Symantec details more security holes in Microsoft’s Windows Vista

“Security researchers at Symantec have published the second of three reports calling out potential security issues in Microsoft’s next-generation Vista operating system, this time taking a shot at several of the product’s user account control and privilege escalation features,” Matt Hines reports for eWeek.

Hines reports, “According to the latest report, which follows a similar missive issued by Symantec in mid-July over flaws it believes to exist in the Vista’s networking technologies, some of the very tools Microsoft is touting a security advancements in the OS may actually serve as loopholes.”

“Another security issue highlighted by Cupertino, Calif.-based Symantec’s report involves a new feature in Vista known as mandatory integrity control, which is also designed to help confine privilege escalation capabilities,” Hines reports. “Despite the addition of the tools, the security company contends that attackers could still conceivably bypass the system to escalate their ability to attack computers.”

“In the earlier report, Symantec researchers reported finding three different types of potential flaws in Vista’s underlying software code, including the presence of stability issues that could cause the OS to crash when presented with attacks that utilize malformed files to deliver their payloads, some undocumented IP protocols with no known purpose in the product, and issues with some new protocols deep within the operating system’s so-called network stack,” Hines reports.

“Symantec has long made a large share of its revenue off of products used by businesses to secure Vista’s Windows predecessors, and the companies remain what officials from both firms term as ‘close partners,'” Hines reports. “However, in addition to making a significant effort to make its new OS more secure than its forbears, Microsoft has also charged headlong into the information security market, placing the companies as direct rivals in several sectors including Symantec’s core desktop anti-virus niche.”

Full article here.

MacDailyNews Take: By the end of 2005, there were 114,000 known viruses for PCs. In March 2006 alone, there were 850 new threats detected against Windows. Zero for Mac. While no computer connected to the Internet will ever be 100% immune from attack, Mac OS X has helped the Mac keep its clean bill of health with a superior UNIX foundation and security features that go above and beyond the norm for PCs. When you get a Mac, only your enthusiasm is contagious. – More info here.

Related MacDailyNews articles:
Symantec: Microsoft’s ‘improvements’ to Vista could cause instability, new security flaws – July 18, 2006
Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X – July 13, 2006
Sophos: Apple Mac OS X’s security record unscathed; Windows Vista malware just a matter of time – July 07, 2006
Sophos Security: Dump Windows, Get a Mac – July 05, 2006
Symantec sues Microsoft to halt Windows Vista development – May 19, 2006
Security company Sophos: Apple Mac the best route for security for the masses – December 06, 2005
Computer columnist: anti-virus software purely optional for Apple Macs, not so for Windows – November 01, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005

New invisible rootkit hits Windows including Vista – July 17, 2006
Microsoft demos Windows Vista on Apple MacBook Pro – July 01, 2006
What Microsoft has chopped from Windows Vista, and when – June 27, 2006
Windows Vista rips-off Mac OS X at great hardware cost (and Apple gains in the end) – June 13, 2006
CNET reporter: Apple Mac mini is my most ‘Vista Ready’ PC – May 24, 2006
Thurrott: Microsoft collapsing under its own weight, Gates has driven Windows Vista into the ground – April 20, 2006
Dude, you got a Dell? What are you, stupid? Only Apple Macs run both Mac OS X and Windows! – April 05, 2006
Why buy a Dell when Apple’s Intel-based computers will run both Mac OS X and Windows? – June 08, 2005
Windows users who try Apple’s Mac OS X Tiger might not want to go back – June 07, 2005


  1. Interestingly, there is also a new trojan attacking Mozilla/Firefox. The reports do not state whether it is all versions of Firefox or just the Windows version. My bets are on the latter!

    MW: called: It’s called VISTA because you can see through its holes, just like swiss cheese! LOL!

  2. “Do remember that Vista is in Beta.”

    No, it’s actually in Alpha. When it

    goes Beta, they box it up and ship

    it. Gold Master is Service Pack 4.

    ” width=”19″ height=”19″ alt=”LOL” style=”border:0;” />

  3. What happened to “security thru obscurity” myth? Wouldn’t this same myth currently apply to Vista? There can’t be as many instances of Vista Beta running as there are instances of OS X out there, yet there are already more viruses.

  4. There are reportedly 10,000 copies of Vista around. It got already some 10 or so virus around. When it will hit the same number of OS X installation it should be on par with the other Windows flavors and valiantly features some 20,000 virus and free malware available the day it is released.

    Ahhhh, life is good when nothing one can count on changes.

  5. By the end of 2005, there were 114,000 known viruses for PCs

    WRONG, there were 114,000 known </b>security threats</b> for PCs. There were two known security threats for OSX.

    Just cause Apple says it, don’t mean it’s true.

  6. “potential security issues” ???

    If I had a dime for every “potential” (in other words NOT REAL) security threat in Windows I’d be richer than Bill Gates.

    Windows security problems are all media hype and no beef. I have almost never had a virus on my PC, and when I buy Windows I will have totally zero ever again.

    Seriously, a company as big as MS is NOT going to screw up like the media loves to say. Wait until the product isn’t Beta, huh, Symantec? Oh but that wouldn’t get you a headline and sell your needless software. If you know what the hell your doing you don’t need to PAY for virus software people. I run 9 security programs on my PC and guess how many I paid for? Zero. Security cost == bull. My total cost of ownership (don’t mac zombies like that terms?) is zip!

    I guarantee you there will be no security holes in Vista once it’s finished. Repeat: finished, not “beta” or “almost finished” or “eraly reviews”

    Why else is Vista going to businesses before it goes to consumers? That’s right–business know security a whole lot better than Mac zealots, and they TRUST Vista. It’s a revolution in a box.

  7. Don’t overlook that Symantec is calling these “potential flaws”. Although I have no doubt that we’ll be seeing a lot of this once Vista arrives, until it does I wouldn’t gloat too much over it. After all, we’d surely give Symantec a hard time if they were to announce “potential” security flaws in OSX.

    Be patient. It’ll come.

  8. I don’t understand, Microsoft “thinks” they are God, they are screwing all their business partners. But companies like Symantec keep telling them what they are doing wrong in Vista. Don’t tell them anything let Vista die all by itself, and just maybe people will see the light and switch to Apple OS X.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.