Re: [OT] Re: the ghost of UEFI and Micr0$0ft
On Wed, Jun 6, 2012 at 10:47 AM, Nate Bargmann <firstname.lastname@example.org> wrote:
> * On 2012 06 Jun 12:13 -0500, Tom H wrote:
>> It's not irrelevant. Irrespective of Linux using or not using Secure
>> Boot, I want Microsoft to take every measure the it can take to reduce
>> the number of compromised Windows boxes and therefore reduce the
>> number of attacks on my Linux boxes.
> What is the predominant attack vector toward MS Windows? It's via the
> network and then being able to compromise components of the OS and
> machine, right?
I sincerely doubt it. Although I guess it depends on what you mean by
"via the network". Worms that infect like SQL Slammer are relatively
rare, AFAIK most malware get in via drive-by downloads, or intentional
installation of programs that are infected. Those are user issues and
browser issues (though local OS exploits may be used after the
browser security is bypassed). Though these get delivered by the
network, it isn't the same as vulnerabilities in, say, the TCP/IP
stack, or a vulnerable OS daemon/service.