What a beautiful story, isn't it?

Just came to my sight.

As I use Windows extremely seldom, even then in a VM detached from network, I feel safe.
But just can’t decide wether to cry or to laugh?

1 Like

Microsoft, for its part, downplayed the impact of this campaign. The company said the attack was only effective post exploitation because “an attacker must either have already gained administrative privileges in order to be able to run the installer to update the registry and install the malicious driver the next time the system boots or convince the user to do it on their behalf.”

I’ve heard explanations like this from the Linux side, too, whenever there was an exploit in the news.

Additionally, if a Windows user with a Linux responsibility type is greeted with such a message, they won’t blindly trust the request for administrative privileges. They would first investigate what is asking for it and why.

That said, of course, this is stupid of Microsoft to approve, however it’s often forgotten that Microsoft does everything at a huge scale. Most people probably can’t imagine how many times drivers get signed every single day by Microsoft. If they sign huge amounts, having 1 wrong is not that bad.
This would be a problem in the Linux world, as well, if this world would have work at such a scale. It’s easy to compare Linux and Windows in such ways, but it’s sometimes unfair. Sometimes it’s unfair for Linux, other times it’s unfair for Microsoft, as in this case, especially because there is rarely a profitable reason to exploit Linux, while exploiting Windows is pretty much always profitable. So the amount of malicious software that is produced for Linux is obviously by a huge amount smaller, then the amount produced for Windows.
I can’t find any statistics for those claims, but I think they are obviously true, when you look at things like, for example, how many end-consumers use Windows vs. how many of them use Linux.

1 Like