This is a short scary list of what happened in the Windows Vista security land lately:
- Microsoft Live OneCare Antivirus fails to protect,
- There is already an audio file exploit for Windows Vista
- The black market allegedly sells another Vista exploit for $50.000
- Russian hackers post instructions to escalate your privileges while running Vista
Quite a punch in the face for the marketing propaganda advertising Microsoft’s new Vista operating system as “the most secure version of Windows yet”, isn’t it?
The truth is that there is nothing to stop both white and black hat hackers from exposing Vista vulnerabilities. Unless you simply enjoy acting as an experimental Microsoft guinea pig, it’s best to wait before trying to run Windows Vista.
1.Live OneCare failure
Quite alarming were recent disclosures that Microsoft’s own Live OneCare antivirus program, tailored specifically for Vista, is unable to block many well-known computer viruses. Another antivirus package from McAfee also fails to do the job. This carry out predictions made in early 2006 by antivirus firm Symantec (maker of Norton AntiVirus) that, because of Microsoft’s malfunction to provide ways for antivirus programmers to fully integrate their products with Vista, many antivirus programs would have a hard time protecting Vista users. I guess that includes Microsoft, as well.
2. Privilege escalation
Russian hackers posted directions to an underground forum explaining how to implement “privilege escalation,” which could bypass some Vista security measures. This hack could escalate the “privileges” of a normal Vista user into that of a “superuser,” allowing him to change everything he desired on the system. This would be mostly dangerous in a corporate environment where normal computer users have limited privileges, in that they cannot install programs, visit certain Web sites, etc. This threat is considered so serious that Microsoft has scrambled its “Security Response Center,” which is apparently is still trying to figure out what to do.
3. Audio exploit file
Microsoft also recently acknowledged that Vista’s built-in speech recognition software could be exploited by bad guys to delete files and even shut the computer down. This wacky (and quite clever) hack works something like this: A Vista user downloads and plays a malicious audio file, probably thinking that it’s the latest Toby Keith song. Instead, the audio file begins barking commands through the computer’s speakers, such as, “Delete all files in the ‘My Documents’ folder,” or, “System shut down.” These verbal commands are picked up by the computer’s microphone, processed by the built-in speech recognition software, and the computer obeys. Crazy, huh?
4. $50,000 price tag for an exploit
Research done by Tokyo-based security vendor Trend Micro, makers of the popular PC-cillin antivirus products, has uncovered the existence of ongoing eBay-style black hat hacker auctions where attack programs that can be used to compromise Vista computers are being bought and sold for as much as $50,000. Reports are that, in order to steal as much money as possible, computer criminals are biding their time and building their arsenals, waiting for Vista to be installed on more computers around the world before unleashing their most powerful Vista-busting weapons.
In the face of known Vista security holes, Microsoft spokesmen have been unapologetic. Stephen Toulouse, senior product manager at Microsoft’s “Trustworthy Computing Group,” told CNN, “We know from the outset that we won’t get the software code 100 percent right … but Windows Vista has multiple layers of defense.” Another Microsoft representative told ZDNet, “It’s important to remember that no software is 100 percent secure.”
Still, I wonder, “Why is it important for me to remember that no software is 100 percent secure? Oh, yeah, so I’ll remember to hold off on installing Windows Vista.”
Said one very irritated and frustrated Vista early adopter, “I should have bought a Mac.”
Full source
|
