Results 1 to 9 of 9

Thread: Microsoft 'taking security risks' with VISTA.

  1. #1

    Microsoft 'taking security risks' with VISTA.

    Greeting's

    This shouldnt be a big surprise because the WORDS Microsoft and Security appear in the same line.


    I have read a lot about this from may Security vendors :

    http://news.bbc.co.uk/2/hi/technology/5399534.stm

    McAfee and Symantec have both stated that the core security systems for Vista have already been breached by hackers.

    ROFL .. Now microsoft is releasing BETA's THAT GET OWN3D... Seems Bill wants to achive everything before he quits.
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  2. #2
    Junior Member
    Join Date
    Oct 2002
    Posts
    21
    I hear there using a brand new network stack in Vista Microsoft wrote it completly from scratch and you know what that means? the bad guys are going to attack it like crazy it's untested.

  3. #3
    Junior Member
    Join Date
    Jan 2006
    Posts
    25
    in the last week i switched all of my home systems from fedora core 5 to windows vista ultimate x64 rc1 to learn about this operating system.

    i think security vendors arguments are about lost revenue and not about quality of product. vista is the first windows system that makes efforts to preserve the trusted computing base. the problem with old windows was the addition of bad security products was recommended and removed all assurance the trusted computing base offered. install one such package and the system is downgraded from an evaluated assurance level of 4+ to an unknown which must be viewed as a zero.

    the article is strange. are the security companies saying that they know hackers can bypass the security controls to lock out kernel space access but they cannot. how can you know someone else can do something if you cannot reproduce it. are these hackers more skilled than the security companies. if so why bother with the security companies.

    the big problem i see with vista is the user account control system. i like this system because it allows rights on demand and i do not need to think ahead for access i might need. unskilled users might become desensitized to the user access control prompts and give access to malicious processes. what is good for the goose is not always good for the gander.

  4. #4
    Senior Member
    Join Date
    Mar 2003
    Posts
    372
    the article is strange. are the security companies saying that they know hackers can bypass the security controls to lock out kernel space access but they cannot. how can you know someone else can do something if you cannot reproduce it. are these hackers more skilled than the security companies. if so why bother with the security companies.
    The article says that the security companies know that Vista security has been breached... it does /not/ state or imply that the security companies don't know how it was done. Why do you make this assumption?

    I'm sure they have some kind of ironclad agreement with MS that they are not allowed to breach Vista security in order to make it more secure. Also, do you want to give your money to a company that purposely breaks the OS in order to secure it? I know my organization wouldn't pay a dime to them... this is about reputation within the industry.

    Give a man a match and he will be warm for a while, light him on fire and he will be warm for the rest of his life.

  5. #5
    AO Curmudgeon rcgreen's Avatar
    Join Date
    Nov 2001
    Posts
    2,716
    "Daddy, what's a computer virus?"

    "Well, Johnny. Once upon a time, many years ago there was
    a software company called "MicroSoft...""
    I came in to the world with nothing. I still have most of it.

  6. #6
    So, if Microsoft finally is able to do what everyone has been bashing them for not doing in the past. They still get bashed because the security venders they USED in the past for making the changes everyone knew needed to be made from a technical standpoint. What I don't see this article mention is which release of Vista this was tested on. Was this one of the beta engine failures that were fixed or has it been found in the September technical refresh? While Non-disclosure is definatly something we need to be aware of, I doubt it would have been the case in the versioning related to this flaw. What this looks like is a corporate smear job. Some fact wrapped in with mis-direction and praying on the ignorance of average (and sub average) consumers.

  7. #7
    AO Curmudgeon rcgreen's Avatar
    Join Date
    Nov 2001
    Posts
    2,716
    This spins both ways. If they are producing an OS that is
    inherently safe, there will no longer be a need for
    Symantec and McCafee.

    On the other hand, if you get rid of the barking dog,
    does that mean the burglars have gone away?
    I came in to the world with nothing. I still have most of it.

  8. #8
    I think we still need the third parties to keep the 4,000lb gorilla in check. But I dont agree with their need to hook into the core. To me it's like putting that new enterprise application in your environment. Do you really want it to extend your schema or just query it?

    The children should all play nice, allow them the ability to query, double check that it is safe but dont make any changes. Report the changes. With the new kernal changes Redmond has put into Vista I am not our application venders need more controll over my system proformance then that.

    Maybe, just maybe, Symantec and McAfee will become the good services citizens we all know they can be.

    Anyway, we'll learn more at Windows Connections and the end of fourth (or is it first, or second) quarter.

  9. #9
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    If they are producing an OS that is inherently safe...
    Isn't that an oxymoron?

    The security vendors' problem, at this point, is the same as Microsoft's: they don't know yet how vulnerable Vista is, and in what ways.

    I'm sure there'll still be a market for 3rd-party security products for Vista. What is going to hurt the security vendors is not so much how secure Vista may be, but all the hype about how secure it may be. The hype will put a dent in consumer sales of AV and similar products.

    On the brighter side, this could all lead to another anti-trust lawsuit against MS. Maybe next time, they'll break up MS's monopoly.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •