I've learned to just not worry too much about these things. If MS software has so many holes, after spending billions on code auditing specifically to uncover these issues AND training THEIR coders to write secure code, then YOU SHOULD REALISTICALLY KNOW your other software by small companies is SO MUCH MORE insecure.

Hence, my long term plan is to get a quad/oct-core PC and install a robust firewall, namely Outpost, and a super intelligent AV, namely Kaspersky, to give me confidence in the security of my PC (99.99% more secure than the rest of the PCs in the world)... The other thing to do is pay for identity theft- and credit monitoring services. And the last thing, which will be extremely challenging to implement - use security tokens in kernel/restricted mode (no keyloggers) for SENSITIVE sites (not Betanews lol) or sensitive files/datachunks, via some customized interface. Naturally I'd also need to build a very specialized, highly secure server for that purpose. Would be nice if the server changes my sensitive passwords automagically on every logon or so. ;) Logically, it could also be a proxy server for those sensitive transactions, protecting against man-in-the-middle attacks (as soon as you're logged in it changes the password or texts your cell phone with any balance-reducing transactions it auto-detects every X hours!). ONE DAY...

And in the meanwhile, if I do have the misfortune of someone breaking into my PC (low low probability), I reformat, boost security ahead of time (above mentioned), and change all my passwords... Very unlikely scenario. I sleep very well at night; you probably noticed I'm not a careless/clueless user/clicker...

Me NOD32 & Comodo FW, and only ever purchase online using a debit card.
And, I never ever open attachments not knowing where they originated.
Perhaps I'm fortunate in that I own my 2 domains and stop this garbage at a higher level than the usual punter.

Betanews has advertisements that are hosted on 3rd party sites. Your strategy is completely worthless if those sites start hosting (knowingly or not) malicious code, as has happened before quite a few times with IE6 and activex controls.

You finished the statement saying you think that if large software like Windows can have malicious code, then so can smaller software. You then proceeded to tell us your use of non-mainstream, small vendor software running on top of Windows itself. Do you see the logical fallacy in your confidence? I hope so.

Only a security expert who COMPREHENDS my INTENTIONS could comment sensibly on my plan. You, on the other hand, used an example which is no longer valid:
1. IE7 on Vista WILL run on my FUTURE machines in Protected Mode. That means zero-day exploits will indeed penetrate my browser (without vaseline even!), however, the most they'll be able to f_ck will be my cookies and temporary internet files. That is what Protected Mode means.
2. EVEN IF THEY DID the impossible, and trojan'ed my machine, Kaspersky will smell something fishy going on in the file system, OR LATER ON Outpost will start yelling that some exe (trojan) is trying to "call home".

I see no logical fallacy in using the highest quality available of AV or firewall. Even if a bulletproof vest only protects your torso, it's still highly recommended to wear one as a cop. That means, even if the AV fails to detect on certain instances, or the AV/Firewall are later on discovered to have security holes in them, it's still EASILY STATISTICALLY PROVABLE to protect MUCH MUCH MORE than NOT having them there.

Likewise if Outpost feels too buggy/unstable, there's always ZoneAlarm.

I'd rather run an OS without 3rd party firewall or AV than with. I know how to configure secure machines, I stay on top of zero days, and these applications generally introduce holes just as much as they attempt to protect them. As for AV stability, I've seen AV software take out more systems than I have malware.

Word.

I can see where mjm's coming from.

First you say "If MS software has so many holes, after spending billions on code auditing specifically to uncover these issues AND training THEIR coders to write secure code, then YOU SHOULD REALISTICALLY KNOW your other software by small companies is SO MUCH MORE insecure."

Then you say "Hence, my long term plan is to get a quad/oct-core PC and install a robust firewall, namely Outpost, and a super intelligent AV, namely Kaspersky, to give me confidence in the security of my PC ."

Those are two completely contradictory statements if you read them back. Either software from smaller companies than Microsoft is secure or it's insecure - it can't be both.

quote: ...we continue to recommend that you should always exercise extreme caution when ...

should not be carried forward to: users are stupid for... that's just too harsh--

the main reason for the internet is to learn about new sites(like telling folks that when they step outside their homes to only talk & deal with folks they know / are safe)-- it defeats the purpose to only visit the same few known sites all the time... as well, a known safe site can be taken over & then used to lure one into opening supposedly safe attachments.

On a different note, MS should make it easy to uncouple/substitute browser/shell from OS... and further, encourage such & other unrelated(like nlite/autopatcher/etc... for instance, they should be sponsoring & aiding sites like MSFN. MS stock has stagnated for years... what better way to kick-start it than by granting stock options to the entusiast / modding communities thru contests/contributions/project compensation/etc.) third party, windows enthusiast mods/projects... the increased value obtained thru additional sales, & more importantly: public image & perception(from both private user & regulatory standpoints) would be incalculable.

I just wish we could uninstall IE completly. Problem solved.

If a program is broken, you go to something that is not right? Well not if its IE cause it lingers in the background even if you never use it and can still do things on its own accord if some command is sent to it to do so without your knowledge...

And yea I just do not open any attachments. for any reason. But others that use my network. Not as smart... Not even close.. Oh but this is from my friend.. yea but where did he get it?

I look at attachments and downloads like Russian roulette. If you pull the trigger often enough, sooner or later your gonna blow your head off. Removing IE from a system may not be equivalent to removing the gun or the ammo... but certainly it adds a few more slots to the revolver so your less likely to get shot per spin.

I gotta mention TinyXP again. Google it.

No IE. No Outlook.

Fast. Not just snappy, but Fast. The way XP should have been from the start.

It's also pirated software. This is Betanews, not WarezNews. If you want to strip down XP just get nLite and do it legally, this isn't exactly something new, unless this is 1998.

Or just install GNU/Linux and be done with the steaming pile of M$. You can customize the install however you like.

If you own a copy of XP Pro, it's not pirated because it *is* an nlite'd version of XP Pro.

It's also *much* easier than nliteing it yourself. These guys did their homework.

It would have been nice if they'd posted the file nlite spits out with all the prefs so one could easily build it themselves, but...

Unless you dislike Linux.

...then you're kinda stuck.

Morally maybe, but it's still illegal to download it whether you bought a copy or not.

I don't even use the windows shell or IE7. I use Firefox and BBlean.

Still security is too shaky. Still planning the move to OpenBSD... eventually. Step one is almost complete.

Does anyone really know if this is true - or is it just another shameless way for MS to push upgrades to Vista?

Too bad Apple doesn't license OS X. I can't bring myself to buy their closed hardware, but Leopard sounds great.

Wonder what kind of way MS will bash Vista when Windows 7 is pushed in a few years.

Proprietary software at it's finest!

Definitely, it couldn't possibly be the fault of those folks who are "opening unsolicited attachments from both known and unknown sources and/or visiting untrusted websites."

Nah, just blame Microsoft. It's much easier...

Yeah, it is the users fault that clicking on a URL installs a rootkit.

Sure, no OS is immune to the stupid user, but a lot of M$ security problems are due to the horrible design of M$ OS.

How does that relate in any way to the OP's comment regarding this article, where it states, as quoted, one can avoid this problem by not being a "stupid user".

The post you replied to, which has not been edited is: "Proprietary software at it's finest!".

Not sure what you are refering to...

the only thing I blame MS for in this case is making IE integrated into the OS so that I can not uninstall it from my computer if I do not want it in there at all...

Well, after reading the article, about an apparent "vulnerability" caused by users who cannot seem to stop ordering viagra....(makes you wonder what the world population would be like now without it..)

My guess is that the reply to the OP concenerned exactly that part of the article, whereas yours was not technically based on the article, but on your views in general regarding closed source software.

Two different views.

Can't we all just get along? (Joking, I know we can't. It's the joys of being, well, different.)

TinyXP!

(I'm turning into a spammer)

Google it, it's awesome. No IE (Can't even install the M'Effer).

/You may now resume intelligent posting.