PC Tools reveals Vista is not so immune

[jim]

Check out http://www.pctools.com/news/view/id/206/

It reads in part "Ironically, the new operating system has been hailed by
Microsoft as the most secure version of Windows to date. However, recent
research conducted with statistics from over 1.4 million computers within
the ThreatFire community has shown that Windows Vista is more susceptible to
malware than the eight year old Windows 2000 operating system, and only 37%
more secure than Windows XP," Clausen said. "

Just thought you'd like to know....

jim

 

[Uncle Marvo]

Wonderful!

It does fix the dodgy serial buffer problem though, which I believe has been
in Windows since sometime in NT4.0.

I'm still not going to go for it until at least SP2

 

[jim]

Don't miss the discussion at http://tech.yahoo.com/blogs/null/93752 too.

 

[Straight Talk]

Check out http://www.pctools.com/news/view/id/206/

It reads in part "Ironically, the new operating system has been hailed by
Microsoft as the most secure version of Windows to date. However, recent
research conducted with statistics from over 1.4 million computers within
the ThreatFire community has shown that Windows Vista is more susceptible to
malware than the eight year old Windows 2000 operating system, and only 37%
more secure than Windows XP," Clausen said. "

Just thought you'd like to know....

Not really. There is enough nonsense floating around already.

What exactly does "37% more secure" mean?

And why is W2K considered more secure in these statistics? - Because
W2K is not operated by the same kind of people Vista is. And no OS can
ever be immune against human stupidity.

This is just yet another nonsense by numbers.

 

[jim]

Not really. There is enough nonsense floating around already.

What exactly does "37% more secure" mean?

That's what the links were for. Follow them.

And why is W2K considered more secure in these statistics? - Because
W2K is not operated by the same kind of people Vista is. And no OS can
ever be immune against human stupidity.

This is just yet another nonsense by numbers.

You can lead a man to truth. You cannot make him believe.

jim

 

[John Waller]

You can lead a man to truth. You cannot make him believe.

And some people are attracted to, and swayed by, FUD.

Dig deeper and read the wider argument online. It's far less black and white
than you're apparently desperate to believe.

Microsoft Refutes Windows Vista Vulnerability Report
http://www.informationweek.com/news/windows/operatingsystems/showArticle.jhtml?articleID=207603257

"So Vista is definitely much more secure than Win2000 and I don't understand
PCTools' attempt to overthrew this axiom by far-fetched conclusions in their
survey."
http://dkudin.spaces.live.com/blog/cns!5ACDFAF6B73AF165!135.entry

 

[Mark H]

Hmmm.... let's see...

37% better than XP...
That means it is more secure than the most widely used home OS ever
released.

More susceptible than W2K...
It's more susceptible than my Tandy 1000 also which cannot run anything
anymore, much less connect to the internet.
But, then W2K is still used by most businesses, not home users and the
additional layers of protection provided by the company may get confused
with the OS.

 

[dennis@home]

That's what the links were for. Follow them.

From the link you supplied>>>>

"It only takes one attack to destroy a computer or allow hackers to access
your personal and financial information."

There are no OSes that don't have at least one hole so there are no OSes
that don't need additional work/tools to keep them secure including all
windows variants and all unix/linux variants.

You can lead a man to truth. You cannot make him believe.

This is true and I don't suppose you do.

 

[Mike Hall - MVP]

That's what the links were for. Follow them.


You can lead a man to truth. You cannot make him believe.

jim

True, but corporate computer users are locked down way tighter than the
average home user..



--
Mike Hall - MVP
How to construct a good post..
http://dts-l.com/goodpost.htm
How to use the Microsoft Product Support Newsgroups..
http://support.microsoft.com/default.aspx?pr=newswhelp&style=toc
Mike's Window - My Blog..
http://msmvps.com/blogs/mikehall/default.aspx

 

[Joseph Meehan]

Let's see PCTOOLS does what? They sell protection software. I wonder
if they might have a vested interest in those numbers?

 

[jim]

Let's see PCTOOLS does what? They sell protection software. I
wonder if they might have a vested interest in those numbers?

Just an FYI : Those numbers happen to be from the tool that they give away
for FREE - Threatfire.

jim

 

[Adam Albright]

More crap ' research ' from antivirus software vendors.
This is the bullshit from the Threatfire website:

Well duh... there's a lot of crap in this newsgroup. Much of it comes
from idiots like Frank, Bill, Spankdemonkey and assorted fanboys that
don't know any better.

"PCs are under constant attack from viruses, spyware and identity theft.
Every day you hear about a new threat to your PC. They're coming faster than ever before,
they're getting harder to stop and traditional antivirus products are not able to keep up."

There is NOTHING not factual about the above statements.

Now contrast that will the deliberate lie often repeated here that UAC
protects you. It does no such thing. UAC's purpose to is NAG you that
you're about to do something that MAY be harmful. The vast majority of
the time the warning is completely bogus, unfounded and quickly gets
highly annoying since UAC is too stupid to learn from it's experience
thus it will repeatedly nag about the same things over and over
totally defeating the intended purpose to educate users. The reason
why that is true is the cry wolf scenario. When somebody first screams
wolf, the warning gets it's due attention. However when the same
person repeatedly screams wolf he gets less and less attention and
soon is ignored. That is what has happened to UAC. Most of the time
it's nag warnings are without merit, so nobody pays attention.

Soon most either turn off UAC or simply click through the warnings
without paying the slightest attention to them. Either way, Microsoft
totally failed in it's implementation of so-called User Account
Control because most view UAC as a nag, an annoyance and just another
poorly thought out Microsoft boondoggle that makes Vista more sluggish
and interferes with how YOU the user controls HIS computer.

Somewhere in the recent past Microsoft adopted the foolish notion that
it, not you should control your computer. The implemention of UAC,
file permissions and the concept of ownership is another step closer
towards Big Brother taking even full control of what is YOUR computer.
Obviously Microsoft will run into severe resistance from such a
bone-headed, poorly thought out decision. My computers are MY
computers, I paid for them, I own them. Clearly any thinking person
agrees, only dolts and fools would willing give control of their
computers to Microsoft to let them do as they wish with them. So far,
thankfully you still can take control. The question is what about
tomorrow?

 

[C.B.]

Wonderful!

It does fix the dodgy serial buffer problem though, which I believe has
been in Windows since sometime in NT4.0.

I'm still not going to go for it until at least SP2

The opinions of PC Tools are nothing more than self-serving statements
meant to sell their products. I have no faith or interest in their opinions
and/or products.

C.B.

 

[Robert Pendell]

Check out http://www.pctools.com/news/view/id/206/

It reads in part "Ironically, the new operating system has been hailed by
Microsoft as the most secure version of Windows to date. However, recent
research conducted with statistics from over 1.4 million computers within
the ThreatFire community has shown that Windows Vista is more susceptible to
malware than the eight year old Windows 2000 operating system, and only 37%
more secure than Windows XP," Clausen said. "

Just thought you'd like to know....

jim

Hmm... let's see here. Any properly protected system can be kept clean
of spyware. I have had my installation running for a year and have had
only one instance of spyware. That instance was my fault and went
undetected by all anti-spyware except for my own eye. I have 2 years
experience cleaning spyware off of computers and know most if not all of
the tricks they try to get it in the computer and stay hidden. Alot of
the newer ones are very hard to detect.

P.S. - The last one I did loaded in as a non plug and play driver. I'd
like to see anti-spyware remove that one. I did it by hand.

--
Robert Pendell
(e-mail address removed)

"A perfect world is one of chaos."

Thawte Web of Trust Notary
CAcert Assurer

 

[Shenan Stanley]

<snipped>
Entire FUD here:
http://groups.google.com/group/micr...a69d17e9572/ec4c9ce3dc451b46#ec4c9ce3dc451b46
( What's FUD? http://en.wikipedia.org/wiki/Fear,_uncertainty_and_doubt )

Let's see PCTOOLS does what? They sell protection software. I wonder
if they might have a vested interest in those numbers?

Just an FYI : Those numbers happen to be from the tool that they
give away for FREE - Threatfire.

jim,

Seriously - look at what you just said and what you said it in response to.
Let's analyze it...

You seem to be saying that since they give away a version of their software
for free, the point that they also sell protection software for computers is
null and void and thus they have no vested interest in saying that one OS or
another is vulnerable to attack... And strangely - the latest version of the
OS, the one that is spreading in the consumer market quickly and will be
around for quite a while - is mentioned as the weakest. They won't benefit
at all from supposedly pointing out the fact that an OS is vulnerable - but
not so much if you use their product.

Picture it from their point of view... Free or not - they gain market
share. The more people see it - the more people start to believe they may
need something the 'for pay' version has. "$30? *shrug* No biggie - my
pictures and music and contacts and documents are worth that..." starts to
be heard echoing through the masses. 1 million sales at $30/sale - nice
tidy sum in short order. ;-)

While their product may be a fine one (don't know - have had no need to try
it - other free products have filled the gap prior quite nicely) - you
cannot deny that a company that sells (or even gives away) a product that
solves a problem would not benefit from making the problem seem larger than
it may actually be...

- PCTools sells protection software.
- They have a free version of a malware software available.
- They also sell a version of said software.
http://www.threatfire.com/download/
- Computers connected to the Internet are more vulnerable in general.
- Most percentages/statistics are made up to benefit those making up the
numbers. When confronted, it is usually difficult for those who made up the
numbers to present concrete facts backing them up and usually easy for
someone else to bend/make up numbers of their own to the contrary. This is
especially true when dealing with things that are difficult to quantify
because of the lack of reliable numbers (like the security of an OS versus
an older OS and knowing how prevalent those OSes are and what other
protections may already be in place that prevent the supposed issues from
ever even reaching the OS...)

It's very interesting to see where all you posted this:
http://groups.google.com/groups/profile?enc_user=SBS95AwAAAATytbY6VAfM_q59x2ZScCa
.... as well as what type of postings you seem to propogate.

 

[Shenan Stanley]

I have 2 years experience cleaning spyware off of computers and
know most if not all of the tricks they try to get it in the computer
and stay hidden. Alot of the newer ones are very hard to detect.

P.S. - The last one I did loaded in as a non plug and play driver.
I'd like to see anti-spyware remove that one. I did it by hand.

Can you give us some examples of these very hard to detect spyware ?
Where would I go to find them ?
Please post the urls here, I 'd like to checkout my security
settings. Thanks very much.

You want someone to post URLs to places to get infested from? No...?

Vundo sucks - hunt that one down.

I have found - while cleaning up machines - you have better luck cleaning
them with tools like SuperAntiSpyware, Spybot Search and Destroy, SmitFraud,
MultiAV, etc *if* you do it in Safe Mode. This prevented them from loading
at startup and the deletion of the registry keys and dlss and registry files
it applies doesn't happen - allowing the tools to do their work.

 

[jim]

<snipped>
Entire FUD here:
http://groups.google.com/group/micr...a69d17e9572/ec4c9ce3dc451b46#ec4c9ce3dc451b46
( What's FUD?
http://en.wikipedia.org/wiki/Fear,_uncertainty_and_doubt )






jim,

Seriously - look at what you just said and what you said it in response
to. Let's analyze it...

You seem to be saying that since they give away a version of their
software for free, the point that they also sell protection software for
computers is null and void and thus they have no vested interest in saying
that one OS or another is vulnerable to attack... .

Of course they have something to gain. But, in reality, MANY more people
use their free software than buy any of their tools. It is this way with
AVG and other vendors who give out free, diminished feature versions of
their software.

And strangely - the latest version of the OS, the one that is spreading in
the consumer market quickly and will be around for quite a while - is
mentioned as the weakest.

Actually that isn't true. XP proved to be the weakest. Vista was approx
37% better than XP in the area of security according to the published tests.

They won't benefit at all from supposedly pointing out the fact that an OS
is vulnerable - but not so much if you use their product.

I tried Threatfire. But, like Vistas UAC, it blocked too much and was a
general hinderance to my PC use.....so I dumped it.

Picture it from their point of view... Free or not - they gain market
share. The more people see it - the more people start to believe they may
need something the 'for pay' version has. "$30? *shrug* No biggie - my
pictures and music and contacts and documents are worth that..." starts to
be heard echoing through the masses. 1 million sales at $30/sale - nice
tidy sum in short order. ;-)

If only it were that easy.....

While their product may be a fine one (don't know - have had no need to
try it - other free products have filled the gap prior quite nicely) - you
cannot deny that a company that sells (or even gives away) a product that
solves a problem would not benefit from making the problem seem larger
than it may actually be...

Sure they could. But, in today's connected IT world, they would soon be
outed as not really knowing what they were doing or being outright
dishonest. I suspect the resulting negative press would do more harm than
good. I also suspect that they know that.

- PCTools sells protection software.
- They have a free version of a malware software available.
- They also sell a version of said software.
http://www.threatfire.com/download/
- Computers connected to the Internet are more vulnerable in general.
- Most percentages/statistics are made up to benefit those making up the
numbers. When confronted, it is usually difficult for those who made up
the numbers to present concrete facts backing them up and usually easy for
someone else to bend/make up numbers of their own to the contrary. This
is especially true when dealing with things that are difficult to quantify
because of the lack of reliable numbers (like the security of an OS versus
an older OS and knowing how prevalent those OSes are and what other
protections may already be in place that prevent the supposed issues from
ever even reaching the OS...)

We'll see. I'm sure somebody else will call them on this if they cannot
produce satisfactory data to back their claims.

It's very interesting to see where all you posted this:
http://groups.google.com/groups/profile?enc_user=SBS95AwAAAATytbY6VAfM_q59x2ZScCa
... as well as what type of postings you seem to propogate.

Shenan Stanley
MS-MVP

I tend to post articles where they will be acted upon by the most people.

As for the list of all of those articles in your link, the "Post Activity"
portion is bogus data. I am certainly not the author of all of those posts.

Perhaps you (and Google) should do a little digging into how newsgroups work
and the fact that not all (e-mail address removed) users are the same person.

Then again, an MS-MVPs would have more to gain by shooting the messenger of
this topic than by discussing it rationally, wouldn't they?

jim

 

[Shenan Stanley]

jim wrote:

Then again, an MS-MVPs would have more to gain by shooting the
messenger of this topic than by discussing it rationally, wouldn't
they?

Let me address this seperately...

I do not care if Microsoft survives as a business past this second. They
could fade into oblivion for all I care. was granted the award because I
happen to help people in a Microsoft newsgroup. There is nothing nefarious
behind it nor does it keep me from saying anything I desire. Microsoft
sucks in a lot of things they do - and I express this whenever I feel the
need.

I thought I discussed things quite rationally. I would be interested in you
pointing out where my point-counterpoint approach was irrational if you feel
that way.

 

[Gerald309BCPCNet]

More from PCTools about Vista Security ...... Article:

Vista laid low by new malware figures (TechWorld)
PC Tools fires back with more stats. It looks as if Vista's reputation
for
improved security could be heading for the pages of history.
PC Tools has renewed last week's attack on the platform with new
figures that
appear to back up its claim that Vista is almost as
vulnerable as its predecessors. .....

5/19/2008 12:06 PM
Read more | Open in browser

http://www.techworld.com/news/index.cfm?RSS&NewsID=101536

Notes.... One thing missing perhaps in statistics is Users who have
hacked and
circumvented Vista's security settings such as UAC (User Account
Control)
and even simply turning that off or giving permission to malware
alerts - but
actually (them) going a lot further than that on any pc. In security,
which you
can find
at so many HiJackThis Logs forums for instance, are all these families
of
trojans that are just from bad adult sites mainly apparently. Of
course there
was the recent
"Sony rootkit" that was wrongly used as a protection for theirs. And
just
recently there was this nightmare:

Alluring MP3s, movies hit LimeWire, install malware instead
http://tech.groups.yahoo.com/group/Spy-Lerts/message/461

And of course in P2P swapping services as this - it is giving
permission to your
computer system and even the firewall is turned off by users so that
how many
of these persons are in these statistics ? They may do the "I don't
care, I just
turn off all security and download and then I get the free crap to
scan and
remove it" .
What about all those statistics. (In other words it is absurd to think
any
operating system can be run without commercial security softwares
safely).

Statistics like these do not appear to reflect that, and especially
talking
about just Vista OS (operating system) - because you will find a vast
amount of
users
parading this all over the net posting how "aggravating and annoying"
security
settings are and particularly with UAC and other features in Vista.
Going back
to the 'XP Years'
of course also involved a similar situation with DRM (Digital Rights
Management)
in Windows Media Player. When you consider the 'dark sides' of the
internet and
the "free stuff" crowds and adult oriented malicious content sites and
all the
Peer To Peer unlawful file swappings - well it does not take a genius
to realize
that
many of these persons shamelessly and openly discuss this and "work
arounds". So
my comment is for these statistics is to at least give a good "guess-
timate"
of a percentage that is as accurate as possible to disclude these
machines from
statistics. Obviously the percentage of these need that consideration
to
disclude them
with footnotes perhaps. I am sure everyone has heard of this by now -
stealing
copyrighted materials and trying not to get caught, which has not
really worked
at as unlawful.
The negative publicity is that PCTools is just pulling a "publicity
stunt for
sales" - but we all know better. PCTools is considered one of the top
security
products today. I am
just commenting here noticing there seems to be no mention of these
other stats
in this "breaking story" this past week. That can apply to any product
pubs.

SEE....

P2P Dangers (Peer to Peer file swapping)
http://tech.groups.yahoo.com/group/BlueCollarPC/links

Digital rights management
From Wikipedia, the free encyclopedia
http://en.wikipedia.org/wiki/Digital_rights_management

 

[Shenan Stanley]

Shenan Stanley wrote:

Entire FUD here:
http://groups.google.com/group/micr...a69d17e9572/ec4c9ce3dc451b46#ec4c9ce3dc451b46
( What's FUD?
http://en.wikipedia.org/wiki/Fear,_uncertainty_and_doubt )

<inline answers>

Let's see PCTOOLS does what? They sell protection software.
I wonder if they might have a vested interest in those numbers?

Just an FYI : Those numbers happen to be from the tool that they
give away for FREE - Threatfire.

Seriously - look at what you just said and what you said it in
response to. Let's analyze it...

You seem to be saying that since they give away a version of their
software for free, the point that they also sell protection
software for computers is null and void and thus they have no
vested interest in saying that one OS or another is vulnerable to
attack... .

Of course they have something to gain. But, in reality, MANY more
people use their free software than buy any of their tools. It is
this way with AVG and other vendors who give out free, diminished
feature versions of their software.

Where do you get your numbers for the 'MANY more people use their free
software than buy any of their tools"?

And strangely - the latest version of the OS, the one that is
spreading in the consumer market quickly and will be around for
quite a while - is mentioned as the weakest.

Actually that isn't true. XP proved to be the weakest. Vista was
approx 37% better than XP in the area of security according to the
published tests.

I stand corrected. Actually - that was a complete mistake on my part. You
don't go for the latest OS that may be gaining market share - especially
with all the bad press surrounding it - you go for the one that already has
the market share (Windows XP.) The bad press around Windows Vista is
keeping some people at Windows XP at this point - so even for those who have
stuck with Windows 98SE/ME/2000 all this time - they are *likely* to move to
XP before going to anything else... Makes sense.

They won't benefit at all from supposedly pointing out the fact
that an OS is vulnerable - but not so much if you use their
product.

I tried Threatfire. But, like Vistas UAC, it blocked too much and
was a general hinderance to my PC use.....so I dumped it.

Good to know...

Picture it from their point of view... Free or not - they gain
market share. The more people see it - the more people start to
believe they may need something the 'for pay' version has. "$30? *shrug*
No biggie - my pictures and music and contacts and
documents are worth that..." starts to be heard echoing through
the masses. 1 million sales at $30/sale - nice tidy sum in short
order. ;-)

If only it were that easy.....

Seems to be. While it is true they also have to deliver on their promise of
'safer computing' - they are also just playing the odds.

Many people I deal with would likely not get infested by anything just by
their own nature. They check email, go to a few select web pages and are
behind a Cable/DSL router and the Windows XP firewall. Their email provider
filters out a bunch of the spam already and they have had it drilled in
their head enough 'don't open the unknown' that they usually just delete it.
So even if their free product isn't any better than the rest - if the
marketing hit the person at the right time and they installed it and they
went a while without issues (whether they would have or not otherwise) -
they might attribute it to the software and recommend it. Word-of-Mouth
advertising - people are more likely to listen to that because it seems to
be coming from people 'just like them'. Basic psychology. ;-)

While their product may be a fine one (don't know - have had no
need to try it - other free products have filled the gap prior
quite nicely) - you cannot deny that a company that sells (or even
gives away) a product that solves a problem would not benefit from
making the problem seem larger than it may actually be...

Sure they could. But, in today's connected IT world, they would
soon be outed as not really knowing what they were doing or being
outright dishonest. I suspect the resulting negative press would
do more harm than good. I also suspect that they know that.

True and not. As I discussed just prior to this and taking my quoted
statement as it is - I said they benefitted from making the problem seem
larger than it was... Nothin you said disputes that and if the problem isn't
really that large and the people therefore never experience an issue while
having said product installed - then they just might be asked, "What do you
use and do you like it?" and they would answer, "Product X and I haven't had
any trouble with it!" and the cycle continues. ;-)

- PCTools sells protection software.
- They have a free version of a malware software available.
- They also sell a version of said software.
http://www.threatfire.com/download/
- Computers connected to the Internet are more vulnerable in
general. - Most percentages/statistics are made up to benefit those making
up the numbers. When confronted, it is usually difficult for
those who made up the numbers to present concrete facts backing
them up and usually easy for someone else to bend/make up numbers
of their own to the contrary. This is especially true when
dealing with things that are difficult to quantify because of the
lack of reliable numbers (like the security of an OS versus an
older OS and knowing how prevalent those OSes are and what other
protections may already be in place that prevent the supposed
issues from ever even reaching the OS...)

We'll see. I'm sure somebody else will call them on this if they
cannot produce satisfactory data to back their claims.

I believe that is what is happening in this thread right now...

It's very interesting to see where all you posted this:
http://groups.google.com/groups/profile?enc_user=SBS95AwAAAATytbY6VAfM_q59x2ZScCa
... as well as what type of postings you seem to propogate.

I tend to post articles where they will be acted upon by the most
people.
As for the list of all of those articles in your link, the "Post
Activity" portion is bogus data. I am certainly not the author of
all of those posts.

Perhaps you (and Google) should do a little digging into how
newsgroups work and the fact that not all (e-mail address removed) users are
the same person.

Acted upon - or cause the biggest flame? ;-)

As for your identity and all those being by you - Never said they were - how
about I dig deeper...

Looking at the headers (of the articles that would be in the same trend as
this one) - I see most of them are coming from bellsouth.net.
bignews#.bellsouth.net to be specific. Using Microsoft Outlook Express
6.00.2900.3138...

While you are probably not the only (e-mail address removed) - I do not believe that is
the only criteria being used. ;-)

Then again, an MS-MVPs would have more to gain by shooting the
messenger of this topic than by discussing it rationally, wouldn't
they?

Responded to seperately - as this seems to be sopmething better dealt with
away from the topic at hand.