__/ [ Sinister Midget ] on Monday 25 December 2006 15:58 \__
>
http://www.nytimes.com/2006/12/25/technology/25vista.html?ei=5090&en=49a6ffcc2da87302&ex=1324702800&partner=rssuserland&emc=rss&pagewanted=print
> http://tinyurl.com/yg3xa6
>
> Not all news. But a nice little summary of what's going wrong.
>
> SAN FRANCISCO, Dec. 24 ? Microsoft is facing an early crisis of
> confidence in the quality of its Windows Vista operating system as
> computer security researchers and hackers have begun to find
> potentially serious flaws in the system that was released to
> corporate customers late last month.
>
> On Dec. 15, a Russian programmer posted a description of a flaw that
> makes it possible to increase a user?s privileges on all of the
> company?s recent operating systems, including Vista. And over the
> weekend a Silicon Valley computer security firm said it had notified
> Microsoft that it had also found that flaw, as well as five other
> vulnerabilities, including one serious error in the software code
> underlying the company?s new Internet Explorer 7 browser.
>
> The browser flaw is particularly troubling because it potentially
> means that Web users could become infected with malicious software
> simply by visiting a booby-trapped site. That would make it possible
> for an attacker to inject rogue software into the Vista-based
> computer, according to executives at Determina, a company based in
> Redwood City, Calif., that sells software intended to protect
> against operating system and other vulnerabilities.
>
> The most secure release they've ever done? God, then the others were
> worse than anybody ever suspected!
>
> Despite Microsoft assertions about the improved reliability of
> Vista, many in the industry are taking a wait-and-see approach.
> Microsoft?s previous operating system, Windows XP, required two
> ?service packs? issued over a number of years to substantially improve
> security, and new flaws are still routinely discovered by outside
> researchers.
>
> .....
>
> Microsoft has spent millions branding the Vista operating system as
> the most secure product it has produced, and it is counting on Vista
> to help turn the tide against a wave of software attacks now
> plaguing Windows-based computers.
>
> Vista is critical to Microsoft?s reputation.......
>
> And it's doing a fine job of upholding it, too.
You know, in Spanish, the word "Vista" means "not secure". But you already
knew this...
Symantec Says Windows Vista Will be Less Secure than XP
,----[ Snippet ]
| Symantec said earlier last week that there were no viruses for Apple's
| OS X.
`----
http://www.dailytech.com/article.aspx?newsid=3389
Windows Vista: It's More Secure, We Promise
,----[ Quote ]
| Well, allow me to take a moment to remind everyone of something that
| you might not remember - XP was also touted as being ultra secure.
| Seriously, can anyone honestly look themselves in the mirror and say
| this is the gospel truth? You have got to be kidding me. Similar to
| XP, Microsoft promises to have the most secure Windows version to date
| yet again.
`----
http://www.osweekly.com/index.php?option=com_content&task=view&id=2357&Itemid=449
If Only We Knew Then What We Know Now About Windows XP
,----[ Quote ]
| You can think of Windows XP as a house with a second floor built of
| spackle, wood filler and duct tape.
`----
http://www.washingtonpost.com/wp-dyn/content/article/2006/09/23/AR2006092300510.html?nav=rss_technology
Experts: Windows Vista Won't Do Much to Improve Computer Security
,----[ Quote ]
| Why not? Partly because of security progress that Microsoft already had
| made in its last operating system, Windows XP . Also because a complex
| product like Vista is bound to have holes yet to be discovered. And
| mainly because of the rapidly changing nature of online threats.
`----
http://www.foxnews.com/story/0,2933,235863,00.html
Most security tools not quite ready for Vista
,----[ Quote ]
| "The absence of security software from the major vendors will
| be another reason why business will not migrate to Vista right
| away," said Natalie Lambert, an analyst at Forrester Research.
| That's in addition to the lack of support for Vista in general
| applications, which are the tools businesses need to run their
| operations, she noted.
`----
http://news.zdnet.com/2100-1009_22-6139808.html
Hackers 'Salivating' for Vista
,----[ Quote ]
| Security experts brace for viruses in Microsoft's Windows Vista.
`----
http://www.redherring.com/Article.aspx?a=19959&hed=Hackers+'Salivating'+for+Vista
Vista security: What's in it for you?
,----[ Quote ]
| Hoping this release will solve all your security headaches? Think
| again...
|
| [...]
|
| Promises from Microsoft relating to security are roughly on a par with
| promises from children about not hunting out where their Christmas presents
| are hidden.
`----
http://software.silicon.com/security/0,39024655,39164192,00.htm
Windows Vista's first malware warning
,----[ Quote ]
| Web-based email services expose Windows Vista
`----
http://www.pcadvisor.co.uk/news/index.cfm?newsid=7748
Three of the top ten malware threats run on Microsoft Vista, Sophos
tests show
,----[ Quote ]
| Sophos tested each piece of malware in the top ten on the Vista
| operating system to establish whether users running Vista without
| any third-party security software would avoid infection.
`----
http://www.sophos.com/pressoffice/news/articles/2006/11/toptennov.html?_log_from=rss
Microsoft stands by Patch Tuesday for Vista
,----[ Quote ]
| Software giant Microsoft is set to continue releasing security
| patches and other updates on the first Tuesday of every month
| despite admitting that malicious software authors have started
| exploiting the predictability of its updates.
`----
http://zdnet.com.au/news/software/soa/Microsoft_stands_by_Patch_Tuesday_for_Vista/0,130061733,339272495,00.htm
Is Vista security a selling point?
,----[ Quote ]
| An assortment of new security features in Windows Vista will help
| many consumers become "secure enough," but businesses are unlikely
| to abandon their current levels of additional, backup security if
| they adopt the new operating system, some experts say.
`----
http://news.zdnet.com/2100-9595_22-6137223.html
Vista remains insecure, argues Bill Pill creator
,----[ Quote ]
| At first glance it should be good news, after all it would appear
| that Microsoft has plugged a hole that left the claims of Vista
| being highly secure shot to pieces. Nonetheless, the security
| researcher who demonstrated the original Blue Pill exploit at
| both SyScan 06 in Singapore and the Black Hat briefings in Las
| Vegas earlier in the year, Joanna Rutkowska, has hit back with a
| warning that the methodology used by Microsoft to block her
| pagefile exploit is itself fundamentally flawed and insecure.
`----
http://www.daniweb.com/blogs/entry973.html
Vista PatchGuard Hacked
,----[ Quote ]
| "Hackers have already broken PatchGuard and can disable it. This
| means that hackers can already get malicious code into the Windows
| Vista kernel; while legitimate security vendors can no longer protect
| it. This presents a serious new risk for consumers and enterprises
| worldwide," stated Oliver Friedrichs director of emerging
| technologies in Symantec Security Respons.
`----
http://news.softpedia.com/news/Vista-PatchGuard-Hacked-37979.shtml
Windows kernel protection expected to break soon
,----[ Quote ]
| PatchGuard, a Microsoft technology to protect key parts of Windows,
| will be hacked sooner rather than later, a security expert said Thursday.
`----
http://news.zdnet.com/2100-1009_22-6125274.html
Black Hat Takes Vista to Task
,----[ Quote ]
| She demonstrated two potential attack vectors. One could allow unsigned
| code to be loaded into the Vista kernel. The second vector involved
| taking advantage of AMD's Pacific Hardware Virtualization to inject a
| new form of super malware that Rutkowska claimed to be undetectable.
`----
http://www.internetnews.com/security/article.php/3624861
Windows Vista: It's More Secure, We Promise
,----[ Quote ]
| Well, allow me to take a moment to remind everyone of something that
| you might not remember - XP was also touted as being ultra secure.
| Seriously, can anyone honestly look themselves in the mirror and say
| this is the gospel truth? You have got to be kidding me. Similar to
| XP, Microsoft promises to have the most secure Windows version to date
| yet again.
`----
http://www.osweekly.com/index.php?option=com_content&task=view&id=2357&Itemid=449
Perspective: Why Microsoft is wrong on Vista security
,----[ Quote ]
| The net-net is that the user is demonstrably less safe as compared to
| during the XP days, when security vendors could use their advanced
| behavioral features.
`----
http://news.com.com/Why+Microsoft+is+wrong+on+Vista+security/2010-7349_3-6123924.html
http://tinyurl.com/fdhzw
IE 7 bugs abound
,----[ Quote ]
| "But browser testers may already be at risk, according to security
| researcher Tom Ferris. Late Tuesday, Ferris released details of a potential
| security flaw in IE 7. An attacker could exploit the flaw by crafting a
| special Web page that could be used to crash the browser or gain complete
| control of a vulnerable system, Ferris said in an advisory on his Web site.
| Microsoft had no immediate comment on Ferris' alert."
`----
http://news.com.com/2100-1002_3-6034054.html?part=rss&tag=6034054&subj=news
Symantec highlights Windows Vista user vulnerabilities
,----[ Quote ]
| Symantec has shed more light on potential vulnerabilities in Windows
| Vista that could circumvent new security measures and leave users
| vulnerable to attack.
`----
http://www.theregister.co.uk/2006/08/02/symantec_windows_vista_security/
Symantec continues Vista bug hunt
,----[ Quote ]
| After poking around the Windows Vista networking stack, Symantec
| researchers have tried out privilege-escalation attacks on an early
| version of the Windows XP successor.
|
| "We discovered a number of implementation flaws that continued to allow
| a full machine compromise to occur," Matthew Conover, principal
| security researcher at Symantec, wrote in the report titled "Attacks
| against Windows Vista's Security Model." The report was made available
| to Symantec customers last week and is scheduled for public release
| sometime before Vista ships, a Symantec representative said Monday.
`----
http://news.zdnet.com/2100-1009_22-6097976.html
Six reasons you'll hate networking in Windows Vista
,----[ Quote ]
| Author finds some details 'maddening,' 'brain dead' and 'laughably
| rudimentary.'
`----
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9003835&pageNumber=1
Symantec Finds Flaws In Vista's Network Stack
,----[ Quote ]
| Researchers with Symantec's advanced threat team poked through
| Vista's new network stack in several recent builds of the
| still-under-construction operating system, and found several bugs
| -- some of which have been fixed, including a few in Monday's
| release -- as well as broader evidence that the rewrite of the
| networking code could easily lead to problems.
|
| [...]
|
| Among Newsham's and Hoagland's conclusions: "The amount of new
| code present in Windows Vista provides many opportunities for
| new defects."
|
| "It's true that some of the things we found were 'low-hanging
| fruit,' and that some are getting fixed in later builds,"
| said Friedrichs. "But that begs the question of what else
| is in there?"
`----
http://www.techweb.com/wire/security/190700049;jsessionid=MWLALDT21M1...
Symantec sees an Achilles' heel in Vista
,----[ Quote ]
| Some of Microsoft's efforts to make Windows Vista its most stable and
| secure operating system ever could cause instability and new security
| flaws, according to a Symantec report.
|
| [...]
|
| "Microsoft has removed a large body of tried and tested code and
| replaced it with freshly written code, complete with new corner cases
| and defects," the researchers wrote in the report, scheduled for
| publication Tuesday.
`----
http://news.zdnet.com/2100-1009_22-6095119.html
McAfee: Microsoft completely unrealistic on Vista
,----[ Quote ]
| Windows Vista does not ship with antivirus software installed and active,
| but for the first time Microsoft will be promoting their own antivirus
| service in Windows OneCare. Alex Eckelberry, CEO of Sunbelt Software,
| has already called Microsoft's plans predatory based on pricing. McAfee
| is focusing its critique on operating system design, arguing instead that
| Microsoft's decisions with Vista will simply make the operating system
| less secure.
|
| In the advertisement, McAfee CEO George Samunek is quoted as saying,
| "Microsoft is being completely unrealistic if, by locking security
| companies out of the kernel, it thinks hackers won't crack Vista's kernel.
| In fact, they already have." The advert continues: "With its upcoming
| Vista operating system, Microsoft is embracing the flawed logic that
| computers will be more secure if it stops co-operating with the
| independent security firms."
`----
http://arstechnica.com/news.ars/post/20061002-7875.html
Cisco exec: Windows Vista is scary
,----[ Quote ]
| "Parts of Vista scare me," Gleichauf said at the Gartner Security Summit
| here on Monday. "Anything with that level of systems complexity will have
| new threats, as well as bringing new solutions. It's always a struggle
| in security, trying to build for what you don't know."
`----
http://news.zdnet.com/2100-1009_22-6116823.html
,----[ Quote ]
| "Up to 60% of the code in the new consumer version of Microsoft new Vista
| operating system is set to be rewritten as the Company 'scrambles' to fix
| internal problems a Microsoft insider has confirmed to SHN... Microsoft has
| also admitted that it has major problems in it's Windows division and has
| has immediately initiated a total restructure of the division..."
`----
http://www.smarthouse.com.au/Computing/Platforms?Article=/Computing/Platforms/R7G5G6U4
Microsoft distributes Grisoft antivirus for Vista
,----[ Quote ]
| Microsoft is making the Grisoft AVG Anti-Virus 7.5 and AVG Anti-Virus
| Free Edition packages available via the Windows Security Center channel
| as a Windows Vista security solution.
`----
http://www.computerweekly.com/Feeds/RS/Articles/2006/11/08/219742/Microsoft+distributes+Grisoft+antivirus+for+Vista.htm
Study: Symantec Best at Removing Rootkits; Microsoft Worst
,----[ Quote ]
| The application that performed the poorest, according to
| Thompson, was Microsoft's Microsoft Windows Defender (Beta 2),w
| hich is being built into the Windows Vista operating system.
`----
http://www.eweek.com/article2/0,1895,2051268,00.asp
Security Suite Smackdown, Part I
,----[ Quote ]
| Eight of the biggest names in security go head to head in
| this round up of the best (and worst) of the apps that
| aim to keep you safe.
`----
http://www.pcmag.com/article2/0,1895,2031667,00.asp
(Microsoft's Live OneCare is 7th of out 8 products)
Attackers end-run around IE security
,----[ Quote ]
| The vulnerability underscores that the improvements in security in the
| latest version of Microsoft's browser, Internet Explorer 7, do not
| eliminate the threats of older components of Windows, said Gunter
| Ollmann, director of IBM Internet Security Systems' X-Force
| vulnerability research team.
|
| [...]
|
| Online criminals frequently use flaws in ActiveX to install malicious
| code on victims' PCs via their browsers. One tool - known as WebAttacker
| and sold from a Russian website for about $20 - has had great success
| in compromising the security of victims' computers.
`----
http://www.theregister.co.uk/2006/11/08/ie_security_analysis/
Microsoft: Arrogance leads to Vulnerability
,----[ Quote ]
| Chatting with the Microsoft senior sales people, I was struck by
| their incredible arrogance. They know the company's products are good,
| but they have no qualms whatsoever about charging top dollar as a
| result.
|
| It reminds us how Microsoft used to behave when it comes to their
| products' security records. IE5 and 6 were nothing short of being
| proper Swiss Cheese with loads of holes in them but hey, they had 95%
| of the browser market at that time and couldn't care less.
`----
http://securityblog.itproportal.com/?p=514
Make informed decisions. Stop listen to Microsoft's propaganda machine (void
promises) and Get the Facts.
Microsoft Windows: Insecure by Design
http://www.washingtonpost.com/ac2/wp-dyn/A34978-2003Aug23?language=printer
Why Windows is a security nightmare.
http://www.smh.com.au/articles/2004/05/21/1085120110704.html
The Structural Failures of Windows
http://www.theinquirer.net/default.aspx?article=15305
Security Report: Windows vs Linux
,----[Executive summary ]
| Finally, we also include a brief overview of relevant conceptual
| differences between Windows and Linux, to offer an insight into why
| Windows tends to be more vulnerable to attacks at both server and desktop,
| and why Linux is inherently more secure
`----
http://www.theregister.co.uk/security/security_report_windows_vs_linux/
--
~~ Kind greetings and happy holidays!
In an Open world without walls or fences, who needs Windows or Gates? -- ??
http://Schestowitz.com | GNU/Linux ¦ PGP-Key: 0x74572E8E
Mem: 514480k total, 475968k used, 38512k free, 18200k buffers
http://iuron.com - next generation of search paradigms
|
|
