RE: Microsoft blames Vista insecurity on thirdparty applications

[Larry Seltzer <Larry () larryseltzer com>]

> > Here's the quick test:  Drop the .exe on the destop and double-click
it.
 Did you get infected?  Then you're not immune. 

How did you get the executable? That's the point Allchin is making. The
usual vector is e-mail and any Microsoft e-mail client for the last 5+
years blocks them by default. (Web mail is very popular now, but all the
major ones are AV-scanned.) 

As Nick pointed out, there are other potential vectors for this malware,
open shares and stuff like that. I suspect these are much harder to get
through in Vista than in XP, even SP2. It would be interesting to gather
a good collection of the vectors actually in use and compare their
status in Vista to previous versions. I'll start talking to vendors
about it.

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.eweek.com/blogs/larry%5Fseltzer/
Contributing Editor, PC Magazine
larryseltzer () ziffdavis com 

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.