Symantec details more security holes in Microsoft’s Windows Vista

“Security researchers at Symantec have published the second of three reports calling out potential security issues in Microsoft’s next-generation Vista operating system, this time taking a shot at several of the product’s user account control and privilege escalation features,” Matt Hines reports for eWeek.

Hines reports, “According to the latest report, which follows a similar missive issued by Symantec in mid-July over flaws it believes to exist in the Vista’s networking technologies, some of the very tools Microsoft is touting a security advancements in the OS may actually serve as loopholes.”

“Another security issue highlighted by Cupertino, Calif.-based Symantec’s report involves a new feature in Vista known as mandatory integrity control, which is also designed to help confine privilege escalation capabilities,” Hines reports. “Despite the addition of the tools, the security company contends that attackers could still conceivably bypass the system to escalate their ability to attack computers.”

“In the earlier report, Symantec researchers reported finding three different types of potential flaws in Vista’s underlying software code, including the presence of stability issues that could cause the OS to crash when presented with attacks that utilize malformed files to deliver their payloads, some undocumented IP protocols with no known purpose in the product, and issues with some new protocols deep within the operating system’s so-called network stack,” Hines reports.

“Symantec has long made a large share of its revenue off of products used by businesses to secure Vista’s Windows predecessors, and the companies remain what officials from both firms term as ‘close partners,'” Hines reports. “However, in addition to making a significant effort to make its new OS more secure than its forbears, Microsoft has also charged headlong into the information security market, placing the companies as direct rivals in several sectors including Symantec’s core desktop anti-virus niche.”

Full article here.

MacDailyNews Take: By the end of 2005, there were 114,000 known viruses for PCs. In March 2006 alone, there were 850 new threats detected against Windows. Zero for Mac. While no computer connected to the Internet will ever be 100% immune from attack, Mac OS X has helped the Mac keep its clean bill of health with a superior UNIX foundation and security features that go above and beyond the norm for PCs. When you get a Mac, only your enthusiasm is contagious. – More info here.

Related MacDailyNews articles:
Symantec: Microsoft’s ‘improvements’ to Vista could cause instability, new security flaws – July 18, 2006
Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X – July 13, 2006
Sophos: Apple Mac OS X’s security record unscathed; Windows Vista malware just a matter of time – July 07, 2006
Sophos Security: Dump Windows, Get a Mac – July 05, 2006
Symantec sues Microsoft to halt Windows Vista development – May 19, 2006
Security company Sophos: Apple Mac the best route for security for the masses – December 06, 2005
Computer columnist: anti-virus software purely optional for Apple Macs, not so for Windows – November 01, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005

New invisible rootkit hits Windows including Vista – July 17, 2006
Microsoft demos Windows Vista on Apple MacBook Pro – July 01, 2006
What Microsoft has chopped from Windows Vista, and when – June 27, 2006
Windows Vista rips-off Mac OS X at great hardware cost (and Apple gains in the end) – June 13, 2006
CNET reporter: Apple Mac mini is my most ‘Vista Ready’ PC – May 24, 2006
Thurrott: Microsoft collapsing under its own weight, Gates has driven Windows Vista into the ground – April 20, 2006
Dude, you got a Dell? What are you, stupid? Only Apple Macs run both Mac OS X and Windows! – April 05, 2006
Why buy a Dell when Apple’s Intel-based computers will run both Mac OS X and Windows? – June 08, 2005
Windows users who try Apple’s Mac OS X Tiger might not want to go back – June 07, 2005

49 Comments

  1. 2 more reminders that chicken little is not about to fall —–

    how the heck would symantec on the outside know more about windows security than, i dont know, the company that programmed it? symantec can’t possibly know all the ins and outs that make vista tick, its just too big and complicated a product. furthermore any so-called flaw Symanec finds Microsoft found 2 years ago and it’s already OK for reasons Symantec could never know.

    second, guess where Symantec is located? right in Appletown, eg Cupertino. Symantec is taking kickbacks from Apple, if you think companies aren’t that dishonest i’ve got news for you.

    sad.

  2. Wow!

    To “oh please”:

    I really want your job. It’s almost as easy as Enderle’s. And even he has to pay for his PC. Your TOTAL cost of ownership is, as you said, zero. You must get a nice fat check from the MonkeyBoy every few days.

    BTW, the big 3 automakers must all be in each other’s pockets since they’re all in Detroit. Not to mention all those competing companies right next door to each other in NYC, SFO, LAX, etc. You’re as brilliant as the sludge in a sceptic tank. And you’re as much a troll as any that ever slithered across these boards.

    Just go away and spend that MonkeyBoy cash. And remember to wipe your slimy trail after you.

  3. …some undocumented IP protocols with no known purpose in the product, and issues with some new protocols deep within the operating system’s so-called network stack

    D’ya reckon these are to enable the CIA and FBI to spy into PC users’ hard drives?

    Big Brother working hand-in-hand with the Devil…

  4. “If you know what the hell your doing you don’t need to PAY for virus software people. I run 9 security programs on my PC and guess how many I paid for? Zero.”

    The eye-opening part of these statements isn’t that you can get security programs for free…but rather that you run NINE security programs on your PC!

    Nine?

    As a serious question to oh please, why so many?? Do they take up a bunch of ram? Why 9??

  5. Actually there were quite a few flaws in Mac OS X

    One is still currently unfixed, the MetaData file exploit.

    see:secunia.com/product/96/

    Visit this site, search for “Mac OS X” under Vunerabilities menu for a list of over 200 Mac OS X vunerabilities. Yea that’s not a typo.

    Also mouse over the Apple logo in the Security Software sidebar.

    By the way Dave Shroeders “hack my Mac webpage” was successful, someone suceeded and the “I wasn’t authorized” was the cover up. Read the article on this site.

    see:www.net-security.org/

    Also anti-virus software is mostly ineffective, especially Symantec.

    see:www.zdnet.com.au/blogs/securifythis/soa/Why_popular_antivirus_apps_do_not_work_/0,39033341,39264249,00.htm

  6. “…guess where Symantec is located? right in Appletown, eg Cupertino. Symantec is taking kickbacks from Apple, if you think companies aren’t that dishonest i’ve got news for you.”

    Yeah, and the eye on top of the pyramid on a dollar bill is a symbol of the Illuminati, who secretly control the whole world. Fascinated by symbolism and numerology, the globalist’s favorite tactic is to leave blueprints to their plans “hidden in plain view.” From this and messages delivered to the masses through the media and films to Time Warner’s all-seeing eye, we are repeatedly reminded by the illuminati themselves that they are controlling us and are omnipresent. World leaders from Clinton to Prince William have been photographed proudly flashing the sign of the devil. Architecture around the globe is laid out to represent their occult icons or structured based on occult numerology (like the pyramid Mitter and had constructed at the Louvre, which is made of 666 pieces of gold glass). The New World Order’s symbolism is everywhere and there are globalist fingerprints all over the September 11th attacks as well as the Madrid train bombing…and…and…They’re polluting our precious bodily fluids!!!!!

  7. oh please again said “how the heck would symantec on the outside know more about windows security than, i don’t know, the company that programmed it?”

    If the companies knew all their own security holes there wouldn’t be security holes, period. There wouldn’t be patches or system crashes. You wouldn’t need firewalls. Every system update would be for more features instead of for fixing flaws. Programmers are far from infallible, especially in large group projects. There are many companies dedicated to finding security holes that programmers don’t see.

    This applies to Apple, Microsoft and anyone who programs close to the machine levels.

    How did your grammar teacher know more about your grammar and spelling than, i don’t know, you who wrote it?

    If you think Vista will be released bug free and invulnerable – go look at the history of Windows.

    BTW, this isn’t news. This is another neener-neener from Microsoft and Dell News (MDN) to Microsoft and it’s getting old.

  8. I can’t understand all of the hoopla surrounding this topic. You have to realize that if it were not for Microsoft’s “holes” in its OS then Symantec and McAfee wouldn’t exist. This is the one partnership that Microsoft keeps sacred. Microsoft has to close the gaps tight, yet lose enough so that the consumers don’t start smelling the poop. Windows consumers are so used to having to need AV protection that it is second nature to them

    Vista and any subsequent MS OSes will continue to rely on av software and that’s the end of that. This topic is almost laughable because Microsoft and Symantec/McAfee are symbiant.

  9. oooo 9 free security programs that have to run to keep winBLOWS safe, geuss that just helps to make it all that much better than osx…

    NOT

    feel free to rant all you want about your precious winBLOWS, but if you do it here, be informed, and know what the fdsk you are talking about…

    out

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.