“Security researchers at Symantec have published the second of three reports calling out potential security issues in Microsoft’s next-generation Vista operating system, this time taking a shot at several of the product’s user account control and privilege escalation features,” Matt Hines reports for eWeek.
Hines reports, “According to the latest report, which follows a similar missive issued by Symantec in mid-July over flaws it believes to exist in the Vista’s networking technologies, some of the very tools Microsoft is touting a security advancements in the OS may actually serve as loopholes.”
“Another security issue highlighted by Cupertino, Calif.-based Symantec’s report involves a new feature in Vista known as mandatory integrity control, which is also designed to help confine privilege escalation capabilities,” Hines reports. “Despite the addition of the tools, the security company contends that attackers could still conceivably bypass the system to escalate their ability to attack computers.”
“In the earlier report, Symantec researchers reported finding three different types of potential flaws in Vista’s underlying software code, including the presence of stability issues that could cause the OS to crash when presented with attacks that utilize malformed files to deliver their payloads, some undocumented IP protocols with no known purpose in the product, and issues with some new protocols deep within the operating system’s so-called network stack,” Hines reports.
“Symantec has long made a large share of its revenue off of products used by businesses to secure Vista’s Windows predecessors, and the companies remain what officials from both firms term as ‘close partners,'” Hines reports. “However, in addition to making a significant effort to make its new OS more secure than its forbears, Microsoft has also charged headlong into the information security market, placing the companies as direct rivals in several sectors including Symantec’s core desktop anti-virus niche.”
Full article here.
MacDailyNews Take: By the end of 2005, there were 114,000 known viruses for PCs. In March 2006 alone, there were 850 new threats detected against Windows. Zero for Mac. While no computer connected to the Internet will ever be 100% immune from attack, Mac OS X has helped the Mac keep its clean bill of health with a superior UNIX foundation and security features that go above and beyond the norm for PCs. When you get a Mac, only your enthusiasm is contagious. – More info here.
Related MacDailyNews articles:
Symantec: Microsoft’s ‘improvements’ to Vista could cause instability, new security flaws – July 18, 2006
Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X – July 13, 2006
Sophos: Apple Mac OS X’s security record unscathed; Windows Vista malware just a matter of time – July 07, 2006
Sophos Security: Dump Windows, Get a Mac – July 05, 2006
Symantec sues Microsoft to halt Windows Vista development – May 19, 2006
Security company Sophos: Apple Mac the best route for security for the masses – December 06, 2005
Computer columnist: anti-virus software purely optional for Apple Macs, not so for Windows – November 01, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005
New invisible rootkit hits Windows including Vista – July 17, 2006
Microsoft demos Windows Vista on Apple MacBook Pro – July 01, 2006
What Microsoft has chopped from Windows Vista, and when – June 27, 2006
Windows Vista rips-off Mac OS X at great hardware cost (and Apple gains in the end) – June 13, 2006
CNET reporter: Apple Mac mini is my most ‘Vista Ready’ PC – May 24, 2006
Thurrott: Microsoft collapsing under its own weight, Gates has driven Windows Vista into the ground – April 20, 2006
Dude, you got a Dell? What are you, stupid? Only Apple Macs run both Mac OS X and Windows! – April 05, 2006
Why buy a Dell when Apple’s Intel-based computers will run both Mac OS X and Windows? – June 08, 2005
Windows users who try Apple’s Mac OS X Tiger might not want to go back – June 07, 2005
“…guess where Symantec is located? right in Appletown, eg Cupertino. Symantec is taking kickbacks from Apple, if you think companies aren’t that dishonest i’ve got news for you.”
Yeah, and the eye on top of the pyramid on a dollar bill is a symbol of the Illuminati, who secretly control the whole world. Fascinated by symbolism and numerology, the globalist’s favorite tactic is to leave blueprints to their plans “hidden in plain view.” From this and messages delivered to the masses through the media and films to Time Warner’s all-seeing eye, we are repeatedly reminded by the illuminati themselves that they are controlling us and are omnipresent. World leaders from Clinton to Prince William have been photographed proudly flashing the sign of the devil. Architecture around the globe is laid out to represent their occult icons or structured based on occult numerology (like the pyramid Mitter and had constructed at the Louvre, which is made of 666 pieces of gold glass). The New World Order’s symbolism is everywhere and there are globalist fingerprints all over the September 11th attacks as well as the Madrid train bombing…and…and…They’re polluting our precious bodily fluids!!!!!
oh please again said “how the heck would symantec on the outside know more about windows security than, i don’t know, the company that programmed it?”
If the companies knew all their own security holes there wouldn’t be security holes, period. There wouldn’t be patches or system crashes. You wouldn’t need firewalls. Every system update would be for more features instead of for fixing flaws. Programmers are far from infallible, especially in large group projects. There are many companies dedicated to finding security holes that programmers don’t see.
This applies to Apple, Microsoft and anyone who programs close to the machine levels.
How did your grammar teacher know more about your grammar and spelling than, i don’t know, you who wrote it?
If you think Vista will be released bug free and invulnerable – go look at the history of Windows.
BTW, this isn’t news. This is another neener-neener from Microsoft and Dell News (MDN) to Microsoft and it’s getting old.
Symantec is going to make a freakin’ fortune off of Vista…..assuming of course Vista is ever released.
I can’t understand all of the hoopla surrounding this topic. You have to realize that if it were not for Microsoft’s “holes” in its OS then Symantec and McAfee wouldn’t exist. This is the one partnership that Microsoft keeps sacred. Microsoft has to close the gaps tight, yet lose enough so that the consumers don’t start smelling the poop. Windows consumers are so used to having to need AV protection that it is second nature to them
Vista and any subsequent MS OSes will continue to rely on av software and that’s the end of that. This topic is almost laughable because Microsoft and Symantec/McAfee are symbiant.
oooo 9 free security programs that have to run to keep winBLOWS safe, geuss that just helps to make it all that much better than osx…
NOT
feel free to rant all you want about your precious winBLOWS, but if you do it here, be informed, and know what the fdsk you are talking about…
out
“The Secunia database currently contains 0 Secunia advisories marked as “Unpatched”, which affects Apple Macintosh OS X.”
visit the site again, this time scroll down.
The critical MetaData file exploit is only partially fixed
Y’all can banter back and forth about theoretical vulnerabilities. Why do the Windows supporters put their OS where their mouth is.
Test #1 – Infection Speed Test
Get any size and style current computer with any version of Windows XP and get any Mac with Tiger (the most current version), start them up per the manufacturer’s instructions, both with no additional anti-virus/spam software, and start cruising the same internet web sites. See who gets infected faster.
Test #2 – Infection Quantity Test
Keep both of these computers on and internet connected. Wait until they both have at least 1 incursion. Stop both computers and see how many the first one has. Will it be just 1-to-1 or more like 100-to-1? My guess it will be much larger than that. My Mac is about 4 years old and NOT ONE incursion has occurred, completely without any anti-virus/spy ware.
Actually, most Macs do NOT have any such protection. Apple corporate computers run with NO PROTECTION. This includes the demo computers at their stores.
…and our intelligent government decided that Windows was the way to go at the Dept. of Homeland Security. Fskin IDIOTS!!! Gates paid for someone’s new D.C. house.
some of the very tools Microsoft is touting a security advancements in the OS may actually serve as loopholes.
Typical.
It’s time MS puts a few BULLET holes in Vista, and deep-six the damn thing for good.
Better to leave the OS market to those who know WTF they’re doing.
Doesn’t the DCMA and NDA apply to Symantec? They are reporting security flaws to the public. Haven’t people been charged for reporting hidden secrets in programs? Windows is a program and has a draconic EULA.
Windows in general: More back doors than a 100 room mansion.
1984 is alive and well in America.
Symantec, hell, every anti-virus vendor lies about poor security to increase their software sales.
You can’t believe what they say about Mac OS X when they call patched vulnerabilities exploits.
How can you believe what they say about Vista? Pre-release software is supposed to have bugs.
Cubert:
Microsoft has combined Limburger with Swiss to create a new taste sensation with the same unique Redmond aroma.
To be fair, symantec sells anti-virus programs for Macs, which are only needed if someone is silly enough to click on an unknown link, just the same as windows computers. To my knowledge, no one here has admitted to to buying a symantec program for the mac, probably since that would indicate silliness.
So, symantec says there are potential weaknesses in Vista……………..can that be any more than advanced marketing for their Vista software, needed or not?
been a while since I have been here, the magic word is barely visible………using the latest Firefox. Could the genii resident work on that?
To Oh Please,
9 Security programs, huh. Do you think granny can get them set up on her home computer to be as safe as you think you are? I think not.
True story. Got a call from a grandma last night asking what can she do to save her files from her home computer that just got highjacked. I asked her if she had a backup of her docs, answer: no. I asked her if she had anti-virus software installed, answer: no, just anti-spyware. I told her that there’s not much she could do and would probably need someone to come out and fix it for her at who know how much $$$$$.
I’ve been trying to get her to get a Mac but her DSL provider “Qwest” says that Macs are incompatible with MSN. (HaHaha) I tell her, I have Qwest and just use the internet connection. NO MSN NEEDED.
BTW, I know her from work, as I’m the IT support. Even though I could have helped somewhat, there was no way I was going to get my comfy little ass using my Mac at home to go mess with the crap that is Windows. So, every time I hear some stupid Windows apologist claim that they’ve never been infected, blah, blah, blah. I ask myself, can grandma and grandpa do the same. Answer….NOT! Windows truly sucks, but it pays my bills.
The end of the article says: “Microsoft has also charged headlong into the information security market, placing the companies as direct rivals in several sectors including Symantec’s core desktop anti-virus niche.”
Microsoft is now selling mal-ware removal software competing with Symantec. That’s why Symantec doesn’t mind publishing papers that make MS look bad.
Microsoft is now preparing a Zune to compete with their partners that were using their software (that isn’t good enough for Zune) to try to compete with Apple iPods.
Microsoft screws all their partners and customers. Never do business with them.
I have almost never had a virus on my PC
I have NEVER had a virus on my Mac. Your point? “Almost” carries no merit.
Seriously, a company as big as MS is NOT going to screw up like the media loves to say.
Bigger is better and ALWAYS gets it right? Look at General Motors, AOL, Enron, etc.
I run 9 security programs on my PC and guess how many I paid for? Zero. Security cost == bull.
Time and hassle are also costs, so honestly what do you have invested in keeping nine security programs set up & working? FWIW my Mac is running ZERO third-party security patchware. No time or bother here in keeping things taped together.
I guarantee you there will be no security holes in Vista once it’s finished.
“Once” is the operative word. What’s Vista’s current slip date again?
Anyway have fun babysitting your PC while waiting for the Holy Grail OS.
The rest of us have real things to do.
I run 9 security programs on my PC
How can you stand using that crap then? nine, NINE!
And that STILL does not tell you anything?
Sheeesss dude, what do you need to open your eyes?
Amazingly you are not the only one Windows user just admitting that without vomiting, as if it was normal to go out, buy a computer and then turn into a terminal-illness practitioner just to keep alive the PC.
I have people who spend hours a week scanning, defragging, searching for malware on a regular basis and then “Oh, I ALMOST never get anything”. Indeed, almost never get anything DONE with all those chores!
Oh my…:
A woman at work complained that she has to “spend $400 a year” to keep her PC clean of malware and the fact that her PC is unavailable for several days per year. She has spent more in 3 years to free her PC of malware than what she first spent to purchase her PC and all Microsoft software.
When I suggested that she consider a Mac she muttered, “I never thought of that.” I thought, “Lady, you are stupid-on-a-stick to put up with that nonsense.” Then I said, “Well, Macs can run both Windows and OS X, go to apple.com if you want to and check it out.” Her reply, ”I didn’t know that.”
Typical Windows user, “Man, these Microsoft shit sandwiches taste kinda funny and they’re expensive too, huh? But I hear that Microsoft Vista shit actually will taste better, great! Ya know, I’ve been wanting a new feces taste treat for so long.”
Then I said, “Well, Macs can run both Windows and OS X, go to apple.com if you want to and check it out.” Her reply, ”I didn’t know that.”
True but never forget to stress the fact that the malware and virus that plague her PC will plague her Mac if she runs Windows on it. The problem is Windows not the hardware. She would have to spend the same $400 a year on a Mac with Windows on it UNLESS she runs Windows under virtualization with Parallels so to have Windows run in a sandbox.
I hear that Microsoft Vista shit actually will taste better
We can make people believe anything we like. We’ve done it for years.
I’d take swiss cheese over Vista any day!
” width=”19″ height=”19″ alt=”smile” style=”border:0;” />
Atleast the cheese has some substance to it
Good Day. Our own physical body possesses a wisdom which we who inhabit the body lack.
I am from Djibouti and also am speaking English, give true I wrote the following sentence: “Welcome not a anti allergic agents.Posts.. Authors.. Last post. Marhave you the science of sleep allergy free product is manufactured with an always fresh anti bacterial, anti fungal cover and a non allergenic mildew proof.”
Waiting for a reply :p, Granger.
Sorry. If you don’t know where you are going, you will probably end up somewhere else. Help me! It has to find sites on the: Payday loan. I found only this –
” width=”19″ height=”19″ alt=”grin” style=”border:0;” />, Faustine from Cameroon.