Filed under: OS Updates, Security, Windows, Microsoft, Commercial
Hackers: 6, Vista: 0
by Jordan Running Dec 27th 2006 at 1:30PM
About a month after the business release of Windows Vista, and a month before its consumer release, hackers and security researchers have uncovered at least six major security flaws in Microsoft's brand new operating system, the New York Times is reporting. Among flaws discovered are one that allows malicious sites to install malware on a victim's computer and one that allows user permissions to be altered on a corporate network, which could allow malware to be installed without authorization. In addition, one Japanese hacker is offering to sell Vista security flaws for $50,000.I'm not sure whether Microsoft will have a chance to update Vista before it ships to consumers on January 31, or whether they will package fixes as mandatory updates that will be installed as soon as a new Vista PC connects to the internet. Or whether they'll just plug their ears and continue to proclaim that Vista is the most secure OS ever.
[Via Monkey Bites via Street Tech]
So, just how good at time waster games are you? Think you've got the stuff? Well, The World's Hardest Game 2.0 doesn't think you do.
Yes, amazingly, it's possible to have a sequel to a game called "The World's Hardest Game". It doesn't seem logically possible, since if the first one was actually the world's hardest, how could another one come along and share the moniker? It made me doubt the name in the first place. That is, until I tried the game.
The mechanics of the game are very simple. You are a small red square, ...
Reader Comments (Page 1 of 1)
quux said 7:51PM on 12-27-2006
Sigh. *Every* OS out there has had, and will have more security issues discovered. This is the state of software today, and for the forseeable future.
Did MS market Vista as 'totally secure forever'? No? Then why do so many bloggers like yourself try to re-spin the MS spin into something it is not, never was, and never can be? Of course vulns will be discovered - in this or any other OS. So the question isn't whether they are discovered - but how well they are handled.
Reply
LordDaMan said 10:16PM on 12-27-2006
Here's the real problems. Note it's not even remotly close to the garbage the NYT is printing.
http://www.betanews.com/article/Is_Vista_Really_BugPlagued_as_the_NY_Times_Claims/1167176211/1
Reply
Hamman Samuel said 2:56AM on 12-28-2006
Thanks LordDaMan for the link.
In summary, according to BetaNews, NYT have made at least one mountain out of a mole hill. The bug reported as "allowing malicious code to run" is actually a logical error in a call to the Win32 API function "MessageBox" that could crash the system. Ahem, while this is embarrassing for Microsoft's coders, the bug isn't a security breach as is being reported by NYT.
I'm reading a book on the Windows architecture, and from what I understand, I think is that the main problem with Windows and its infamous crashes is its virtual memory protocols. With Vista running on a revamped kernel, I am hoping that it will be more stable at least.
Reply
epobirs said 9:01AM on 12-28-2006
Be fair. MS is not claiming Vista is the most secure OS ever. They're only speaking in terms of Microsoft operating systems. By all accounts thus far the claim is valid. Bugs will be found but the default state of the product is far better suited to keeping novices out of trouble and makes certain categories of attacks far harder to execute.
There have been far more secure operating systems. Just not stuff you'd want to sell for use on consumer PCs. If ease of use is not an issue the task of securing systems becomes much simplified but that isn't very helpful most of Microsoft's markets.
Reply
Glacia00 said 12:03PM on 12-28-2006
I'm waiting to see if people like Neil T who responded to the "Month of Apple Bugs" post at how irresponsible researchers are to make security flaws public will say the same about this post.
Neil would you say that in this case researchers should be fair and "give full details to the security team/programmers of the affected product and give them ample time to fix the bug, before providing any detailed information about the flaw." or is it just Apple that you feel should be treated that way?
Reply