In article <email@example.com>, DevilsPGD
> While true, the vast majority of malware released post-XPSP2 requires
> explicit user intervention to install it.
Maybe. It's also true that a lot of pre-XPSP2 malware is still
circulating. Do you have any idea how long it takes to download and
install something like SP2 when all you have is a 33Kbaud dial-up
connection? And that's assuming the systems are set to automatically
download and install updates.
I support many people on dialup. In spite of what the government wants
you to believe about broadband coverage, there are a LOT of people who
can't get it, and the phone companies have no incentive to invest in
the infrastructure to provide it. None of the ones I visit ever have
SP2 installed, or even most of the earlier updates. I always take a CD
full of updates along with me to do it for them.
And a dial-up connection has no firewall, and typically has all of the
default services still enabled.
Even unpatched new systems (with SP2) are at risk. A number of the
exploits take advantage of IE holes that don't require any more user
involvement than retrieving content from a malicious web site or
accessing malicious email (sometimes just the preview pane is enough,
sometimes not even that is needed) thanks to Outlook/OE integration
John Meissen firstname.lastname@example.org