Symantec details more security holes in Microsoft’s Windows Vista

“Security researchers at Symantec have published the second of three reports calling out potential security issues in Microsoft’s next-generation Vista operating system, this time taking a shot at several of the product’s user account control and privilege escalation features,” Matt Hines reports for eWeek.

Hines reports, “According to the latest report, which follows a similar missive issued by Symantec in mid-July over flaws it believes to exist in the Vista’s networking technologies, some of the very tools Microsoft is touting a security advancements in the OS may actually serve as loopholes.”

“Another security issue highlighted by Cupertino, Calif.-based Symantec’s report involves a new feature in Vista known as mandatory integrity control, which is also designed to help confine privilege escalation capabilities,” Hines reports. “Despite the addition of the tools, the security company contends that attackers could still conceivably bypass the system to escalate their ability to attack computers.”

“In the earlier report, Symantec researchers reported finding three different types of potential flaws in Vista’s underlying software code, including the presence of stability issues that could cause the OS to crash when presented with attacks that utilize malformed files to deliver their payloads, some undocumented IP protocols with no known purpose in the product, and issues with some new protocols deep within the operating system’s so-called network stack,” Hines reports.

“Symantec has long made a large share of its revenue off of products used by businesses to secure Vista’s Windows predecessors, and the companies remain what officials from both firms term as ‘close partners,'” Hines reports. “However, in addition to making a significant effort to make its new OS more secure than its forbears, Microsoft has also charged headlong into the information security market, placing the companies as direct rivals in several sectors including Symantec’s core desktop anti-virus niche.”

Full article here.

MacDailyNews Take: By the end of 2005, there were 114,000 known viruses for PCs. In March 2006 alone, there were 850 new threats detected against Windows. Zero for Mac. While no computer connected to the Internet will ever be 100% immune from attack, Mac OS X has helped the Mac keep its clean bill of health with a superior UNIX foundation and security features that go above and beyond the norm for PCs. When you get a Mac, only your enthusiasm is contagious. – More info here.

Related MacDailyNews articles:
Symantec: Microsoft’s ‘improvements’ to Vista could cause instability, new security flaws – July 18, 2006
Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X – July 13, 2006
Sophos: Apple Mac OS X’s security record unscathed; Windows Vista malware just a matter of time – July 07, 2006
Sophos Security: Dump Windows, Get a Mac – July 05, 2006
Symantec sues Microsoft to halt Windows Vista development – May 19, 2006
Security company Sophos: Apple Mac the best route for security for the masses – December 06, 2005
Computer columnist: anti-virus software purely optional for Apple Macs, not so for Windows – November 01, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005

New invisible rootkit hits Windows including Vista – July 17, 2006
Microsoft demos Windows Vista on Apple MacBook Pro – July 01, 2006
What Microsoft has chopped from Windows Vista, and when – June 27, 2006
Windows Vista rips-off Mac OS X at great hardware cost (and Apple gains in the end) – June 13, 2006
CNET reporter: Apple Mac mini is my most ‘Vista Ready’ PC – May 24, 2006
Thurrott: Microsoft collapsing under its own weight, Gates has driven Windows Vista into the ground – April 20, 2006
Dude, you got a Dell? What are you, stupid? Only Apple Macs run both Mac OS X and Windows! – April 05, 2006
Why buy a Dell when Apple’s Intel-based computers will run both Mac OS X and Windows? – June 08, 2005
Windows users who try Apple’s Mac OS X Tiger might not want to go back – June 07, 2005

49 Comments

  1. Interestingly, there is also a new trojan attacking Mozilla/Firefox. The reports do not state whether it is all versions of Firefox or just the Windows version. My bets are on the latter!

    MW: called: It’s called VISTA because you can see through its holes, just like swiss cheese! LOL!

  2. “Do remember that Vista is in Beta.”

    No, it’s actually in Alpha. When it

    goes Beta, they box it up and ship

    it. Gold Master is Service Pack 4.

    ” width=”19″ height=”19″ alt=”LOL” style=”border:0;” />

  3. What happened to “security thru obscurity” myth? Wouldn’t this same myth currently apply to Vista? There can’t be as many instances of Vista Beta running as there are instances of OS X out there, yet there are already more viruses.

  4. There are reportedly 10,000 copies of Vista around. It got already some 10 or so virus around. When it will hit the same number of OS X installation it should be on par with the other Windows flavors and valiantly features some 20,000 virus and free malware available the day it is released.

    Ahhhh, life is good when nothing one can count on changes.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.