Comments on: Microsoft takes on spam zombies

Campaign against junk e-mail is expanded to target criminals who hijack PCs to send spam messages.

[hadaso]

First thing: don't run with administrator credentials!

THe first thing one has to do is not to run a PC with administrator credentials:

In Windows XP go to the "users" in the control panel, create another "user" called "admin". Choose a password for "admon".
Then choose the "user" you always use and change its "rights" to "limited account". Do it for any user of the PC if you have several users defined. Perform everyday tasks such as web-surfing, usinf office software etc. only as "limited user". You don't need more "rights" to do these things. And viruses etc. can use only the rights of the account they find working. If you surf as "administrator" you allow any website to install things on your PC, including software that grabs control of your PC.

Only use the "admin" account to do administrative stuff that requires these "rights", such as using Windows update to update the OS, or scanning for viruses or spyware, or installing software. Actually, most of these can also be done without working in the "admin" account. You can right-click almost any software and chose "run as..." and then choose the "admin" account and give the password. This way is safer because only the program you want runs with admin rights and not everything (such as something that manged to get in and waits for an admin account to run so it can use its rights???).

Even this way is not perfect - Windows is far from secure. But it eliminiates almost all risks.

Of course you need a good firewall, and probably scan for for viruses and spyware once in a while. And you should still be suspicious of email attachments and websites you don't know. But I've been using a home network several years this way (with hardware firewall and no regular virus scanning except email on the server) and never got a single virus.

[Bill Dautrive]

Small problem

A large percentage of windows apps simply do not run in anything other then admin mode. Windows permissions are so primitive you can't temporarily give an app admin rights so it can run, keeping the rest of the system in a limited account.

Windows as a multi-user enviroment was an afterthought and the implementation shows it.

It is not a bad move, what MS is trying to do, but they need to accept responsibility themselves. Sure the criminals are at fault also, but so is MS for marketing a woeful unsecure system to computer novies. Then there is the fact that you can never get a windows box to match the default security of a linux box, unless you do drastic things like pull the internet connection from windows.

Would a bank be blamed that it got robbed because it left its vaults and front doors unlocked and wide open overnight with the only security being a drunken guard? You bet they would, along with the thieves, and rightly so!

MS has done the exact same thing with windows and should be held responsible.

[Andrew_Guly]

"...tens of millions of zombie computers..."

Pls, tell me, how many computers of "tens millions of zombie" is running on MS Windows? 99 or 100%? ;-)