A FLAW has been discovered in Microsoft's flagship Windows Vista operating system, but the company has said it won't fix the glitch until its next, as-yet unannounced, service pack. http://www.theinquirer.net/gb/inquirer/news/2008/11/24/vista-kernel-vulnerable
I just rebuilt my Vista machine and have been running as an administrator, dang... security is a pain in the arse bigtime.. I know not to run as an administrator too... Buffer overrun... jeez, buffer over and under runs have been a huge source of hacks, you'd think uSoft could just test for those things very thoroughly... build a hardware system that would alert to a buffer problem even...
I'm not exactly a Microsoft fan, but all this appears to be at this point is essentially social engineering. All operating systems are vulnerable to users with admin privileges allowing things to happen that should not.
Running ANY system (be it Windows or UNIX-like OS) as administrator is the big "no no" which is able to eliminate all security measures available in OS... Every code contains vunlerabilities, just because it's written by mere humans... But Microsoft has trained whole generations of users completely ignorant about security who think running system as administrator is normal and both XP and Vista by default create administrator account... Vista at least tries to warn about dangers of doing so, but still I consider it nearly crime from Microsoft that they do not explicitly warn and educate users about security flaws and measures... What can be easier than create a bright bold warning, or go by the path of Ubuntu where "root" account is disabled by default at all... Vista is a big step forward in this sense, compared to XP, at least if you run it under normal user and want to perform administrative tasks it warns you of potential danger of doing so with unknown software, but still very far from being enough....
Just to be safe, I do all my browsing in a sandbox. Sandboxie is free and will keep any malware you pick up while browsing safely off your 'root'. http://sandboxie.com/ Security is a pain, but the extra layer is worth it.
I have played with Sandboxie, basically it keeps hackers from writing to your hdd but they still can come in, steal info during the session. As a direct application to trading, I wonder if one program [say Ninjatrader] can run in the sandbox and access the API of another program [say TWS] but such that TWS cannot access anything related to Ninjatrader such as source files...
Windows was full of vulnerabilities since 3.1 .. Let me tell you a simple and true statistic - out of every 10-15 lines of code there is misused syntax or a function that can potentially be exploited by an attacker to gain administrative access to a system or even cause a Denial or service attack. And Windows has millions of lines of code for the core OS alone.. Thatâs excluding all the applications that create additional layers of security concerns. Just be careful what websites you browse and what applications you install on your system. simple as that.