Wall Street Wonderland

The good, the bad and the unspeakably ugly and everything in between, so help us!

Tuesday, December 26, 2006

Go figure….Vista is Not Secure!

Way to go, M’soft! Five long years in the making and still there are major snafus. According to reports, computer security researchers and hackers have begun spotting potentially serious flaws in Microsoft's Windows Vista system that was released to corporate customers late last month.

A Russian programmer posted a description of a flaw on Dec 15, which enables increasing users' privileges on all of Microsoft's recent operating systems, including Vista.

During the Christmas weekend, a Silicon Valley-based security firm said it notified Microsoft about another flaw it found, plus five other vulnerabilities, including one serious bug in the software code underlying the IE 7 browser. The firm said the browser flaw could result in Web users getting infected with malicious software simply by visiting booby-trapped Web sites.

California-based Determina, a vendor of anti-vulnerability software, added that the browser flaw could make it possible for attackers to inject rogue software into Vista-based computers.

Microsoft said on its Web site that the company is closely monitoring the vulnerability described by the Russian programmer. In a statement, Microsoft said that as of now, they have not observed any public exploitation or attack activity based on this flaw.

A Microsoft spokeswoman said the company is also investigating the browser flaw, and that as of now, they are not aware of any attacks attempting to use this flaw.

According to sources at Determina, the browser flaw, by itself, can permit damage such as information theft, etc,

But, the 'sandbox' software in IE 7 would control damage even if a malicious program were to subvert the operation of the browser.

However, according to Determina, when coupled with the ability of the first flaw, it might be possible to circumvent the 'sandbox' controls and alter files, and potentially permanently infect a target computer.

All in all, Determina warns people not to get complacent as the company expects a rash of Vista bugs to pop up in the next six months to one year.

Ironically, Microsoft has spent hundreds of millions in branding Vista as the most secure product they've ever produced, and is depending on Vista to help turn the tide against a wave of software attacks now plaguing Windows-based computers.

http://www.techtree.com/India/News/Microsoft_Vista_is_Not_So_Secure/551-78101-582.html

posted by Holden D. Redbone @ Tuesday, December 26, 2006

0 Comments:

Post a Comment

<< Home