There seems to be some confusion here, due to the vagueness of some statements. None of those comments you quoted claims that it's impossible to...
A shame there's so little information here. It doesn't sound like the average malware-du-jour. Isn't there any more information on the...
Yeah, the mention of that vulnerability struck me as strange. But maybe the TDSS folks are using it for HIPS bypass. If the TDSS dropper is...
Do my eyes deceive me or is that a decade-old NT 4 vulnerability that's been patched since practically forever? :o What is that doing in there? ;D...
In my experience, just about any and every security company, or at least their marketing departments. Sure, if you speak to the actual coders and...
Yeah, SafeSys would require the load driver privilege, and limited users don't have that, so SafeSys would do nothing. TDSSKiller also...
Ouch! If Flash actually does that, it's fairly horrible. I don't use Flash on IE, so I wouldn't know. Actually, I plain don't use IE - it doesn't...
Hard to disagree with that. The manufacturers of rollback/light virtualization software have made far too strong marketing statements about...
That's actually pretty impressive, in my humble opinion. On the other hand, would I be wrong if I guessed that the malware is just going to...
;D Well, 10 % is a lot more than 0 %, at least.. In the right hands, UAC can certainly "do the job", I agree. But, as I always like to say, in...
If it ain't broke, stop fixing it. I don't want to see upgrades for the sake of upgrades. If there's a security issue, fix it and release the...
Nice screenshots. :) Now that you're in a testing mood, here's an idea that might make for an interesting test: create yourself a limited user...
My "security setup" is distinctly unimpressive. Typically: - firewall hardware at the network perimeter, if there happens to be a network -...
Some thoughts: 1) The "How do you know you're not infected with malware, if you don't run an AV" argument is hilarious. Let me put it this...
No. In short: UAC is not reliable. UAC is not a security boundary, but LUA is.
The LUA compatible rogue AVs I've seen really were extremely easy to remove - reminding me of the "old school" trojans back when XP was latest and...
Most likely because they were designed to do absolutely nothing that requires administrator privileges, if they detect they're running in a...
Oh yes. Scaremongering is one omni-present thing in the security industry. I love the choice of words here, for example: "Still, even though that...
I can't recall even seeing a proof of concept of something like that, so I'd say theoretical, if even that is the right word to use. Let me put it...
That's a pretty nice first post. ;) Just a couple of thoughts... I'd say a combo of LUA and AppLocker (or SRP if on older Windows systems)...
I'm not sure about that article. I kind of liked it, but there's also stuff that I disagree with, like this part here: Personally, I'd just...
Emphasis mine. ;) As said, one can put digital signatures on files. The difficulty is in putting someone else's digital signature on your file and...
There's no option in the poll for people who use neither real-time nor on-demand AV scanning.
It's not a bad idea - assuming the digital signatures are checked properly. Everything becomes a bad idea when done wrong... Extremely hard....
Yeah, that's indeed possible, but there's a but: usually exploit sites don't push the exact same binary for a very long time - often it's just a...
Separate names with a comma.
