“Security researchers at Symantec have published the second of three reports calling out potential security issues in Microsoft’s next-generation Vista operating system, this time taking a shot at several of the product’s user account control and privilege escalation features,” Matt Hines reports for eWeek.
Hines reports, “According to the latest report, which follows a similar missive issued by Symantec in mid-July over flaws it believes to exist in the Vista’s networking technologies, some of the very tools Microsoft is touting a security advancements in the OS may actually serve as loopholes.”
“Another security issue highlighted by Cupertino, Calif.-based Symantec’s report involves a new feature in Vista known as mandatory integrity control, which is also designed to help confine privilege escalation capabilities,” Hines reports. “Despite the addition of the tools, the security company contends that attackers could still conceivably bypass the system to escalate their ability to attack computers.”
“In the earlier report, Symantec researchers reported finding three different types of potential flaws in Vista’s underlying software code, including the presence of stability issues that could cause the OS to crash when presented with attacks that utilize malformed files to deliver their payloads, some undocumented IP protocols with no known purpose in the product, and issues with some new protocols deep within the operating system’s so-called network stack,” Hines reports.
“Symantec has long made a large share of its revenue off of products used by businesses to secure Vista’s Windows predecessors, and the companies remain what officials from both firms term as ‘close partners,'” Hines reports. “However, in addition to making a significant effort to make its new OS more secure than its forbears, Microsoft has also charged headlong into the information security market, placing the companies as direct rivals in several sectors including Symantec’s core desktop anti-virus niche.”
Full article here.
MacDailyNews Take: By the end of 2005, there were 114,000 known viruses for PCs. In March 2006 alone, there were 850 new threats detected against Windows. Zero for Mac. While no computer connected to the Internet will ever be 100% immune from attack, Mac OS X has helped the Mac keep its clean bill of health with a superior UNIX foundation and security features that go above and beyond the norm for PCs. When you get a Mac, only your enthusiasm is contagious. – More info here.
Related MacDailyNews articles:
Symantec: Microsoft’s ‘improvements’ to Vista could cause instability, new security flaws – July 18, 2006
Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X – July 13, 2006
Sophos: Apple Mac OS X’s security record unscathed; Windows Vista malware just a matter of time – July 07, 2006
Sophos Security: Dump Windows, Get a Mac – July 05, 2006
Symantec sues Microsoft to halt Windows Vista development – May 19, 2006
Security company Sophos: Apple Mac the best route for security for the masses – December 06, 2005
Computer columnist: anti-virus software purely optional for Apple Macs, not so for Windows – November 01, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005
New invisible rootkit hits Windows including Vista – July 17, 2006
Microsoft demos Windows Vista on Apple MacBook Pro – July 01, 2006
What Microsoft has chopped from Windows Vista, and when – June 27, 2006
Windows Vista rips-off Mac OS X at great hardware cost (and Apple gains in the end) – June 13, 2006
CNET reporter: Apple Mac mini is my most ‘Vista Ready’ PC – May 24, 2006
Thurrott: Microsoft collapsing under its own weight, Gates has driven Windows Vista into the ground – April 20, 2006
Dude, you got a Dell? What are you, stupid? Only Apple Macs run both Mac OS X and Windows! – April 05, 2006
Why buy a Dell when Apple’s Intel-based computers will run both Mac OS X and Windows? – June 08, 2005
Windows users who try Apple’s Mac OS X Tiger might not want to go back – June 07, 2005