New
#61
not a bad idea dmex...He was talking about this article: SophosLabs Sets Out to Prove Windows 7 Has Some Vulnerabilities | Maximum PC
I haven't used an AV in three years and still have not been infected, Vista's and 7's additions to the group and local security policy's made it possible for you to null the attack surface of Windows down to your preferences.
Firefox will be my primary browser while they keep nightly-builds as it helps stop drive-by-download exploits, nightly builds help make it near impossible for anyone to find/exploit a flaw and figure out a way to infect your machine before a new build is released all while without you knowing about it.
If UAC had a configuration wizard (like everything else ) that allowed us to specify our own execution level for an application and instead hash checked the program and the dll's it loaded against the preferences we set if indeed we set one for that program, it would then have some real teeth against a huge range of infections or attacks. Vista and Windows 7 include CardSpace in Control Panel and its a secure digitial 'wallet' thats more than capable of acting like a while-list for UAC but has yet been utilized
The current implementation of only checking the executable for a requestedExecutionLevel flag set by the developer and willy-nilly allowing dlls to load into an elevated application and execute code is unacceptable, this is a known limitation since Vista RC1 and I have yet to hear a reason why it hasn't been fixed in two OS releases.