Windows Vista security flaw discovered

Windows Vista security flaw discovered
POSTED: 12:57 p.m. EST, December 26, 2006

NEW YORK (AP) -- Windows Vista, the new computer operating system that Microsoft Corp. is touting as its most secure ever, contains a programming flaw that might let hackers gain full control of vulnerable computers.

Microsoft and independent security researchers, however, tried to play down the risk from the flaw, which was posted on a Russian site recently and is apparently the first affecting the new Vista system released to larger businesses in late November.

more -

http://www.cnn.com/2006/TECH/ptech/12/26/microsoft.security.ap/index.html

Be careful

After all, they would kill their cash cow... you know, the one that lets them pirate all the copies they need. (Microsoft rewards pirates; China and India have the highest piracy rates worldwide. In 2005 it was 90% and 74% respectively...)

Look very, very closely at Microsoft's description of Windows Vista: "its most secure ever."

Being that an unlocked door is more secure than a lot of what Microsoft has put out, the bar Vista's got to jump over to be Microsoft's "most secure OS ever" ain't all that high.

:eyes:

Wait! Wait! let me try again...

:wow:

There. Much better...

:sarcasm:

establishment."

"Here are your winnings, sir."

By the way, are you quoting from "Casablanca" or "I Go Pogo?" :)

Ugarti, I think this is the start of a great relationship

and the Frog approaches him with the "Here are your winnings, sir" line. I don't remember that line in the original.

:wow:

It's funny how Microsoft sucks ass when flaws are found In the Operating systems, but yet some people believe that Linux and Macs are somehow a better Operating systems, even though that both Linux and Macs have had needed more patches to fix vulnerabilities.

:eyes:

I'll take Windows over Mac any day!

Let's ignore the security holes for a bit.

How many times has you Mikrosopht computer hung up and brought you the blue screen of death?
Even with XP pro, it happens all too often.
2000? hah.
95? ha ah hahaha hahahahahah HAHAHAHA!

I can recall one time when my apple OS got hung up. I was running an XP Pro emulator and a windows bit of software.

:rofl:

ON EDIT: I should have said I have never had a blue screen of death with Windows XP.

Here are the reasons for it to happen.

"There are several causes of the blue screen popping up. It can be a poorly-written device driver, bad memory, damaged registry or usage of incompatible versions of DLLs (see more on the "Types of blue screens" section)."

http://en.wikipedia.org/wiki/Blue_Screen_of_Death

Yes XP has a bsod.

Sheesh

- Hate to disappoint you but with Windows XP there is no blue screen of death!
- Have you ever even SEEN a computer?
- Can you read?


:rofl:
:rofl:
:rofl:

Thanks for helping!

Talk about classic responses. :rofl:

are not unheard of either. I actually receive more kernel panics than bsod. But then again it might be because of the really bad support for blue-tooth in linux/unix/posix. Unfortunately i hate wires. :(

And I'm a gamer.

Conclusion: (a) I do things with my computer that simply cannot be done on mac/other (the titles simply don't exist), and (b) I get a crash, on average, once every 4 years (2 computers recall).

Yah - I'm satisfied.

And I've never once seen the BSOD or fully locked.

And it was because I installed a device driver for my video card that was poorly written and it was a mess trying to fix.

I don't treat my computers very well anyway....my memory, processor, and video card are all overclocked, but XP holds up really well and I can't recall the last time I had my computer spontaneously reboot or something bizarre like that.

And I never had to recompile the kernel.

not even a little problem...

Microsoft has released more patches for their operating system and applications than Apple and ALL distributions of Linux combined for the past 5 years. If you have credible stats to prove otherwise please post a link as I am sure Microsoft would love to get their hands on that information for marketing reasons.

MZr7

edit:typo

Windows - Found: 847 Secunia Security Advisories
http://secunia.com/search/?search=Windows+

Linux - Found: 5679 Secunia Security Advisories
http://secunia.com/search/?search=Linux

OS X - Found: 9845 Secunia Security Advisories
http://secunia.com/search/?search=OS+X

:)

You gonna have to do better than that...



Here is the full article.

This analysis has been beaten to death... no credible security expert is going to believe that windows is inherently more secure than either of the other two.

Oh and for the record. I work with all three operating systems/applications and after 22 years as a "security expert"... I am going to side with my peers.

MZr7

Security expert my ass :rofl:

Why Is it you will not post any credible stats to prove that Windows has released more patches than Linux and Macs combined?

You cannot because It's not true.

Do you really think people will trust a fanboy over Sceunia?

:rofl:

For the year 2005,

22 Technical Cyber Security Alerts were issued in 2005 by CERT
* 11 of those alerts were for Windows platforms
* 3 were for Oracle products
* 2 were for Cisco products
* 1 was for Mac OS X
* 1 was for SNORT
* 1 was for VERITAS
* 2 unspecified
* None were for Linux

For the year 2006,

39 Technical Cyber Security Alerts were issued in 2006 by CERT
* 16 of those alerts were for the Windows platform
* 6 were for Mozilla products on all platforms
* 9 were for the Apple Platform
* 3 were for Oracle
* 1 was for Sendmail
* 1 was for Adobe Macromedia
* 1 was for WinAmp
* 1 unspecified
* None for Linux

You can read them yourself if you must... but in the context of security its all about what flaws are critical and long they go unpatched. Simply counting "patches" is very uninformed means to measure OS or Application security. My comment was about critical security issues that rise to the level to warrant an "alert" from CERT.

MZr7

trust a department run by homeland security?

Your comment was ... "Microsoft has released more patches for their operating system and applications than Apple and ALL distributions of Linux combined for the past 5 years"

I asked you to prove that false statment with credible stats, and you were unable to do so.

:rofl:

Granted I only tallied 2 years and not the 3 listed by CERT and I am not able to find data for years 02/03 (my bad.. you got me).
Perhaps my wording was incomplete since I assumed you were not being so lame as to actually count "every" patch in the context of security.

You said "yet some people believe that Linux and Macs are somehow a better Operating systems, even though that both Linux and Macs have had needed more patches to fix vulnerabilities."

My comment was to that statement indicating that what is counted, when speaking of a systems security/vulerabilities, is the ability of a bug to deny service or elevate privileges either locally or remotely. These are the "patches" that I and the rest of the security industry are counting. Not some fix to a calc program or gui wig-out, etc....

The fact remains that MS has released more patches "for critical security flaws" than either of the two combined for the past 3 years.

I'm still not sure why this is even a debate.... unless of course you are a MS "fanboy" considering all the protesting.... :rofl:.
Personally I'm agnostic, each OS has it pros/cons and I recommend all three to my customers depending on the task and design software for 2 (linux/windows) for my employer... one size does not fit all. :shrug:
The days of OS wars are over except among the uninformed few....

MZr7

Go look at the Macintosh forum.

the Macintosh forum, this poster has posted always posted factual Info on Macs and on the Apple Corporation.

:)

For some strange reason you neglected to address that issue.

:D

It was Mr. "Security expert" that made the bullshit statement that .. "Microsoft has released more patches for their operating system and applications than Apple and ALL distributions of Linux combined for the past 5 years"

And when "Mr. "Security expert" ask for credible stats, I gave them to him, so he then tried to discredit Secunia, and when that failed he decided to pull an O'Reilly and tried to spin his bullshit with the "CRITICAL SECURITY FLAWS"

So what we have here Is that "Mr. "Security expert" was unable to backup the bullshit comment he made, so "HE" decided to Ignore the bullshit comment and chose to make up a new comment to defend.

But yet you seem to think that my facts are In question?

Are you really that gullible?

:)

:eyes:

I REALLY dislike Microsoft (and I used to work for the bastards until they shipped my job to India), but hell, I bought a brand new copy of SuSE Linux 10.1 and the first thing I had to do was download a shitload of security updates.

This is not uncommon in a new product.

Go look at the list of OSX security updates. Same thing.

No!

will never concede to the fact that Linux and Macs are just as flawed as Windows.

I just ran the package updater on my Fedora Core 6 and downloaded about 18 updates for the system and apps. I've been running Fedora Core 6 for a few weeks now and I must have downloaded close to 50 updates In that time.

:)

AND it's supposed to be their most secure ever. I'm sorry, but this just does not inspire confidence in their products no matter how much you try and tear down the competition...

are you referring to?

I am not tearing down the competition, everything I have posted about Linux and Macs Is true.

:)

And as other posters have pointed out your 'facts' seem to be quite debatable.

Who are these people you speak of?

Nobody has ever disproved any of the factual Information I have posted on this forum.

I have posted negative and positive articles on ALL operating systems and browsers on this forum, but It's always the fanboys that give me shit over the negative articles. These people just need to deal with the fact that their preferred poison Is just as flawed as others, they need to stop behaving like children and start behaving like adults.

:)

:)

the Mac fanboys that have called me a Troll and a Twat, and a few other names here on the forum.

Maybe someone like yourself will take that shit from these fanboys, but I will not cut and run from any fanboy or freeper.

:)

Linux is free.

You can't beat that.

Microsoft is solely a software company, yet the OS it produces is only as good as Mac OS X. Though Mac OS X is consistently more ascetically pleasing.

Linux is fun for hacking, though I hardly use it anymore. I'm more a fan of FreeBSD, because of its consistency and the relative ease of use of the "ports collection."

And I keep my little Mac Mini in it's own private DMZ, (disconnected from the internet). I use the Mac for all of my "serious" work, like music recording, and graphics. The world is full of these hackers and script kiddies, and my AVG Firewall has done a really good job of protecting my PC.

http://www.grisoft.com/doc/5/lng/ww/tpl/tpl01

and stupid people continue to buy Dollar Bill's shit.

Since I installed Windows Vista I have had nothing but problems.

I am talking to them now and they are telling me to find the solution on their website.

I told them that the answers are not on my website ~ right now my address bar will not take a "cut and paste" because the cut /copy feature isn't working.

I have no idea what to do.

Can I uninstall this program without messing up worse?
Help!

I have Windows xp

after 1/2 hour of listening to recordings.
They were very nice and I went crazy and told them I wanted it uninstalled!

The Representative told me that I could uninstall and walked me through it.

Instantly I was able to cut and paste again.

I asked why did it pop up and encourage me to install it immediately.

His response was, " Oh, you didn't have to install it if you didn't want to "sometimes it better to wait until the flaws are eliminated."

No more Windows Vista for me!

Are you talking about the Beta Version?

All I can suggest is to wait until the flaws are out of it.

No trial version of Vista popped up on your screen, somebody must have gave you a copy of Vista, or you downloaded a copy of Vista from an unauthorized source.

:)

The web address and all of the logos were identical to the info from the site that I called to get Support.

I didn't even know a thing about VISTA, at my age, it is a stretch for me to know about MS Office!

I called the phone number they listed and they explained it to me and walked me through all the items that I questioned.

Please don't say that I would lie, I have absolutely no reason to lie about something that took me 2 hours to correct.

"You claimed that you got a trial version of Vista due to a pop-up on your computer" ... that Is not possible.

Vista will be avalible to the public sometime In late January, for you to have a copy of Vista at this time, you must have downloaded It from unauthorized source, or someone gave you a copy.

And If you did download Vista, you would have had to burn the ISO to a DVD disc or mount the ISO to your harddrive to Install It.

:)

is some shape or form.... That's what happens when you rush to get your product out without testing it throughly first....

With all the delays this statement is false. "That's what happens when you rush to get your product out without testing it throughly first...."

I have been beta testing Vista for close to a year now.

And what bugs did you find in your Beta Test and what bugs were fixed before release?

The only bug I found so far was with Windows media Center & networking in my house (LAN not WAN).

Have they not released to companies for use?

You don't put something like this out after merely a year of testing. With that kind of schedule, problems and unforeseen situations will occur. Noncritical issues will be passed over until they either become critical or become tolerated or forgotten. Vista needs at least two years of testing, given its complexity and limitations based on user purchases (not kidding!), for me to even consider calling it 'well tested', both for usability and PR purposes. And by the way, the HD limitations really stick in my craw. It ought to be illegal for a software manufacturer to cripple my hardware capability in its OS by eliminating support for certain options when operating under certain conditions- and I don't mean when hardware doesn't support something, but for when it does, but your 'display device' isn't up to Micro$oft's media-industry-catering expectations. No monitor that supports encryption? Crippled HD content, bucko, because the Copyright Gods don't trust you a bit.

I'm growing to dislike Micro$oft more and more, and the limitations and tiered pricing of Vista are big reasons why. I expect my computer to be able to use all the capabilities of its hardware all the time, a bit like I expect my car to be able to move forward and back and turn left and right, and have the windows go down when I want them to and the heater to work if it's cold. Micro$oft wants to decide those things for me, depending upon if I've paid for the windows and I use their approved gasoline. That, to me, is an anticompetitive practice. I don't and won't like it, ever. Public systems shouldn't use it at all; I personally think they should all be using the public OS.

While there are other criticisms along those lines, my main point is this: Micro$oft will not fix all of Vista's bugs, and it will release an operating with bugs into the wild, and it will treat its users as extended beta testers. They did it with 95 and 98 and Windows XP, and I think I read in a couple places that there were bugs- some of them comparatively major- which were never fixed in Window$ 3.1. I happen to know from using Windows 3.11 for Workgroups that there were a few particularly terrible bugs that were never fixed. Thankfully, my memory of those incidents is very dim at this late date, so I can't recall the frustrations the bugs brought with them.

At least linux acknowledges the software is constantly in development; given that they are open source, such is a foregone conclusion. Thus, daily updates ought to be expected and, if necessary, eagerly sought. After all, it takes only a few keystrokes to type 'yum update' or 'yum foobar' before one goes to bed.

I honestly don't know how to defend Window$ except as a gaming machine. Every major software application I can think of has a linux version; linux (unlike windows) comes with a developer kit that can install user-created iterations of an application's original source, the kernel of the OS itself is open to user modification from the ground up (something Micro$oft will not ever do), and on and on.

Having used both, again, the only reason I still maintain a Windows install is for Windows games, and if sufficient support were given by the game developer community to OpenGL (like, by CODING FOR IT IN THE FIRST PLACE :grr:), I wouldn't even have XP at all. Honestly, a lot of users of linux games which run in linux natively report better framerates. I myself have seen this a couple times, once when I had Quake2 installed and once when I had Neverwinter Nights installed. Obviously, this depends on how well drivers are written for the hardware in each OS; ATI's linux drivers were the reason I got an Nvidia card, for example.

It doesn't end there. Window$ system crashes- freezing up, spontaneously rebooting, a BSOD, or other shenanigans are common in Window$, particularly when dealing with applications (such as animation software like 3ds or Maya) which deal with large and complex number systems (again, like multiple and changing coordinates and properties in 3D space) can cause problems in Windows. Games are a similar matter and issues manifest as lag, poor framerates, corrupted textures, and so forth. Thankfully, gaming as a PC activity is popular enough that many of these issues are addressed prior to release as well as can be addressed; were this not the case, only consoles would be popular gaming platforms. With PCs, we have a moddable choice.

And so it is true for linux, which is why linux 'fanboys' don't ever stop. We can't understand why Microsoft apologists (and yeah, that's our little pet name for them) don't get the fact that linux can be changed by the user. You can yank out support for anything but your specific hardware, freeing memory while the system is running. You can build from source against that kernel and end with a more stable binary. That usually is not possible in Window$, because Micro$oft welded shut the hood.

It has been in development for several years.

anything with the words MICROSOFT or WINDOWS in front of it is automatically in the "Flaws" catagory. lol.

:argh:

what exactly? Their software has always been buggy as hell,and the security hole in the image viewer has been there since windows 3.1 It always amazes me to think people PAY for this garbage. Not vista, but any currently selling Micro$oft product. Take office 2003, you have to "activate" it by giving your installation I.D.and product key to Micro$oft. If that key and id have been used more than x number of times, the software is useless because you cant save anything. Their "Activation Process" is more than breakable, because my friend's copy of Office is on 15 computers. This is just so they can have your Windows installation ID and hardware hash on file. And if my instinct is correct, these servers are running windows, not anything secure like apache. Don't count on anyone not being able to read said ID, which UNIQUELY identifies your machine, and your machine only, which makes for a possible ID theft scenario. Believe it or not, win95 is possibly the most secure and definitely most stable of any windows desktop OS. Win XP just makes you feel safer with its cartoonish and buggy interface. There is almost nothing different from Win2k to XP. Same security hole, same bugs, different interface.

This is not tnlefty, but from her son.