Running a program via the command prompt is trivial: drag the program on top of the command-prompt icon and drop it. As I said, users are already known to be willing and able to jump through more hoops than that to run malware. If you want to protect users you need to be at least current with the curve, not a year or more behind it.

As for the security center, yes code would have to have run. You only get to use that excuse if you haven't left holes through which code can be run, though. And if that code which you've left holes for can diddle the security-center settings, all the malware needs to do is convince the user that this one little alert that won't happen again is something they should just ignore. Easy enough to do when users have become accustomed to such ignorable alerts over the years (eg. the ubiquitous "unsigned driver" alert).

Bottom line: SP2 does a lot of technical things right, but it misses aspects of user behavior and fundamental system design that are at the roots of the malware problem on Windows.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/265/28400#28400