to social and business aspects. If you're going to hack something, write some malware for something or generally deliver a virus you're the kind of person looking to cause disruption.. and upsetting a large number of students, art house jazz fans, hippies and graphic designers doesnt go down as a great gesture.. but bringing down a major merchant bank or a a retail chain is.. oh wait... they dont run anything Apple.. if that's the piqued your interest look at how Dino Dai Zovi successfully hijacked a MacBook Pro in this article.
No comments:
Post a Comment