“Security researchers at Symantec have published the second of three reports calling out potential security issues in Microsoft’s next-generation Vista operating system, this time taking a shot at several of the product’s user account control and privilege escalation features,” Matt Hines reports for eWeek.
Hines reports, “According to the latest report, which follows a similar missive issued by Symantec in mid-July over flaws it believes to exist in the Vista’s networking technologies, some of the very tools Microsoft is touting a security advancements in the OS may actually serve as loopholes.”
“Another security issue highlighted by Cupertino, Calif.-based Symantec’s report involves a new feature in Vista known as mandatory integrity control, which is also designed to help confine privilege escalation capabilities,” Hines reports. “Despite the addition of the tools, the security company contends that attackers could still conceivably bypass the system to escalate their ability to attack computers.”
“In the earlier report, Symantec researchers reported finding three different types of potential flaws in Vista’s underlying software code, including the presence of stability issues that could cause the OS to crash when presented with attacks that utilize malformed files to deliver their payloads, some undocumented IP protocols with no known purpose in the product, and issues with some new protocols deep within the operating system’s so-called network stack,” Hines reports.
“Symantec has long made a large share of its revenue off of products used by businesses to secure Vista’s Windows predecessors, and the companies remain what officials from both firms term as ‘close partners,'” Hines reports. “However, in addition to making a significant effort to make its new OS more secure than its forbears, Microsoft has also charged headlong into the information security market, placing the companies as direct rivals in several sectors including Symantec’s core desktop anti-virus niche.”
Full article here.
MacDailyNews Take: By the end of 2005, there were 114,000 known viruses for PCs. In March 2006 alone, there were 850 new threats detected against Windows. Zero for Mac. While no computer connected to the Internet will ever be 100% immune from attack, Mac OS X has helped the Mac keep its clean bill of health with a superior UNIX foundation and security features that go above and beyond the norm for PCs. When you get a Mac, only your enthusiasm is contagious. – More info here.
Related MacDailyNews articles:
Symantec: Microsoft’s ‘improvements’ to Vista could cause instability, new security flaws – July 18, 2006
Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X – July 13, 2006
Sophos: Apple Mac OS X’s security record unscathed; Windows Vista malware just a matter of time – July 07, 2006
Sophos Security: Dump Windows, Get a Mac – July 05, 2006
Symantec sues Microsoft to halt Windows Vista development – May 19, 2006
Security company Sophos: Apple Mac the best route for security for the masses – December 06, 2005
Computer columnist: anti-virus software purely optional for Apple Macs, not so for Windows – November 01, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005
New invisible rootkit hits Windows including Vista – July 17, 2006
Microsoft demos Windows Vista on Apple MacBook Pro – July 01, 2006
What Microsoft has chopped from Windows Vista, and when – June 27, 2006
Windows Vista rips-off Mac OS X at great hardware cost (and Apple gains in the end) – June 13, 2006
CNET reporter: Apple Mac mini is my most ‘Vista Ready’ PC – May 24, 2006
Thurrott: Microsoft collapsing under its own weight, Gates has driven Windows Vista into the ground – April 20, 2006
Dude, you got a Dell? What are you, stupid? Only Apple Macs run both Mac OS X and Windows! – April 05, 2006
Why buy a Dell when Apple’s Intel-based computers will run both Mac OS X and Windows? – June 08, 2005
Windows users who try Apple’s Mac OS X Tiger might not want to go back – June 07, 2005
It appears that this new stinky cheese from Microsloth is in fact swiss.
It’s facinating that society, if you can call windows users such, put up with this. They would not tollerate it in any other aspect of their lives . . . . . or would they?
Interestingly, there is also a new trojan attacking Mozilla/Firefox. The reports do not state whether it is all versions of Firefox or just the Windows version. My bets are on the latter!
MW: called: It’s called VISTA because you can see through its holes, just like swiss cheese! LOL!
Surprise surprise. Windows users have a lot to look foward to.
The words Vista and Virus are very similar. Distressingly lose to an anagram.
This refers to an earlier Vista Beta…these issues have been resolved in the current beta build 5456.
Do remember that Vista is in Beta.
“Do remember that Vista is in Beta.”
No, it’s actually in Alpha. When it
goes Beta, they box it up and ship
it. Gold Master is Service Pack 4.
What happened to “security thru obscurity” myth? Wouldn’t this same myth currently apply to Vista? There can’t be as many instances of Vista Beta running as there are instances of OS X out there, yet there are already more viruses.
Symantec Helps Apple kick Micro$oft in the Head
News at 11
There are reportedly 10,000 copies of Vista around. It got already some 10 or so virus around. When it will hit the same number of OS X installation it should be on par with the other Windows flavors and valiantly features some 20,000 virus and free malware available the day it is released.
Ahhhh, life is good when nothing one can count on changes.
Hey, I hear that Vista Beta 105,948,998.0.4 is really were we should judge the quality of Vista.
By the end of 2005, there were 114,000 known viruses for PCs
————-
WRONG, there were 114,000 known </b>security threats</b> for PCs. There were two known security threats for OSX.
Just cause Apple says it, don’t mean it’s true.
“potential security issues” ???
If I had a dime for every “potential” (in other words NOT REAL) security threat in Windows I’d be richer than Bill Gates.
Windows security problems are all media hype and no beef. I have almost never had a virus on my PC, and when I buy Windows I will have totally zero ever again.
Seriously, a company as big as MS is NOT going to screw up like the media loves to say. Wait until the product isn’t Beta, huh, Symantec? Oh but that wouldn’t get you a headline and sell your needless software. If you know what the hell your doing you don’t need to PAY for virus software people. I run 9 security programs on my PC and guess how many I paid for? Zero. Security cost == bull. My total cost of ownership (don’t mac zombies like that terms?) is zip!
I guarantee you there will be no security holes in Vista once it’s finished. Repeat: finished, not “beta” or “almost finished” or “eraly reviews”
Why else is Vista going to businesses before it goes to consumers? That’s right–business know security a whole lot better than Mac zealots, and they TRUST Vista. It’s a revolution in a box.
Don’t overlook that Symantec is calling these “potential flaws”. Although I have no doubt that we’ll be seeing a lot of this once Vista arrives, until it does I wouldn’t gloat too much over it. After all, we’d surely give Symantec a hard time if they were to announce “potential” security flaws in OSX.
Be patient. It’ll come.
I don’t understand, Microsoft “thinks” they are God, they are screwing all their business partners. But companies like Symantec keep telling them what they are doing wrong in Vista. Don’t tell them anything let Vista die all by itself, and just maybe people will see the light and switch to Apple OS X.
2 more reminders that chicken little is not about to fall —–
how the heck would symantec on the outside know more about windows security than, i dont know, the company that programmed it? symantec can’t possibly know all the ins and outs that make vista tick, its just too big and complicated a product. furthermore any so-called flaw Symanec finds Microsoft found 2 years ago and it’s already OK for reasons Symantec could never know.
second, guess where Symantec is located? right in Appletown, eg Cupertino. Symantec is taking kickbacks from Apple, if you think companies aren’t that dishonest i’ve got news for you.
sad.
Wow!
To “oh please”:
I really want your job. It’s almost as easy as Enderle’s. And even he has to pay for his PC. Your TOTAL cost of ownership is, as you said, zero. You must get a nice fat check from the MonkeyBoy every few days.
BTW, the big 3 automakers must all be in each other’s pockets since they’re all in Detroit. Not to mention all those competing companies right next door to each other in NYC, SFO, LAX, etc. You’re as brilliant as the sludge in a sceptic tank. And you’re as much a troll as any that ever slithered across these boards.
Just go away and spend that MonkeyBoy cash. And remember to wipe your slimy trail after you.
…some undocumented IP protocols with no known purpose in the product, and issues with some new protocols deep within the operating system’s so-called network stack
D’ya reckon these are to enable the CIA and FBI to spy into PC users’ hard drives?
Big Brother working hand-in-hand with the Devil…
Windows Vista = STINKY SWISS CHEESE!!!!!!
“If you know what the hell your doing you don’t need to PAY for virus software people. I run 9 security programs on my PC and guess how many I paid for? Zero.”
The eye-opening part of these statements isn’t that you can get security programs for free…but rather that you run NINE security programs on your PC!
Nine?
As a serious question to oh please, why so many?? Do they take up a bunch of ram? Why 9??
Actually there were quite a few flaws in Mac OS X
One is still currently unfixed, the MetaData file exploit.
see:secunia.com/product/96/
Visit this site, search for “Mac OS X” under Vunerabilities menu for a list of over 200 Mac OS X vunerabilities. Yea that’s not a typo.
Also mouse over the Apple logo in the Security Software sidebar.
By the way Dave Shroeders “hack my Mac webpage” was successful, someone suceeded and the “I wasn’t authorized” was the cover up. Read the article on this site.
see:www.net-security.org/
Also anti-virus software is mostly ineffective, especially Symantec.
see:www.zdnet.com.au/blogs/securifythis/soa/Why_popular_antivirus_apps_do_not_work_/0,39033341,39264249,00.htm
And as proof, two security companies monitored a whole lot of ip addresses, in the many millions, and found out less than 1% are not spamming.
http://news.com.com/2100-7349_3-6098447.html?part=rss&tag=6098447&subj=news
From Secunia Vulnerability report:
“The Secunia database currently contains 0 Secunia advisories marked as “Unpatched”, which affects Apple Macintosh OS X.”
“WRONG, there were 114,000 known security threats for PCs.”
Whew…well that makes me feel a lot better…NOT!!!
…and from 2003 to 2006 Secunia has 71 Mac OS X vulnerabilities reported.
Again, 0 unpatched.