Big Surprise: Security Holes Found In Vista

from the open-windows dept

Tue, Dec 26th 2006 12:37am — Carlo Longino

Throughout the (longer than expected) development of Vista, Microsoft has worked hard to push the idea that it wouldn't be burdened by the same sort of security problems as older versions of Windows. The company has beefed up the built-in security features and services of the software, much to the chagrin of some third-party security developers and the European Union, and one of its execs gave people the idea that Vista wouldn't need anti-virus software. Given all that, it's still not surprising to hear that researchers and hackers have found plenty of flaws in Vista, even before it's been released to consumers. It's the same type of stuff that's plagued Windows XP, like a browser flaw and a user-privileges hack, and just the sort of thing most people were expecting despite the company's incessant talk about Vista being more secure. The bad news for Microsoft is that things are probably only going to get worse: a new version of Windows was bound to be a massive target for hackers, and the company's security hype has likely only made it an even bigger one.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

48 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 26 Dec 2006 @ 1:19am

Two words.... ha. ha.
[ link to this | view in chronology ]
John Bailey, 26 Dec 2006 @ 1:45am

Hands up all those who were surprised to hear this. Any bets on how long before a really big security breach in this most secure OS?
[ link to this | view in chronology ]
Anonymous Coward, 26 Dec 2006 @ 1:49am

There you go. We knew this. No Open Source, no party.
[ link to this | view in chronology ]
Paul, 26 Dec 2006 @ 1:49am

So What
no matter how many security problems the new windows will have, microsoft has brought us the best software and operating systems of all time. I like microsoft and will never be a Mac user, and half the people that talk bad about Microsoft use a windows operated system.
[ link to this | view in chronology ]
- Anonymous, 26 Dec 2006 @ 6:19am
  
  Re: So What
  You not the smartest person in the world i see. Macintosh has the best of everything
  [ link to this | view in chronology ]
  - Gene, 26 Dec 2006 @ 7:15am
    
    Re: Re: So What
    "You not the smartest person in the world i see. Macintosh has the best of everything"
    
    Generalizations like this show just how little someone knows about overall application. Macs have their advantages in the Art and Music world. I have one in my art dept now. The DO NOT have the best of EVERTHING. Try to run a relational database (like SQL) on one and you'll soon be looking for razor-blades for your wrists and inquiring about the kool-aid recipes used in Jonestown.
    [ link to this | view in chronology ]
    - MacDaddy, 26 Dec 2006 @ 7:43am
      
      Re: Re: Re: So What
      You're way off, son! Filemaker is a fabulous intuitive relational database suite which runs as smooth as silk on the Mac, so don't blame your headaches on anybody but Bill (the Pirate) Gates. You dinosaur PC'ers are the razor blade users, and you know it. Have a nice day! I will! On my Mac!
      [ link to this | view in chronology ]
- Anne Nonmousey, 4 Jan 2007 @ 6:45am
  
  Re: So What
  If half of the people complaining about 'microsoft' use their OS, that tells me they HAVE TO USE IT at work you idiot.
  
  They don't have a CHOICE.
  
  "I like MS and will never be a Mac user"
  
  Nice try astroturfer.
  [ link to this | view in chronology ]
- Fred, 28 Jan 2007 @ 8:57am
  
  Re: So What
  paul,
  
  One thing you can count on is change. How you adapt to change determines how successful you are in this world. Adapt poorly, you fall behind. Adapt well, and you succeed. Are your statements based upon a emotional attachment to the product or do you have examples of windows being the best O.S.?
  
  I do not hate/dislike Windows or any other operating system any more than a Chevy vs. Ford vs. Lexus. And, yes people do take sides, but I still do not understand their logic. It exists. I am a tech professional and I must use it. I prefer other operating systems but if I must, I can function just dandy with another. No biggy.
  
  But, most of the time when I hear statements like this it is because of ignorance and complacency rather that a real evaluation of the pros and cons. I hope this is not the case with you.
  
  I am intrigued at statements like this. Please expand on this so I can understand you :-)
  
  I am interested to hear more on this.
  
  Fred
  
  PS: "640K is more memory than anyone will ever need.' ;-)
  [ link to this | view in chronology ]
  - Syphon, 31 Jan 2007 @ 5:12am
    
    Re: Re: So What
    640k? NEED 'PRAT', NOT 'WANT'
    [ link to this | view in chronology ]
Anonymous Coward, 26 Dec 2006 @ 1:50am

It's nothing more than should be expected.
No operating system that takes the kind of atention that windows takes will ever be totally safe.

Is there any vault impossible to crack?
[ link to this | view in chronology ]
- Funny, 26 Dec 2006 @ 11:54am
  
  Hard tellin'
  Ironic that the debate was fairly sensicle and intelligent until the Mac fanbois showed-up and ruined the thread.
  [ link to this | view in chronology ]
Max Rubin, 26 Dec 2006 @ 3:25am

Inherent Flaws in Any New Operating System
Welcome to life.
Any new opeating system is going to have security holes.
It is a fact of life such as when new drugs are released .
The product may have been tested and retested in "real life situations" > but it is only when out in the field with the vast numbers of users that reality and percentages kick in.
1/1000 of 1 % of zillions of users is still a lot of people.
Every Microsoft Windows system that has been released ( all the way from Windows 3.0) was touted as "the most secure system ever.".
Windows Vista has a brand new network stack.
It took Windows XP till the release of Service Pack 2 (SP2) to finally get its security act in control.
Welcome to life.
Hopefully the advantages of Vista are more than pretty colors on the screen and utilities that can be found 3rd party which wll work on much less demanding computers and much less demanding computer operating systems.
www.adgerlinux.com
[ link to this | view in chronology ]
Hector Flores, 26 Dec 2006 @ 3:55am

Vista Holes
Stick with Windows XP for now, at least most flaws and security holes have been worked out of the OS.
[ link to this | view in chronology ]
The infamous Joe, 26 Dec 2006 @ 3:56am

Rolled up newspaper.
I understand why they did it, but they really shouldn't have made such a big deal about how secure it may or may not be.

It looks as if they double dog dared every hacker saying that they couldn't do it.. for shame, Microsoft. For shame.

My Vista copy is in the mail-- I, personally, can't wait!
[ link to this | view in chronology ]
PSPguru, 26 Dec 2006 @ 3:58am

Linux Rules
Back to my trusty [user supported] linux
[ link to this | view in chronology ]
- Gene, 26 Dec 2006 @ 7:10am
  
  Re: Linux Rules
  Linux has just as many flaws...just not as big of a target on it. If it had the marketshare that Microsoft had, then it would be known as current "Establishment" fare. Then all of the anarchist, anti-establishment geeks out there would aim to and succeed in shooting holes in it like swiss cheese. I run Apache webserver on a Linux box (going on 8 years now) and can tell you stories of it being hacked also.
  [ link to this | view in chronology ]
  - PT, 26 Dec 2006 @ 8:20am
    
    Re: Re: Linux Rules
    Did the flaws in Apache allow a hacker to control the machine as root or just compromised the web server? There's a big difference there.
    [ link to this | view in chronology ]
Anonymous Coward, 26 Dec 2006 @ 4:16am

Why do you people think it was released to corporations and the black market a few months before official release?
A lot of people think that companies don't intentionally make it possible for hackers and enthusiasts to download illegal copies of their software. They do, it's the test bed for their software. If it's not GNU, it has to be tested some way, and an OS like Vista, needs a lot of testers.
[ link to this | view in chronology ]
Annoyed, 26 Dec 2006 @ 5:42am

Two more words...
Two more words- fuck off to all of the goddamned haters.
[ link to this | view in chronology ]
Life goes on, 26 Dec 2006 @ 6:09am

Move on
A friend of mine had his 2007 FJ Cruiser stolen last week. You'd think that after 100 years manufacturing automobiles, they could produce a new model that was unable to be stolen/hijacked.

Nothing will ever 100% secure.
[ link to this | view in chronology ]
- Anonymous Coward, 26 Dec 2006 @ 10:15am
  
  Re: Move on
  liar
  [ link to this | view in chronology ]
- Anonymous Coward, 26 Dec 2006 @ 10:16am
  
  Re: Move on
  liar...althought i get ur point
  [ link to this | view in chronology ]
- Sigh, 26 Dec 2006 @ 1:13pm
  
  Re: Move on
  What did you expect? Thats what u get for buying a toyota
  [ link to this | view in chronology ]
Chronno S. Trigger, 26 Dec 2006 @ 6:17am

I have an idea
Somebody get me Microsoft's suggestion line. I have one that would simultaneously increase there security and profit margin.

JUST MAKE AN OPERATING SYSTEM. take out all the addons that add all the security holes. For example. have you ever counted how many patches there are for outlook express? I get one almost every update and I don't use it.

Take out the firewall, anti virus, messenger, MSN and all the other crap no one uses. Put in a rudimentary browser and let people download what they may want from microsoft's web site or AOL's or FireFox.

The less there is in a operating system the smaller the target.
[ link to this | view in chronology ]
- that's the plan, 26 Dec 2006 @ 6:56am
  
  Re: I have an idea
  Well, based on reports, if Gates keeps to the sidelines, the new Tech-head at MS plans to do exactly that. Smaller, modularized OS with licensed add-ons. He's very anti-bloatware. It could be that the next OS will function along those lines. It will require a signifcant adjustment of the MS financial model, but he believes in techno-darwinism...adapt or die.
  [ link to this | view in chronology ]
- ChaOS, 26 Dec 2006 @ 9:17am
  
  Re: I have an idea
  o yeah, lets take out A/V and a firewall that 90% of elder people would probably never put on and that will make us more secure???
  [ link to this | view in chronology ]
  - Chronno S. Trigger, 26 Dec 2006 @ 2:01pm
    
    Re: Re: I have an idea
    You mean all those elderly people running windows ME? Vista isn't out yet so if they won't install an anti-virus then they don't have one. Plus how many elderly people are going to upgrade to vista without help from more tech savvy people?
    
    The thing that makes me mad is that vista disables the ability to install third party antivirus. the kernel is blocked from them.
    [ link to this | view in chronology ]
    - Do some research, 26 Dec 2006 @ 3:36pm
      
      Re: Chrono
      >>The thing that makes me mad is that vista disables the ability to install third party antivirus. the kernel is blocked from them.
      [ link to this | view in chronology ]
- Syphon, 31 Jan 2007 @ 5:11am
  
  Re: I have an idea
  You forget who this is aimed at. EVERYBODY.
  Which Grandmother is going to download and configure a firewall. Which novice is going to know what to do. MS is doing the right thing, why do u think it is such a success story.
  I love Linux, Solaris and Windows XP. All for different reasons.
  [ link to this | view in chronology ]
Halb, 26 Dec 2006 @ 6:35am

Who's to blame
Let's not forget that, unless willfull negligence is to blame, it is not the vendor's fault if someone wrecks or misuses their product. The culprit in our software world is the hackers, those people who abuse technology to waste billions of our personal and corporate dollars per year.

There is nothing imoral or illegal about selling a software OS, even if it not tested to perfection. There is something illegal about exploiting a product to wreck a business or to extract confidential information to which you have no rights.

Why can't we shame the hacker community instead of deriding software manufacturers? Its analgous to complaining about Homeland Security being so inept while defending Osama's right to try to kill us.
[ link to this | view in chronology ]
KeithGap, 26 Dec 2006 @ 6:54am

Most Secure Windows Ever!
I wish they'd stop saying that. It's a brand new, untested operating system. By that alone, it's not the most secure Windows ever. It might have the most security features enabled from the get-go, but it will be till SP2 before it's really secure.
[ link to this | view in chronology ]
alternatives, 26 Dec 2006 @ 6:56am

Two more words- fuck off to all of the goddamned haters.

Errr, we should love flaws and just say 'good enough'?

Macintosh has the best of everything

Yes, that would be FreeBSD at its core.
[ link to this | view in chronology ]
Trvth Jvstice, 26 Dec 2006 @ 7:22am

Vista
I imagine that when the product is officially realeased in stores, Microsoft will have fixed the seurity issiues the the OP referred to. But, as much attention as Microsoft draws from hackers, I can't imagine it ever being totally safe.

With XP, I simply keep my computer updated and a good virus and spyware program and I have Never had a problem.
[ link to this | view in chronology ]
The infamous Joe, 26 Dec 2006 @ 7:23am

Mr. Alternatives.
I agree that macs have the best of everything-- if by 'everything' you mean 'some things'.

The simple fact is that I want an OS that runs the programs I want to run-- not an OS that can run a program to run programs I want to run.

If I wanted to make a computer-animated movie, I'd get a mac. It has plenty of strong points-- just not strong points I care about.

The number of people who want to punch holes in macs is significantly smaller that people trying to hack MS-- if you mac fanboys had your way and we all blindly bought compters with pretty cases, then hackers would turn their eyes to the OS X, and you'd be in the same boat.

I think you should pretend macs are a secret, keep quiet and hope they don't get more popular.
[ link to this | view in chronology ]
- Jon, 26 Dec 2006 @ 8:37am
  
  Re: Mr. Alternatives.
  OSX not just more secure because there are fewer people trying to hack it. Same goes for Linux. That myth has been debunked so many times it's just stupid.
  
  I really wish people like you would stop spreading FUD like that. Windows and Internet Explorer are insecure by design. The situation has improved a little over the years, but not totally.
  
  But yeah, if you don't have a clue what you're talking about, you don't have business saying things like: "The number of people who want to punch holes in macs is significantly smaller that people trying to hack MS" and "Linux has just as many flaws...just not as big of a target on it."
  
  "I run Apache webserver on a Linux box (going on 8 years now) and can tell you stories of it being hacked also."
  
  That could be Apache, not Linux, that has flaws. There could also be something stupid about how you have Apache set up and configured. There could also be something stupid about permissions you have on files that are accessible to the Internet. You also might have flaws in your web page code. You might also have something stupid in your MySQL set up.
  
  At any rate, I'm sure your "8 years" of running an Apache server have been a helluva lot better than anyone's 8 years on an IIS server.
  [ link to this | view in chronology ]
Anonymous Coward, 26 Dec 2006 @ 8:00am

Wow, im Surpised!
Im not really Surprised by this. Microsoft should learn, they are the "biggest" OS makers, and the biggest pig heads. of course everybody (hacker) is gonna target you. and gonna find something that even you don't know about.

kinda reminds me of a joke. "whats the difference between a car salesman, and a software salesman?" - "only the car salesman knows when he's lieing"
[ link to this | view in chronology ]
Anonymous Coward, 26 Dec 2006 @ 8:19am

Default privs
I thought that Vista was supposed to be like other OS's in that you don't have administrative privileges by default. Is that not the case? If it were, wouldn't these security problems be much less severe?
[ link to this | view in chronology ]
Captain, 26 Dec 2006 @ 9:01am

Microsoft Sucks
Everything they release has known problems.. Yes, Microsoft releases these products knowing they have flaws.. This is so they can make money on their product while engineers develope the patches. It is a very shitty way of doing business and I have begun switching to competitor products.. Look at Novell. They are great. Microsoft has major bugs in IE7 but they don't tell you anywhere on their site. I spent two days working out bugs in IE7 and Outlook2003. Even their support would not admit there were problems until I escalated to the highest level.. They are criminals in my mind. They sell shoddy products and expect you to pay to fix them in both time and money. Netware has not had a single bug in our network for the past 2 years... Get rid of Microsoft and maybe they will start doing something about quality as their install base diminishes. People would rather complain than act it seems. So...shutup or get rid of Windows. Its your choice.
[ link to this | view in chronology ]
pastco, 26 Dec 2006 @ 9:45am

First of Allchin wasn't saying it didn't need anti-virus software - he was just making the point that he felt better about his kid using vista than xp. Such typical FUD to pretend he was really advocating not using anti-virus. Only the simpleminded believe that. As for the flaws - there are two - all theory so far. Lame article.
[ link to this | view in chronology ]
Usuk, 26 Dec 2006 @ 10:05am

For you idiots
saying no OS is 100% secure and having stupid stories of stolen vehicles.... M$ can at least aim to get 50% secure.
[ link to this | view in chronology ]
Usuk, 26 Dec 2006 @ 10:05am

For you idiots
saying no OS is 100% secure and having stupid stories of stolen vehicles.... M$ can at least aim to get 50% secure.
[ link to this | view in chronology ]
Anonymous Coward, 26 Dec 2006 @ 11:19am

1 Word:
1 Word: WOOT!
[ link to this | view in chronology ]
Anonymous Coward, 26 Dec 2006 @ 11:22am

?
why hype it up when ms knows that will just attract more hackers?
[ link to this | view in chronology ]
Anonymous Coward, 26 Dec 2006 @ 11:33am

lawl
So obviously anyone surprised by this is probably a big fan of John Madden.
[ link to this | view in chronology ]
Anonymous Coward, 26 Dec 2006 @ 11:35am

What do you guys mean hyping it up will attract more hackers? Are you kidding, you honestly think there are hackers who have never heard of Vista? If anything less hackers would be going after M$ because they are bored at how easy it is.
[ link to this | view in chronology ]
Trvth Jvstice, 26 Dec 2006 @ 2:29pm

People should be aiming their contempt towards the thousands of hackers that screw with Microsoft products rather instead of Microsoft.

I've been using Microsoft products since Windows 95 and I've had few few problems -zero problems with XP. If you keep your computer updated, use an antivirus and spyware protection, you should never have any problems.

The vast majority of problems that people have with XP is when they go to porn or warez or other "bad" sites and click "yes" to use this active x control or download bad software.

Microsoft made a great product which is easy to use and runs great. They have to constantly run updates ONLY because of the stupid hackers.
[ link to this | view in chronology ]
past_a, 27 Dec 2006 @ 1:36am

Here is a link to people who actually investigate this stuff rather than mindlessly pushing FUD like brain dead Tech Dirt posters:

http://www.betanews.com/article/Is_Vista_Really_BugPlagued_as_the_NY_Times_Claims/116717 6211
[ link to this | view in chronology ]