Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Vista's Security Rendered Completely Useless
Slashdot ^ | 8/8/8 8:8 | kdawson

Posted on 08/08/2008 9:25:43 AM PDT by Clint Williams

scribbles89 sends in a story that originally ran in SearchSecurity; it sounds like it could be a game-changer. "While this may seem like any standard security hole, other researchers say that the work is a major breakthrough and there is very little that Microsoft can do to fix the problems. These attacks work differently than other security exploits, as they aren't based on any new Windows vulnerabilities, but instead take advantage of the way Microsoft chose to guard Vista's fundamental architecture. According to Dino Dai Zovi..., 'the genius of this is that it's completely reusable. They have attacks that let them load chosen content to a chosen location with chosen permissions. That's completely game over.'"


TOPICS: Computers/Internet
KEYWORDS: cybersecurity; internet; msn; vista
Navigation: use the links below to view more comments.
first 1-2021-4041-6061-8081-92 next last

1 posted on 08/08/2008 9:25:44 AM PDT by Clint Williams
[ Post Reply | Private Reply | View Replies]

To: rdb3; Golden Eagle

ping


2 posted on 08/08/2008 9:26:32 AM PDT by Clint Williams (Read Roto-Reuters -- we're the spinmeisters | Impeach Obama!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Clint Williams

If you read the comments at Slashdot, there is almost uniform skepticism. The consensus is that the author of the piece does not understand the subject matter well.


3 posted on 08/08/2008 9:30:59 AM PDT by BillCompton
[ Post Reply | Private Reply | To 1 | View Replies]

To: BillCompton
If you read the comments at Slashdot, there is almost uniform skepticism.

Not quite.

Here are more details on the problem.

Bypassing Browser Memory Protections

4 posted on 08/08/2008 9:35:14 AM PDT by Knitebane (Happily Microsoft free since 1999.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Clint Williams

Is Vista going to turn out to be the lemon that Millenium was? I thought it was supposed to be made better with patches by this summer. Everyone I know that has it hates it.


5 posted on 08/08/2008 9:38:24 AM PDT by Stephanie32
[ Post Reply | Private Reply | To 1 | View Replies]

To: Knitebane

The problem is simple.

DO NOT make a browser an integral part of an operating system.

If you do, you lose.

Period.

Internet Explorer in ALL forms is fouled up, was fouled up from the get-go and remains fouled up to this day.

Obviously nothing is perfect, but hard coding the browser into the OS was wrong from the start.


6 posted on 08/08/2008 9:40:34 AM PDT by Rick.Donaldson (http://www.transasianaxis.com - Please visit for latest on DPRK/Russia/China/et al.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Stephanie32
I use Vista, haven't really had any problems yet -- kinda like it, but that's just me. But I think you're right, I see it going the way of ME.

I'll wait for Windows 7.

7 posted on 08/08/2008 9:42:26 AM PDT by cdbull23 (What's going on in my brain? Check it out: www.cainsbrain.com)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Rick.Donaldson
Obviously nothing is perfect, but hard coding the browser into the OS was wrong from the start.

It depends on what your goals are.

If your goal is a flexible, functional, secure OS then you are correct.

If your goal is to lock Netscape out of the browser market by bundling your products together, then Microsoft was correct to do it.

After all, it worked didn't it?

8 posted on 08/08/2008 9:43:55 AM PDT by Knitebane (Happily Microsoft free since 1999.)
[ Post Reply | Private Reply | To 6 | View Replies]

To: Clint Williams

Great because I don’t use vista.


9 posted on 08/08/2008 9:45:40 AM PDT by calex59
[ Post Reply | Private Reply | To 1 | View Replies]

To: Rick.Donaldson

Microsoft was trying to kill all competition by integrating everything.

At one point they argued SOLITARE was integral!


10 posted on 08/08/2008 9:48:18 AM PDT by longtermmemmory (VOTE! http://www.senate.gov and http://www.house.gov)
[ Post Reply | Private Reply | To 6 | View Replies]

To: cdbull23
I'll wait for Windows 7.

What makes you think Windows 7 will be any better?

Oh, they've promised all sorts of stuff. But then they promised all sorts of stuff with Vista too. And dropped most of it before it shipped.

11 posted on 08/08/2008 9:48:34 AM PDT by Knitebane (Happily Microsoft free since 1999.)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Rick.Donaldson
hard coding the browser into the OS was wrong from the start.

Wrong from a security standpoint, sure, but that wasn't the point. The point was to get a court to agree that the browser wasn't just a bundled add-on that could be made optional, but part of the operating system.

For the longest time that was a successful strategy for keeping third-party web browsers like Netscape in the tank. But now IE sucks so badly compared to, oh, Firefox, that its monopoly is slipping away even with IE as part of the operating system.

Let's call it "cosmic justice." Now the very 'feature' that Microsoft crafted to kill the other browsers may turn around and kill IE.


12 posted on 08/08/2008 9:49:19 AM PDT by Nick Danger (www.swiftvets.com)
[ Post Reply | Private Reply | To 6 | View Replies]

To: cdbull23

“I use Vista, kind of like it.”

That’s good, you are probably very proficient and know the ins and outs of how to work with it. Was there just service pack one released yet or is there going to be a service pack two?


13 posted on 08/08/2008 9:49:27 AM PDT by Stephanie32
[ Post Reply | Private Reply | To 7 | View Replies]

To: Clint Williams
You are coming to a sad realization. Cancel or allow?
14 posted on 08/08/2008 9:54:21 AM PDT by Mediocrates (Teens don't 'need' to know 40 year-old music. Boomers need to get over the Beatles et al.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Knitebane

actually it is an upgrade issue.

The XP is fine to run current software.

I expect by Windows 7, the software will need just that much more upgrade to take advantage of the better hardware.

Think of someone using windows 95 tring to use software that is designed for current hardware.


15 posted on 08/08/2008 9:54:36 AM PDT by longtermmemmory (VOTE! http://www.senate.gov and http://www.house.gov)
[ Post Reply | Private Reply | To 11 | View Replies]

To: Knitebane
Not quite.

Here are more details on the problem.


The paper, which certainly has a impressive pedigree, tells a very different story than that told in the article. Heck, the authors conclude that the problem should be fixed soon. The article makes it sound like the problem can't even be fixed.
16 posted on 08/08/2008 9:54:48 AM PDT by BillCompton
[ Post Reply | Private Reply | To 4 | View Replies]

To: Knitebane

Got me, I use Firefox. LOL I don’t use IE at all, with the noted exception of HAVING to use it to do windows updates.

But on my other machines? Nope, it’s removed because I don’t use MS any more on them


17 posted on 08/08/2008 9:55:13 AM PDT by Rick.Donaldson (http://www.transasianaxis.com - Please visit for latest on DPRK/Russia/China/et al.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: Nick Danger

I like “Karma” as in “Microsoft, your dogma just got run over by my Karma” kinda karma. LOL


18 posted on 08/08/2008 9:56:30 AM PDT by Rick.Donaldson (http://www.transasianaxis.com - Please visit for latest on DPRK/Russia/China/et al.)
[ Post Reply | Private Reply | To 12 | View Replies]

To: Clint Williams

Gee, just as I was thinking of building a new computer with new mob and quad core CPU and maybe using Vista 64 bit, along comes this bad news.

Currently using XP Pro 32 bit and wanting to switch to 64 bit for the ability to use more than 4 gigs of RAM, but being concerned about the rumored lack of drivers, etc. for it,....... What’s a geek to do?


19 posted on 08/08/2008 9:58:32 AM PDT by garyhope (It's world war IV, right here, right now courtesy of Islam. VRWC. TWP.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

ping...


20 posted on 08/08/2008 10:00:18 AM PDT by TheBattman (Vote your conscience, or don't complain about RINOs!)
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-6061-8081-92 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson