Erik Funkenbusch wrote:
> On Mon, 16 Oct 2006 20:25:43 +0100, Roy Schestowitz wrote:
>
>> Vista PatchGuard Hacked
>>
>> ,----[ Quote ]
>>| "Hackers have already broken PatchGuard and can disable it. This
>>| means that hackers can already get malicious code into the Windows
>>| Vista kernel; while legitimate security vendors can no longer protect
>>| it. This presents a serious new risk for consumers and enterprises
>>| worldwide," stated Oliver Friedrichs director of emerging
>>| technologies in Symantec Security Respons.
>> `----
>>
>> http://news.softpedia.com/news/Vista-PatchGuard-Hacked-37979.shtml
>>
>> This is not an isolated incident. I'll spew out my usual links. Here's
>> one scoop which was published just days ago:
>>
>> Windows kernel protection expected to break soon
>>
>> ,----[ Quote ]
>>| PatchGuard, a Microsoft technology to protect key parts of Windows,
>>| will be hacked sooner rather than later, a security expert said
>>| Thursday.
>> `----
>>
>> http://news.zdnet.com/2100-1009_22-6125274.html
>>
>> So the 'mission' has already been accomplished, but it's not the first
>> crease on Vista's face.
>>
>> Black Hat Takes Vista to Task
>>
>> ,----[ Quote ]
>>| She demonstrated two potential attack vectors. One could allow unsigned
>>| code to be loaded into the Vista kernel. The second vector involved
>>| taking advantage of AMD's Pacific Hardware Virtualization to inject a
>>| new form of super malware that Rutkowska claimed to be undetectable.
>> `----
>>
>> http://www.internetnews.com/security/article.php/3624861
>>
>> Windows Vista: It's More Secure, We Promise
>>
>> ,----[ Quote ]
>>| Well, allow me to take a moment to remind everyone of something that
>>| you might not remember - XP was also touted as being ultra secure.
>>| Seriously, can anyone honestly look themselves in the mirror and say
>>| this is the gospel truth? You have got to be kidding me. Similar to
>>| XP, Microsoft promises to have the most secure Windows version to date
>>| yet again.
>> `----
>>
>>
http://www.osweekly.com/index.php?option=com_content&task=view&id=2357&Itemid=449
>>
>> Perspective: Why Microsoft is wrong on Vista security
>>
>> ,----[ Quote ]
>>| The net-net is that the user is demonstrably less safe as compared to
>>| during the XP days, when security vendors could use their advanced
>>| behavioral features.
>> `----
>>
>>
http://news.com.com/Why+Microsoft+is+wrong+on+Vista+security/2010-7349_3-6123924.html
>> http://tinyurl.com/fdhzw
>>
>> IE 7 bugs abound
>>
>> ,----[ Quote ]
>>| "But browser testers may already be at risk, according to security
>>| researcher Tom Ferris. Late Tuesday, Ferris released details of a
>>| potential security flaw in IE 7. An attacker could exploit the flaw by
>>| crafting a special Web page that could be used to crash the browser or
>>| gain complete control of a vulnerable system, Ferris said in an advisory
>>| on his Web site. Microsoft had no immediate comment on Ferris' alert."
>> `----
>>
>>
http://news.com.com/2100-1002_3-6034054.html?part=rss&tag=6034054&subj=news
>>
>> Symantec highlights Windows Vista user vulnerabilities
>>
>> ,----[ Quote ]
>>| Symantec has shed more light on potential vulnerabilities in Windows
>>| Vista that could circumvent new security measures and leave users
>>| vulnerable to attack.
>> `----
>>
>> http://www.theregister.co.uk/2006/08/02/symantec_windows_vista_security/
>>
>> Symantec continues Vista bug hunt
>>
>> ,----[ Quote ]
>>| After poking around the Windows Vista networking stack, Symantec
>>| researchers have tried out privilege-escalation attacks on an early
>>| version of the Windows XP successor.
>>|
>>| "We discovered a number of implementation flaws that continued to allow
>>| a full machine compromise to occur," Matthew Conover, principal
>>| security researcher at Symantec, wrote in the report titled "Attacks
>>| against Windows Vista's Security Model." The report was made available
>>| to Symantec customers last week and is scheduled for public release
>>| sometime before Vista ships, a Symantec representative said Monday.
>> `----
>>
>> http://news.zdnet.com/2100-1009_22-6097976.html
>>
>> Six reasons you'll hate networking in Windows Vista
>>
>> ,----[ Quote ]
>>| Author finds some details 'maddening,' 'brain dead' and 'laughably
>>| rudimentary.'
>> `----
>>
>>
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9003835&pageNumber=1
>>
>> Symantec Finds Flaws In Vista's Network Stack
>>
>> ,----[ Quote ]
>>| Researchers with Symantec's advanced threat team poked through
>>| Vista's new network stack in several recent builds of the
>>| still-under-construction operating system, and found several bugs
>>| -- some of which have been fixed, including a few in Monday's
>>| release -- as well as broader evidence that the rewrite of the
>>| networking code could easily lead to problems.
>>|
>>| [...]
>>|
>>| Among Newsham's and Hoagland's conclusions: "The amount of new
>>| code present in Windows Vista provides many opportunities for
>>| new defects."
>>|
>>| "It's true that some of the things we found were 'low-hanging
>>| fruit,' and that some are getting fixed in later builds,"
>>| said Friedrichs. "But that begs the question of what else
>>| is in there?"
>> `----
>>
>> http://www.techweb.com/wire/security/190700049;jsessionid=MWLALDT21M1...
>>
>> Symantec Says Windows Vista Will be Less Secure than XP
>>
>> ,----[ Snippet ]
>>| Symantec said earlier last week that there were no viruses for Apple's
>>| OS X.
>> `----
>>
>> http://www.dailytech.com/article.aspx?newsid=3389
>>
>> Symantec sees an Achilles' heel in Vista
>>
>> ,----[ Quote ]
>>| Some of Microsoft's efforts to make Windows Vista its most stable and
>>| secure operating system ever could cause instability and new security
>>| flaws, according to a Symantec report.
>>|
>>| [...]
>>|
>>| "Microsoft has removed a large body of tried and tested code and
>>| replaced it with freshly written code, complete with new corner cases
>>| and defects," the researchers wrote in the report, scheduled for
>>| publication Tuesday.
>> `----
>>
>> http://news.zdnet.com/2100-1009_22-6095119.html
>>
>> McAfee: Microsoft completely unrealistic on Vista
>>
>> ,----[ Quote ]
>>| Windows Vista does not ship with antivirus software installed and
>>| active, but for the first time Microsoft will be promoting their own
>>| antivirus service in Windows OneCare. Alex Eckelberry, CEO of Sunbelt
>>| Software, has already called Microsoft's plans predatory based on
>>| pricing. McAfee is focusing its critique on operating system design,
>>| arguing instead that Microsoft's decisions with Vista will simply make
>>| the operating system less secure.
>>|
>>| In the advertisement, McAfee CEO George Samunek is quoted as saying,
>>| "Microsoft is being completely unrealistic if, by locking security
>>| companies out of the kernel, it thinks hackers won't crack Vista's
>>| kernel. In fact, they already have." The advert continues: "With its
>>| upcoming Vista operating system, Microsoft is embracing the flawed logic
>>| that computers will be more secure if it stops co-operating with the
>>| independent security firms."
>> `----
>>
>> http://arstechnica.com/news.ars/post/20061002-7875.html
>>
>>
>> Cisco exec: Windows Vista is scary
>>
>> ,----[ Quote ]
>>| "Parts of Vista scare me," Gleichauf said at the Gartner Security Summit
>>| here on Monday. "Anything with that level of systems complexity will
>>| have new threats, as well as bringing new solutions. It's always a
>>| struggle in security, trying to build for what you don't know."
>> `----
>>
>> http://news.zdnet.com/2100-1009_22-6116823.html
>>
>> The remedy is going back to ground zero.
>>
>>
http://www.smarthouse.com.au/Computing/Platforms?Article=/Computing/Platforms/R7G5G6U4
>>
>> ,----[ Quote ]
>>| "Up to 60% of the code in the new consumer version of Microsoft new
>>| Vista operating system is set to be rewritten as the Company 'scrambles'
>>| to fix internal problems a Microsoft insider has confirmed to SHN...
>>| Microsoft has also admitted that it has major problems in it's Windows
>>| division and has has immediately initiated a total restructure of the
>>| division..."
>> `----
>
> Yes, "spew" out your "usual" links that you keep repeating over and over
> and over again.
>
> Funny that you seem to have missed this one:
>
> http://arstechnica.com/journals/microsoft.ars/2006/10/15/5618
>
> "On Friday, the company held a press conference announcing that it would
> open the Windows kernel to third-party security companies. By offering an
> extended, kernel-level API (Application Programming Interface), Microsoft
> will give anti-virus makers a way to access the Windows kernel,
> potentially avoiding conflicts with Vista's PatchGuard technology. Only
> available in the 64-bit version of Vista, PatchGuard protects the kernel
> from being modified by a third-party."
>
> But that would violate your bias...
But why ONLY the 64bit version? And patchguard has been cracked. Now why
would Microsoft "open" the kernel api, on a 64bit platform, that's not
highly supported like it's 32bit one? Thus locking out third party security
software houses from it's bread-n-butter 32bit offering... Hmmm...
Yup, MicroSofty does NOT play fair. Frankly, if people would wait a bit
longer, I suspect that Vist will be busted wide open once it goes g.a...
enough for ANYONE to plug into the kernel, including third party security
software vendors.
--
Jerry McBride
|
|