Spleen through Vista security

The new Windows version is safer, but this cannot cut off web attacks.

Windows Vista promises better security and Microsoft has also built more " high-handed " security measures into its latest operating system version. But the waves of online crime are also planning to keep their malicious programs alive and growing.

There are already some malicious software that works in Vista, partly because Microsoft tries to make some old programs on XP run on Vista. According to an expert, of a few hundred samples of malicious software that his company frequently has to handle on XP, about 30% of them run on Vista without modification. The remaining number just needs to be edited a bit. False warnings require users to confirm that Windows is enabled (see picture) or search for credit card or bank card details and some other common tips hitting the user's psychology will become sophisticated and widespread. more to overcome Vista's security. You will also see many web-based threats that can steal data through any browser.

A recent attack uses a convincing Windows Activation pop-up to trick users into providing sensitive information.This trend is expected to appear much

Vista gives you a tougher cover for malicious installation software sneaking into your computer. For example, malicious software can be blocked at Vista's User Access Control (UAC) door, so you can predict that user-based attacks will become more common. UAC tries to block the path of malware by denying them, not allowing them to infiltrate important system files. If a user or program tries to make a change in the system, a pop-up window will appear asking the user to "approve" the action.

The problem is that malware authors know that if they can get users to click the OK button only once, the malware can "resolve" UAC. An expert is surprised that he has not seen any attack program that forces UAC prompts to run like spam on your PC, perhaps because users are accustomed to 'OK' for many previous pop-ups. .

Worse, UAC offers only two options for installing - completely blocking the program or allowing the program completely - this is what many security experts consider design errors. So if hackers can trick users into executing settings such as a persuasive pop-up or by hiding in screensavers or in regular download files, it is considered that the system has been captured. yours. UAC looks like a " shadow ".

Danger from the browser

Security experts also warn that you will see more web-based threats even if you have Protected Mode in Vista's Internet Explorer 7. Protected Mode is an intelligent approach, limits IE's ability, or some leak can take control of IE to invade the rest of the operating system, even beyond the control. UAC control. But many web-based attacks can work even in Protected Mode, using malicious JavaScript code to steal your data from online accounts (like a fake auction on eBay recently). but bring users to phishing site. These attacks do not need to access the file system, they just need to get the data through your browser.

Such types of attacks both have limitations and are stronger than the type of attack that installs a malware file on your computer because their 'octopus' can reach many browsers and multiple operating systems but ends when You close the browser.

THREE WAYS OF SELF-PROTECTION

1. Be sensitive to dealing with the type of trick that is directed at the user's psychology.Above all, don't trust any e-mail attachments even from someone you know.The link in the e-mail too, you should always use a bookmark or type in the URL to access your account.

2. Use strong, hard-to-guess passwords for every important website. Many passwords will reduce the risk of stealing all your accounts and services. And the excellent free tools like Stanford's Password Hash can replace memory to manage passwords.

3. Try the download program before you are unsure.Download the file you suspect (if from 10MB or less) onto Virustotal.com, it will scan the file with multiple anti-virus engines to filter malware that the single antivirus program might miss.