"Flaws Are Detected in Microsoft’s Vista"...really???

sitarro

Gold Member
Nov 17, 2003
5,186
1,028
153
USA
Oooops.........You know, OS 10.5 Leopard WILL be out soon and if it really is an improvement on Tiger this could really hurt Microsoft and make people finally tell them where to go once and for all. The pathetic copying by Microsoft of OS 10 is the most blatant so far. Watch this quick video to see what I mean.....

http://video.on.nytimes.com/ifr_mai...2d0f552x10bd189a138x934&rdm=322739.6646154764

Too bad that after many years, numerous name changes, release dates and now serious security problems Vista still doesn't even compare to the operating system they have been trying in vain to emulate.

This tells about the latest problems with Vista.....

Flaws Are Detected in Microsoft’s Vista

By JOHN MARKOFF
SAN FRANCISCO, Dec. 24 — Microsoft is facing an early crisis of confidence in the quality of its Windows Vista operating system as computer security researchers and hackers have begun to find potentially serious flaws in the system that was released to corporate customers late last month.

On Dec. 15, a Russian programmer posted a description of a flaw that makes it possible to increase a user’s privileges on all of the company’s recent operating systems, including Vista. And over the weekend a Silicon Valley computer security firm said it had notified Microsoft that it had also found that flaw, as well as five other vulnerabilities, including one serious error in the software code underlying the company’s new Internet Explorer 7 browser.

The browser flaw is particularly troubling because it potentially means that Web users could become infected with malicious software simply by visiting a booby-trapped site. That would make it possible for an attacker to inject rogue software into the Vista-based computer, according to executives at Determina, a company based in Redwood City, Calif., that sells software intended to protect against operating system and other vulnerabilities.

Determina is part of a small industry of companies that routinely pore over the technical details of software applications and operating systems looking for flaws. When flaws in Microsoft products are found they are reported to the software maker, which then produces fixes called patches. Microsoft has built technology into its recent operating systems that makes it possible for the company to fix its software automatically via the Internet.

Despite Microsoft assertions about the improved reliability of Vista, many in the industry are taking a wait-and-see approach. Microsoft’s previous operating system, Windows XP, required two “service packs” issued over a number of years to substantially improve security, and new flaws are still routinely discovered by outside researchers.

On Friday, a Microsoft executive posted a comment on a company security information Web site stating the company was “closely monitoring” the vulnerability described by the Russian Web site. It permits the privileges of a standard user account in Vista and other versions of Windows to be increased, permitting control of all of the operations of the computer. In Unix and modern Windows systems, users are restricted in the functions they can perform, and complete power is restricted to certain administrative accounts.

“Currently we have not observed any public exploitation or attack activity regarding this issue,” wrote Mike Reavey, operations manager of the Microsoft Security Response Center. “While I know this is a vulnerability that impacts Windows Vista, I still have every confidence that Windows Vista is our most secure platform to date.”

On Saturday, Nicole Miller, a Microsoft spokeswoman, said the company was also investigating the reported browser flaw and that it was not aware of any attacks attempting to use the vulnerability.

Microsoft has spent millions branding the Vista operating system as the most secure product it has produced, and it is counting on Vista to help turn the tide against a wave of software attacks now plaguing Windows-based computers.

Vista is critical to Microsoft’s reputation. Despite an almost four-and-half-year campaign on the part of the company, and the best efforts of the computer security industry, the threat from harmful computer software continues to grow. Criminal attacks now range from programs that steal information from home and corporate PCs to growing armies of slave computers that are wreaking havoc on the commercial Internet.

Although Vista, which will be available on consumer PCs early next year, has been extensively tested, it is only now being exposed to the challenges of the open Internet.

“I don’t think people should become complacent,” said Nand Mulchandani, a vice president at Determina. “When vendors say a program has been completely rewritten, it doesn’t mean that it’s more secure from the get-go. My expectation is we will see a whole rash of Vista bugs show up in six months or a year.”

The Determina executives said that by itself, the browser flaw that was reported to Microsoft could permit damage like the theft of password information and the attack of other computers.

However, one of the principal security advances of Internet Explorer 7 is a software “sandbox” that is intended to limit damage even if a malicious program is able to subvert the operation of the browser. That should limit the ability of any attacker to reach other parts of the Vista operating system, or to overwrite files.

However, when coupled with the ability of the first flaw that permits the change in account privileges, it might then be possible to circumvent the sandbox controls, said Alexander Sotirov, a Determina security researcher. In that case it would make it possible to alter files and potentially permanently infect a target computer. This kind of attack has yet to be proved, he acknowledged.

The Determina researchers said they had notified Microsoft of four other flaws they had discovered, including a bug that would make it possible for an attacker to repeatedly disable a Microsoft Exchange mail server simply by sending the program an infected e-mail message.

Last week, the chief technology officer of Trend Micro, a computer security firm in Tokyo, told several computer news Web sites that he had discovered an offer on an underground computer discussion forum to sell information about a security flaw in Windows Vista for $50,000. Over the weekend a spokesman for Trend Micro said that the company had not obtained the information, and as a result could not confirm the authenticity of the offer.

Many computer security companies say that there is a lively underground market for information that would permit attackers to break in to systems via the Internet.
 
I simply don't understand how a multi billion dollar company can be so slow in developing software. How are they not nervous about google and apple?
 
Apple has been around since before they started as a company and only has a 5 share of the market. Worried about Apple is the last thing Microsoft cares about. Now Google. They aren't making OS software as far as I know. Direct competition? Not in that case.
 
Apple has been around since before they started as a company and only has a 5 share of the market. Worried about Apple is the last thing Microsoft cares about. Now Google. They aren't making OS software as far as I know. Direct competition? Not in that case.

If MS thinks OS software is the future, they are doomed ;)
 
If MS thinks OS software is the future, they are doomed ;)

Nah, they are creating a db software on tah internets. They're poised for hardcore pWning.. Google is teh rox too, but Microsoft really is ready for the next step. Apple though is best at secondary items like Ipod and isn't something they need to worry so much about.
 
Well, let's put it this way. We used to run all our web applications on Solaris or AIX based servers. For those who don't know what I mean, Solaris and AIX are variants of an OS called "Unix". Unix was developed by Bell Labs in the early 1970s.

For some reason, my company has decided to use Windows based servers. Since we've switched to Windows based servers, almost every weekend has included software patches for those servers. I don't remember the same for Solaris or AIX.
 
Well, let's put it this way. We used to run all our web applications on Solaris or AIX based servers. For those who don't know what I mean, Solaris and AIX are variants of an OS called "Unix". Unix was developed by Bell Labs in the early 1970s.

For some reason, my company has decided to use Windows based servers. Since we've switched to Windows based servers, almost every weekend has included software patches for those servers. I don't remember the same for Solaris or AIX.

Less usage means less holes discovered. So updates happen because of that. It's best to use a different OS for a firewall...
 
If MS thinks OS software is the future, they are doomed ;)

Incorrect. The OS market is the bedrock of all software markets. Microsoft's implementation of hardware abstraction across multiple OS lines has helped them maintain their stranglehold on the OS markets at-large. Where Microsoft HAS seen viable threats is in office productivity suites and enterprise-level database and groupware server software.

Moreover it is worth differentiating thick-client (workstation) operating systems versus the thin-client (workstation) operating systems and server operating systems. Microsoft has its hands on all three tiers of operating system implementation, as well as several other customized flavors for portable, mobile and embedded markets. Using the common abstraction layer of their operating systems, Microsoft is able to successfully promote the "write once, deploy everywhere" paradigm.

Sorry, but I've been hearing about "Windows-slayer" operating systems since Windows was introduced, and none have come close. And as long as consumers move to newer, faster hardware platforms, they'll use the operating systems which offer the most compatibility with the applications they use regularly.
 
Sorry, but I've been hearing about "Windows-slayer" operating systems since Windows was introduced, and none have come close. And as long as consumers move to newer, faster hardware platforms, they'll use the operating systems which offer the most compatibility with the applications they use regularly.

Within 5-10 years google will take over the internet and with it create an online "OS" that connects to massive application servers. Your PCs will turn into terminals that tap into the online OS. It will be free, only supported by their ad system. Also once the new IP protocol comes out (google is buying trillions of addresses already) allowing a fifth octet in the address it will allow every electrical device to have a unique IP address. Essentially allowing you to communicate with your toaster from your online OS provided by google.
 
Within 5-10 years google will take over the internet and with it create an online "OS" that connects to massive application servers. Your PCs will turn into terminals that tap into the online OS. It will be free, only supported by their ad system. Also once the new IP protocol comes out (google is buying trillions of addresses already) allowing a fifth octet in the address it will allow every electrical device to have a unique IP address. Essentially allowing you to communicate with your toaster from your online OS provided by google.

I believe that, eventually, every appliance in your house, and in your car will be on a network. I've heard of trials that use the electrical lines in your home or apartment as the network. Since the power operates at one frequency (60 Hz) and the internet operates at higher frequencies (above 1MHz) they can share the same wire and not interfere with each other. Imagine if, someday, your television, air conditioner, furnace or water heater developed a problem and the repairman being able to diagnose it remotely, then order the parts before setting foot in your door. Or you car's mechanic running diagnostics on your car while it sits in your garage. Or how about your medicine cabinet, cupboards or refrigerators being able to tell you when you're out of something or if something is past its expiration date. I can see elderly people having a computer programmed to automatically order their next batch of prescriptions a day before they run out.

Or all the devices in your car that are on a network (those familiar with avionics know that jets and helicopters have been networked for years).
 

Forum List

Back
Top