Big Surprise: Security Holes Found In Vista

from the open-windows dept

Throughout the (longer than expected) development of Vista, Microsoft has worked hard to push the idea that it wouldn't be burdened by the same sort of security problems as older versions of Windows. The company has beefed up the built-in security features and services of the software, much to the chagrin of some third-party security developers and the European Union, and one of its execs gave people the idea that Vista wouldn't need anti-virus software. Given all that, it's still not surprising to hear that researchers and hackers have found plenty of flaws in Vista, even before it's been released to consumers. It's the same type of stuff that's plagued Windows XP, like a browser flaw and a user-privileges hack, and just the sort of thing most people were expecting despite the company's incessant talk about Vista being more secure. The bad news for Microsoft is that things are probably only going to get worse: a new version of Windows was bound to be a massive target for hackers, and the company's security hype has likely only made it an even bigger one.

Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Coward, Dec 26th, 2006 @ 1:19am

    Two words.... ha. ha.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    John Bailey, Dec 26th, 2006 @ 1:45am

    Hands up all those who were surprised to hear this. Any bets on how long before a really big security breach in this most secure OS?

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Dec 26th, 2006 @ 1:49am

    There you go. We knew this. No Open Source, no party.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Paul, Dec 26th, 2006 @ 1:49am

    So What

    no matter how many security problems the new windows will have, microsoft has brought us the best software and operating systems of all time. I like microsoft and will never be a Mac user, and half the people that talk bad about Microsoft use a windows operated system.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Dec 26th, 2006 @ 1:50am

    It's nothing more than should be expected.
    No operating system that takes the kind of atention that windows takes will ever be totally safe.

    Is there any vault impossible to crack?

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Max Rubin, Dec 26th, 2006 @ 3:25am

    Inherent Flaws in Any New Operating System

    Welcome to life.
    Any new opeating system is going to have security holes.
    It is a fact of life such as when new drugs are released .
    The product may have been tested and retested in "real life situations" > but it is only when out in the field with the vast numbers of users that reality and percentages kick in.
    1/1000 of 1 % of zillions of users is still a lot of people.
    Every Microsoft Windows system that has been released ( all the way from Windows 3.0) was touted as "the most secure system ever.".
    Windows Vista has a brand new network stack.
    It took Windows XP till the release of Service Pack 2 (SP2) to finally get its security act in control.
    Welcome to life.
    Hopefully the advantages of Vista are more than pretty colors on the screen and utilities that can be found 3rd party which wll work on much less demanding computers and much less demanding computer operating systems.
    www.adgerlinux.com

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Hector Flores, Dec 26th, 2006 @ 3:55am

    Vista Holes

    Stick with Windows XP for now, at least most flaws and security holes have been worked out of the OS.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    The infamous Joe, Dec 26th, 2006 @ 3:56am

    Rolled up newspaper.

    I understand why they did it, but they really shouldn't have made such a big deal about how secure it may or may not be.

    It looks as if they double dog dared every hacker saying that they couldn't do it.. for shame, Microsoft. For shame.

    My Vista copy is in the mail-- I, personally, can't wait!

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    PSPguru, Dec 26th, 2006 @ 3:58am

    Linux Rules

    Back to my trusty [user supported] linux

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Dec 26th, 2006 @ 4:16am

    Why do you people think it was released to corporations and the black market a few months before official release?
    A lot of people think that companies don't intentionally make it possible for hackers and enthusiasts to download illegal copies of their software. They do, it's the test bed for their software. If it's not GNU, it has to be tested some way, and an OS like Vista, needs a lot of testers.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Annoyed, Dec 26th, 2006 @ 5:42am

    Two more words...

    Two more words- fuck off to all of the goddamned haters.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Life goes on, Dec 26th, 2006 @ 6:09am

    Move on

    A friend of mine had his 2007 FJ Cruiser stolen last week. You'd think that after 100 years manufacturing automobiles, they could produce a new model that was unable to be stolen/hijacked.

    Nothing will ever 100% secure.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Chronno S. Trigger, Dec 26th, 2006 @ 6:17am

    I have an idea

    Somebody get me Microsoft's suggestion line. I have one that would simultaneously increase there security and profit margin.

    JUST MAKE AN OPERATING SYSTEM. take out all the addons that add all the security holes. For example. have you ever counted how many patches there are for outlook express? I get one almost every update and I don't use it.

    Take out the firewall, anti virus, messenger, MSN and all the other crap no one uses. Put in a rudimentary browser and let people download what they may want from microsoft's web site or AOL's or FireFox.

    The less there is in a operating system the smaller the target.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous, Dec 26th, 2006 @ 6:19am

    Re: So What

    You not the smartest person in the world i see. Macintosh has the best of everything

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Halb, Dec 26th, 2006 @ 6:35am

    Who's to blame

    Let's not forget that, unless willfull negligence is to blame, it is not the vendor's fault if someone wrecks or misuses their product. The culprit in our software world is the hackers, those people who abuse technology to waste billions of our personal and corporate dollars per year.

    There is nothing imoral or illegal about selling a software OS, even if it not tested to perfection. There is something illegal about exploiting a product to wreck a business or to extract confidential information to which you have no rights.

    Why can't we shame the hacker community instead of deriding software manufacturers? Its analgous to complaining about Homeland Security being so inept while defending Osama's right to try to kill us.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    KeithGap, Dec 26th, 2006 @ 6:54am

    Most Secure Windows Ever!

    I wish they'd stop saying that. It's a brand new, untested operating system. By that alone, it's not the most secure Windows ever. It might have the most security features enabled from the get-go, but it will be till SP2 before it's really secure.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    alternatives, Dec 26th, 2006 @ 6:56am

    Two more words- fuck off to all of the goddamned haters.

    Errr, we should love flaws and just say 'good enough'?

    Macintosh has the best of everything

    Yes, that would be FreeBSD at its core.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    that's the plan, Dec 26th, 2006 @ 6:56am

    Re: I have an idea

    Well, based on reports, if Gates keeps to the sidelines, the new Tech-head at MS plans to do exactly that. Smaller, modularized OS with licensed add-ons. He's very anti-bloatware. It could be that the next OS will function along those lines. It will require a signifcant adjustment of the MS financial model, but he believes in techno-darwinism...adapt or die.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Gene, Dec 26th, 2006 @ 7:10am

    Re: Linux Rules

    Linux has just as many flaws...just not as big of a target on it. If it had the marketshare that Microsoft had, then it would be known as current "Establishment" fare. Then all of the anarchist, anti-establishment geeks out there would aim to and succeed in shooting holes in it like swiss cheese. I run Apache webserver on a Linux box (going on 8 years now) and can tell you stories of it being hacked also.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Gene, Dec 26th, 2006 @ 7:15am

    Re: Re: So What

    "You not the smartest person in the world i see. Macintosh has the best of everything"

    Generalizations like this show just how little someone knows about overall application. Macs have their advantages in the Art and Music world. I have one in my art dept now. The DO NOT have the best of EVERTHING. Try to run a relational database (like SQL) on one and you'll soon be looking for razor-blades for your wrists and inquiring about the kool-aid recipes used in Jonestown.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Trvth Jvstice, Dec 26th, 2006 @ 7:22am

    Vista

    I imagine that when the product is officially realeased in stores, Microsoft will have fixed the seurity issiues the the OP referred to. But, as much attention as Microsoft draws from hackers, I can't imagine it ever being totally safe.

    With XP, I simply keep my computer updated and a good virus and spyware program and I have Never had a problem.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    The infamous Joe, Dec 26th, 2006 @ 7:23am

    Mr. Alternatives.

    I agree that macs have the best of everything-- if by 'everything' you mean 'some things'.

    The simple fact is that I want an OS that runs the programs I want to run-- not an OS that can run a program to run programs I want to run.

    If I wanted to make a computer-animated movie, I'd get a mac. It has plenty of strong points-- just not strong points I care about.

    The number of people who want to punch holes in macs is significantly smaller that people trying to hack MS-- if you mac fanboys had your way and we all blindly bought compters with pretty cases, then hackers would turn their eyes to the OS X, and you'd be in the same boat.

    I think you should pretend macs are a secret, keep quiet and hope they don't get more popular.

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    MacDaddy, Dec 26th, 2006 @ 7:43am

    Re: Re: Re: So What

    You're way off, son! Filemaker is a fabulous intuitive relational database suite which runs as smooth as silk on the Mac, so don't blame your headaches on anybody but Bill (the Pirate) Gates. You dinosaur PC'ers are the razor blade users, and you know it. Have a nice day! I will! On my Mac!

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Anonymous Coward, Dec 26th, 2006 @ 8:00am

    Wow, im Surpised!

    Im not really Surprised by this. Microsoft should learn, they are the "biggest" OS makers, and the biggest pig heads. of course everybody (hacker) is gonna target you. and gonna find something that even you don't know about.


    kinda reminds me of a joke. "whats the difference between a car salesman, and a software salesman?" - "only the car salesman knows when he's lieing"

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Anonymous Coward, Dec 26th, 2006 @ 8:19am

    Default privs

    I thought that Vista was supposed to be like other OS's in that you don't have administrative privileges by default. Is that not the case? If it were, wouldn't these security problems be much less severe?

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    PT, Dec 26th, 2006 @ 8:20am

    Re: Re: Linux Rules

    Did the flaws in Apache allow a hacker to control the machine as root or just compromised the web server? There's a big difference there.

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    Jon, Dec 26th, 2006 @ 8:37am

    Re: Mr. Alternatives.

    OSX not just more secure because there are fewer people trying to hack it. Same goes for Linux. That myth has been debunked so many times it's just stupid.

    I really wish people like you would stop spreading FUD like that. Windows and Internet Explorer are insecure by design. The situation has improved a little over the years, but not totally.

    But yeah, if you don't have a clue what you're talking about, you don't have business saying things like: "The number of people who want to punch holes in macs is significantly smaller that people trying to hack MS" and "Linux has just as many flaws...just not as big of a target on it."

    "I run Apache webserver on a Linux box (going on 8 years now) and can tell you stories of it being hacked also."

    That could be Apache, not Linux, that has flaws. There could also be something stupid about how you have Apache set up and configured. There could also be something stupid about permissions you have on files that are accessible to the Internet. You also might have flaws in your web page code. You might also have something stupid in your MySQL set up.

    At any rate, I'm sure your "8 years" of running an Apache server have been a helluva lot better than anyone's 8 years on an IIS server.

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Captain, Dec 26th, 2006 @ 9:01am

    Microsoft Sucks

    Everything they release has known problems.. Yes, Microsoft releases these products knowing they have flaws.. This is so they can make money on their product while engineers develope the patches. It is a very shitty way of doing business and I have begun switching to competitor products.. Look at Novell. They are great. Microsoft has major bugs in IE7 but they don't tell you anywhere on their site. I spent two days working out bugs in IE7 and Outlook2003. Even their support would not admit there were problems until I escalated to the highest level.. They are criminals in my mind. They sell shoddy products and expect you to pay to fix them in both time and money. Netware has not had a single bug in our network for the past 2 years... Get rid of Microsoft and maybe they will start doing something about quality as their install base diminishes. People would rather complain than act it seems. So...shutup or get rid of Windows. Its your choice.

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    ChaOS, Dec 26th, 2006 @ 9:17am

    Re: I have an idea

    o yeah, lets take out A/V and a firewall that 90% of elder people would probably never put on and that will make us more secure???

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    pastco, Dec 26th, 2006 @ 9:45am

    First of Allchin wasn't saying it didn't need anti-virus software - he was just making the point that he felt better about his kid using vista than xp. Such typical FUD to pretend he was really advocating not using anti-virus. Only the simpleminded believe that. As for the flaws - there are two - all theory so far. Lame article.

     

    reply to this | link to this | view in thread ]

  31.  
    identicon
    Usuk, Dec 26th, 2006 @ 10:05am

    For you idiots

    saying no OS is 100% secure and having stupid stories of stolen vehicles.... M$ can at least aim to get 50% secure.

     

    reply to this | link to this | view in thread ]

  32.  
    identicon
    Usuk, Dec 26th, 2006 @ 10:05am

    For you idiots

    saying no OS is 100% secure and having stupid stories of stolen vehicles.... M$ can at least aim to get 50% secure.

     

    reply to this | link to this | view in thread ]

  33.  
    identicon
    Anonymous Coward, Dec 26th, 2006 @ 10:15am

    Re: Move on

    liar

     

    reply to this | link to this | view in thread ]

  34.  
    identicon
    Anonymous Coward, Dec 26th, 2006 @ 10:16am

    Re: Move on

    liar...althought i get ur point

     

    reply to this | link to this | view in thread ]

  35.  
    identicon
    Anonymous Coward, Dec 26th, 2006 @ 11:19am

    1 Word:

    1 Word: WOOT!

     

    reply to this | link to this | view in thread ]

  36.  
    identicon
    Anonymous Coward, Dec 26th, 2006 @ 11:22am

    ?

    why hype it up when ms knows that will just attract more hackers?

     

    reply to this | link to this | view in thread ]

  37.  
    identicon
    Anonymous Coward, Dec 26th, 2006 @ 11:33am

    lawl

    So obviously anyone surprised by this is probably a big fan of John Madden.

     

    reply to this | link to this | view in thread ]

  38.  
    identicon
    Anonymous Coward, Dec 26th, 2006 @ 11:35am

    What do you guys mean hyping it up will attract more hackers? Are you kidding, you honestly think there are hackers who have never heard of Vista? If anything less hackers would be going after M$ because they are bored at how easy it is.

     

    reply to this | link to this | view in thread ]

  39.  
    identicon
    Funny, Dec 26th, 2006 @ 11:54am

    Hard tellin'

    Ironic that the debate was fairly sensicle and intelligent until the Mac fanbois showed-up and ruined the thread.

     

    reply to this | link to this | view in thread ]

  40.  
    identicon
    Sigh, Dec 26th, 2006 @ 1:13pm

    Re: Move on

    What did you expect? Thats what u get for buying a toyota

     

    reply to this | link to this | view in thread ]

  41.  
    identicon
    Chronno S. Trigger, Dec 26th, 2006 @ 2:01pm

    Re: Re: I have an idea

    You mean all those elderly people running windows ME? Vista isn't out yet so if they won't install an anti-virus then they don't have one. Plus how many elderly people are going to upgrade to vista without help from more tech savvy people?

    The thing that makes me mad is that vista disables the ability to install third party antivirus. the kernel is blocked from them.

     

    reply to this | link to this | view in thread ]

  42.  
    identicon
    Trvth Jvstice, Dec 26th, 2006 @ 2:29pm

    People should be aiming their contempt towards the thousands of hackers that screw with Microsoft products rather instead of Microsoft.

    I've been using Microsoft products since Windows 95 and I've had few few problems -zero problems with XP. If you keep your computer updated, use an antivirus and spyware protection, you should never have any problems.

    The vast majority of problems that people have with XP is when they go to porn or warez or other "bad" sites and click "yes" to use this active x control or download bad software.

    Microsoft made a great product which is easy to use and runs great. They have to constantly run updates ONLY because of the stupid hackers.

     

    reply to this | link to this | view in thread ]

  43.  
    identicon
    Do some research, Dec 26th, 2006 @ 3:36pm

    Re: Chrono

    >>The thing that makes me mad is that vista disables the ability to install third party antivirus. the kernel is blocked from them.

     

    reply to this | link to this | view in thread ]

  44.  
    identicon
    past_a, Dec 27th, 2006 @ 1:36am

    Here is a link to people who actually investigate this stuff rather than mindlessly pushing FUD like brain dead Tech Dirt posters:

    http://www.betanews.com/article/Is_Vista_Really_BugPlagued_as_the_NY_Times_Claims/116717 6211

     

    reply to this | link to this | view in thread ]

  45.  
    identicon
    Anne Nonmousey, Jan 4th, 2007 @ 6:45am

    Re: So What

    If half of the people complaining about 'microsoft' use their OS, that tells me they HAVE TO USE IT at work you idiot.

    They don't have a CHOICE.

    "I like MS and will never be a Mac user"



    Nice try astroturfer.

     

    reply to this | link to this | view in thread ]

  46.  
    identicon
    Fred, Jan 28th, 2007 @ 8:57am

    Re: So What

    paul,

    One thing you can count on is change. How you adapt to change determines how successful you are in this world. Adapt poorly, you fall behind. Adapt well, and you succeed. Are your statements based upon a emotional attachment to the product or do you have examples of windows being the best O.S.?

    I do not hate/dislike Windows or any other operating system any more than a Chevy vs. Ford vs. Lexus. And, yes people do take sides, but I still do not understand their logic. It exists. I am a tech professional and I must use it. I prefer other operating systems but if I must, I can function just dandy with another. No biggy.

    But, most of the time when I hear statements like this it is because of ignorance and complacency rather that a real evaluation of the pros and cons. I hope this is not the case with you.

    I am intrigued at statements like this. Please expand on this so I can understand you :-)

    I am interested to hear more on this.

    Fred

    PS: "640K is more memory than anyone will ever need.' ;-)

     

    reply to this | link to this | view in thread ]

  47.  
    identicon
    Syphon, Jan 31st, 2007 @ 5:11am

    Re: I have an idea

    You forget who this is aimed at. EVERYBODY.
    Which Grandmother is going to download and configure a firewall. Which novice is going to know what to do. MS is doing the right thing, why do u think it is such a success story.
    I love Linux, Solaris and Windows XP. All for different reasons.

     

    reply to this | link to this | view in thread ]

  48.  
    identicon
    Syphon, Jan 31st, 2007 @ 5:12am

    Re: Re: So What

    640k? NEED 'PRAT', NOT 'WANT'

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
Advertisement
Essential Reading
Techdirt Deals
Techdirt Insider Chat
Techdirt Reading List
Advertisement
Recent Stories
Advertisement
Support Techdirt - Get Great Stuff!

Close

Email This

This feature is only available to registered users. Register or sign in to use it.