Note to Microsoft, stop the smear campaigns and fix your shit. Thank you.

[lost_soul]

If you do not know what I am talking about:

http://www.computerworld.com/s/article/9241542/Microsoft_slams_Gmail_s_Gspam_in_latest_Scroogled_attack_ad

 

A few months ago, I fixed a user's machine that was unbootable due to a messed up MBR. Now, the user contacts us and says that while they were checking their email, their machine got taken over by malware. This malware is SIX months old! It is nothing remotely new. When I left this machine the first time, we had set up active AV and applied security updates, and still the fucking OS gets taken over a couple months later, when the user didn't even actively download a file. All they were doing was sifting through and deleting junk mail.

 

So, Microsoft, stop trying to smear your competitors. Fix your swiss-cheese OS so that it can't get hijacked even in the preasance of active AV by simple emails. Your users will thank you. Fortunately when I left this user months ago, I left them with a Knoppix flash drive. All they had to do to keep using the machine was boot from said flash drive. Perhaps next time they check their email, they can use the flash drive too.

[jaxa]

They have some cojones to dig up the "Scroogled" FUD campaign now that we know both services are part of the PRISM program.

[lost_soul]

Exactly. It frankly doesn't matter if MS or Google want to read my mail because its gonna get scanned anyway!

[Fidcal]

This is why I only ever use plain text emails.

[lost_soul]

Yep. We don't expect perfectly secure software, but after fifteen years, we do expect some attack vectors to be closed. In this case, the user *knew* the emails they were dealing with were junk and did not want to interract with them except to delete them. Why do all mail services not block images/scripting in mails by default and make a user click a button to enable it?

 

FYI you can get hacked by a simple jpeg file if the OS has a buffer-overflow exploit that hasn't been patched. I'm not aware of any in current Windows, but they have existed in the past. Here's an article about one:

http://news.cnet.com/2100-1002_3-5975726.html

[AluminumHaste]

Buffer overflows into OS memory territory shouldn't happen in Vista,7 or 8. The memory space for the OS is protected, you can't overflow to it, even if you try on purpose.

[lost_soul]

Well there was also this exploit where all you had to do was plug in a specially crafted USB flash drive, and you became god immediately on the system. Doesn't matter who is logged in, or even if nobody is logged in at all! The problem was in the way Windows identified USB devices at the kernel level.

 

http://fitcom.co/2013/03/13/critical-windows-usb-exploit-allows-flash-drives-to-grant-root-access-patch-issued/

[lost_soul]

I told them months ago to make recovery disks for this computer. They did not listen to me... nobody ever does. Now, we have removed the malware infestation twice and it just comes back later. If we use the recovery partition, the bad guys can just infect that as well.

[someTaff]

Started codin in c# two weeks ago, can't imagine how windows even works. I mean it is Java. How wants Java to run their os?!

[jaxa]

Since when is Windows written in Java.