Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

Microsoft acknowledges Vista kernel elevation vulnerability

By Scott M. Fulton, III, BetaNews

December 14, 2007, 11:45 AM

What was not supposed to happen in Windows Vista apparently has: Despite a layer of protection that was supposed to prevent against processes elevating their own privileges, Microsoft now says someone found a way to do it.

A Microsoft security bulletin written earlier this week but publicized this morning cites security software engineers SkyRecon Systems as having discovered a way for processes in both 32- and 64-bit versions of Windows Vista to elevate their own privilege to administrator level.

This discovery would likely be the latest in several months to thwart the designs of PatchGuard, Microsoft's series of measures for innovating the design of the operating system kernel in the interest of thwarting the most common attacks that plagued Windows XP. Last February, PatchGuard was theoretically defeated, using methodology made public by, ironically, Symantec.

Precise details of this latest vulnerability have not been released by either Microsoft or SkyRecon, most likely to protect the system. However, security engineers who have communicated with SkyRecon report the problem involves the Advanced Local Procedure Call (ALPC) system, which was updated for Vista to take advantage of the new kernel setup. Apparently a legacy provision for handling local procedure calls (as opposed to remote procedure calls, or RPCs) made the old-fashioned way, gave improper feedback which could be used in an exploit.

Microsoft has issued a security patch that addresses the ALPC issue.

Add a Comment (68 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By pforbes

posted Dec 18, 2007 - 2:14 AM

IMHO, in this very moment (maybe not before) there's a "conflict of interests" between MS and its old "benefactors", the OS security providers, who just now have to fight for their own security.

Score: 0

By simonw

posted Dec 16, 2007 - 6:42 PM

What a baffling news story, this security patch was part of a normal patch Tuesday, all the details were in the security bulletin and information published then. You had me looking for an important patch i had missed. I presume you are desperate for news. Perhaps you should start publishing "man bites dog" and other human interest stories; it would be more interesting than the continual arguments about Linux vs Windows.

Score: 0

By yountmj

posted Dec 16, 2007 - 10:10 PM

"A Microsoft security bulletin written earlier this week (Tuesday, Dec 11) but publicized this morning (Friday, Dec 14)..."

There's a difference between 'published' and 'publicized'.

Does that make it less baffling for you?

Score: 0

By ingram091

edited Dec 16, 2007 - 5:50 AM

The only disadvantage I have ever seen to unix is a lack of software packages for business. I mean Large Accounting packages... Payroll, Accounts receivables, Accounts payable, Budgeting, federal tax update support, General ledgers, Posting, Journal entries, balance reports, Fiscal reporting, Audit reporting, ect...

All of these things are unnecessary functions for most corporations, and unless you have a Programing staff on hand to make that for you in general, there is not to much out there in Unix to accommodate those needs.

Sure Databases, Communication management, Packet management, internet publishing and ect... are pretty straight forward in Unix. Indeed one could say thats the kind of stuff its best used for. But when it comes to teh Accounting aspects of business MS still has the dominating role in providing the stable platform for that to exist on.

As to great plains and sharepoint. Sorry but they are not that great IMHO. They have a ton of potential, but again they are not easily tailor made to do what a Corporation NEEDs it to do at time. Instead trying to be everything to everyone, and all the while only doing a fraction of what everyone needs.

Thats why there are large accounting systems out there still that dominate the industry, and are unwilling to conform to MS demands all the time. There is little need to, when MS keeps changing the rules to fit THEIR business models and benefit their programs alone. But even that did not hold true with Vista. Great plains was crippled instantly when the companies upgraded, and workstations went to Vista. Costing not only the tens of thousands for the OS upgrades at times , but anywhere from an additional 30 to 80 thousand to get the Great plains software updated to work in Vista environments using MS specialists that didn't have a clue how to do it, but took their sweet time in figuring it out for the early adopters. Now They want another 30 thousand for adding Sharepoint? Yea I think our managers learned their lesson on that front... DON'T TRY TO FIX WHAT IS NOT BROKEN.
If it was not for the justification of all that money I know for a fact their IT managers would go back to XP in a heartbeat so all the stuff would work as easily as it used too again.

The point is companies like SUN is trying to make Unix the more desirable system and someday will dominate all business world, but unless more accounting packages that allow corporate flexibility in their design and structure get released for unix, its going to take a long time to come about with MS pounding their propaganda at every turn on corporations.

Score: 0

By RejZoR

posted Dec 16, 2007 - 2:06 AM

Vista IS more secure than XP. Period.
Linux and MacOS are more secure just because they have minor userbase compared to Windows one and Linux is mostly populated by geeks who know how to secure the OS properly anyway. But on the other hand, Windows geeks know that too.
So in reality, there is no insecure OS, there are just secure and insecure users...
No OS will ever save you from your own stupidity.

Score: 0

By Banquo

edited Dec 16, 2007 - 3:35 AM

Wow, people are still spouting that old myth. BSD (and thus OS X) is more secure because it was built from the ground up with security in mind, NOT because there are fewer users. As for Vista being more secure than XP I think that remains to be seen. So far it's certainly not living up to their grand expectations.

The last part I certainly agree with, in the end it's up to the users to keep their systems secure. However some system are far better designed than others, and UNIX style systems ARE more secure than Windows. Period.

Score: 0

By septje

posted Dec 16, 2007 - 3:56 AM

Windows Vista was built from the ground up with Security in mind also. No operating system will ever be 100% secure. It's the nature of life. Defence in depth is the solution that all OS developers employ to ensure protection. Sure there may be an exploit now, but it would have to circumvent other levels of security before that can be used. And it's been patched. As far as i'm concerned... Problem solved.

Score: 0

By Tenoq

posted Dec 16, 2007 - 5:59 PM

Exactly as Banquo said - Vista was NOT built from the ground up - it's still based on and designed around legacy systems that had little or no focus on security. Linux and MacOS do not _just_ have security through obscurity.

Regardless, it's a moot point, is it not? The fact remains that Linux and MacOS ARE more secure. It doesn't matter the reason, it's just that they are. It might change in the future, but right now, the safest home user is one with a Linux or Mac PC.

Score: 0

By Banquo

edited Dec 16, 2007 - 12:00 PM

Vista was not built from the ground up period. It is based on the Server 2003 code base which was based on the XP SP2 and so forth going all the way back to the very first version of NT.

I never said that there was a 100% secure OS, I said that systems based on UNIX are far more secure than Windows because they were designed with in security in mind from the beginning. Windows was not. The only way to make it more secure is to scrap every bit of code, forget about backward's compatibility and start from scratch.

Score: 0

By zridling

posted Dec 17, 2007 - 12:21 PM

What Banquo said!

Score: 0

By Skyfrog

edited Dec 15, 2007 - 3:36 PM

I wonder if people who really believed all the hype that Vista was more secure than XP also still believe in Santa Claus. Vista introduced some new security features, unfortunately they sucked. UAC was a poorly designed failure that everyone turns off or ignores. Look at Linux and OS X, they are more secure than any version of Windows and without assaulting you with popup alerts every time you try to do something extremely dangerous like say, set your clock.

Set up and used properly XP is just as safe as Vista is, and you don't have to go out and buy a brand new computer to run it. If you're an idiot that runs without a firewall and AV program, opens email attachments, browses obvious malicious sites and runs content on them even when warned, downloads every "free flash game" some site offers you, well Vista isn't going to save you. The tech that you pay to clean all that crap off your computer every three weeks will.

Score: 0

By septje

posted Dec 16, 2007 - 3:58 AM

I didn't like UAC coming from XP to Vista. Then I used a Mac. Every time I want to do something, I need to SU. How is that any different from UAC. Both equally annoying, but both effective. IF USED. At the end of the day, you can't help someone that doesn't want help.

Score: 0

By yountmj

edited Dec 16, 2007 - 11:37 AM

Amen! Thank you.

I receive a far greater amount of security pop-ups in Ubuntu (or any other Linux variant) versus Windows Vista.

Microsoft is basically damned if they do, damned if they don't. They always have been. People are simply miffed that Windows behaves differently now than it used to. People typically do not like change.

Score: 0

By bourgeoisdude

edited Dec 15, 2007 - 9:20 PM

"I wonder if people who really believed all the hype that Vista was more secure than XP also still believe in Santa Claus."

What an introduction...I needn't say anything further here...

"Vista introduced some new security features, unfortunately they sucked."

Besides the UAC feature you mention, how do the other security features "suck"?

"UAC was a poorly designed failure that everyone turns off or ignores."

UAC is quite useful for ensuring that programmers quit designing apps to require to run as an administrator. That and I find that some folks at work actually have discovered potential problems on their PC before they got bad due to this feature.

"...every time you try to do something extremely dangerous like say, set your clock."

How many times do you have to set your clock? Yes, setting your clock incorrectly can wreak havoc on a domain if it stays that way. Ever tried logging into a domain with your clock set incorrectly? Even in workgroup or standalone environments, setting your clock incorrectly will cause havoc. Yes--you could say it is extremely dangerous (not kidding).

"Set up and used properly XP is just as safe as Vista is, and you don't have to go out and buy a brand new computer to run it."

Almost. For the most part you are correct, but UAC does offer protection against this particular vulnerability, for example. Then again, your example below shows us that the average home users will benifit greatly by the extra security that Vista has out-of-box, unlike XP's out-of-box security.

"If you're an idiot that runs without a firewall and AV program..."

"Idiots" usually buy PC's from the store, where either Windows' Firewall or a third-party firewall is already enabled. Even idiots run firewalls since they don't know how to disable them.

As for Antivirus programs, yes, idiots do learn how to uninstall them (or worse--delete the folder under Program files) or they simply refuse to upgrade them past the 60 day or however long of a trial they have, but at least UAC will initially prompt the idiots before a virus in RAM can get to their hard drive. If the idiots don't allow the access (as the users at my job found out), the virus in RAM may endlessly harrass them until you reboot (as it did the users at my job. I rebooted their machine and the virus was gone, it never got on their hdd due to UAC.) There's something that XP couldn't do.

"...opens email attachments, browses obvious malicious sites and runs content on them even when warned, downloads every "free flash game" some site offers you, well Vista isn't going to save you."

Well...no OS can save you from yourself. I can download and install a trojan if I looked for one. All I'd have to do is disable my antivirus, ignore a few prompts, and I'm in business. That's true with every OS out there, cheif.

"The tech that you pay to clean all that crap off your computer every three weeks will."

Okay...

Score: 0

By yountmj

posted Dec 14, 2007 - 11:44 PM

We all ultimately have Symantec and others like them who had a problem with PatchGuard to thank for this. Who knows whether or not this would even be an issue had others not interfered with Microsoft's decision a year ago to implement PatchGuard the way they wanted to? My guess is 'no'.

PatchGuard was definitely a major step in the right direction, and Microsoft was perfectly justified in implementing it the way they saw fit... without modifications.

But no... Symantec et al cried foul when they felt their profits being threatened. Microsoft's security problems over the years have been one of their most heavily criticized areas. Vista has been their best offering to date in that regard... a major improvement in security compared with previous versions (including Windows Server 2000/2003).

I have utter disdain and no sympathy for companies like Symantec that practically base their entire business model on the shortcomings of another company's product.

Score: 0

By mjm01010101

posted Dec 15, 2007 - 1:58 PM

No sympathy for Microsoft. They put themselves in this position since they are a confirmed monopoly. All they had to do in the first place was not be a monopoly, and people wouldn't get on their case when they implement tactics that shut others out of the market.

Again: ultimately Microsoft is the cause of it's own demise.

Score: 0

By Avion Airplane

posted Dec 15, 2007 - 8:01 PM

So as my Grandfather like to tell me

"You Can Do Better ?"

Score: 0

By yountmj

edited Dec 15, 2007 - 4:06 PM

Are you actually serious? Monopoly or not, it has nothing to do with the main point.

Microsoft has been immensely criticized for their supposed blatant disregard for security in their operating systems in the past. They try to change their security model with Vista, and who's the first on the front lines screaming about unfair business practices? Most of the major security vendors who stand to lose millions because their products aren't as necessary as they once were... products that would never have been necessary in the first place had Microsoft implemented proper security measures from the start.

Unix- and BSD-based operating systems and Linux variants are practically built from the ground up with security in mind. You don't hear security vendors crying foul because they never got a chance to provide products for those systems. So yes, in a way, this is a monster that Microsoft has created, but not because of monopolistic business practices.

The point still stands. Boo hoo for security vendors who have relied on poorly implemented security features of Microsoft's products in the past to become successful. Hopefully one day Microsoft will finally get it right, and there will no longer be a need for extremely invasive and resource-consuming bloatware products from the likes of Symantec anymore. They were certainly headed in the right direction until they met with resistance from those who stood to lose the most.

Score: 0

By mjm01010101

posted Dec 15, 2007 - 9:18 PM

Monopoly has everything to do with it. Microsoft cannot afford to enter into another case rgarding monopoly status here in the states. Symantec and other security vendors cried foul, I might add somewhat legitimately. If you can't have third parties checking the security of the operating system you really are in a lurch.

For once I sided with Symantec. Had Symantec lost and we had a patchguard that didn't allow audits of the OS, we'd have a broken OS security wise. Right now it's a small price to pay.

Score: 0

By yountmj

edited Dec 16, 2007 - 10:15 AM

I'm sorry, but I guess I completely fail to understand how you consider that monopolistic. They are doing what they think is best to protect the most vital part of Windows.

This is not the same as Microsoft choosing to include a web browser or media player in their operating system. It's about preventing unauthorized modifications to their kernel.

Other security suite providers did not seem to have a problem with their products. However, as bloated as Symantec's products are, it's no wonder they complained. Rewriting that much code would be no easy feat, I'm sure. Again... boo hoo. Incidentally, Symantec doesn't seem to have a problem with the corporate versions of their anti-virus software on 64-bit versions of Windows Server 2003 and XP Professional, where kernel patch protection was implemented before Vista.

Microsoft was perfectly willing to help those vendors develop safe methods of working with kernel patch protection (documented APIs as opposed to undocumented hooks). There are plenty of other anti-virus products that work perfectly fine without having to introduce anomalies in the kernel and drag performance and reliability into the mud.

Patching an already complex kernel with third-party complex code has already been proven in the past to be a security risk. Microsoft was and still is right to insist on their way or the highway with regards to their code.

Score: 0

By mjm01010101

posted Dec 16, 2007 - 11:43 AM

Tell that to the Euro's, who are fining Microsoft for being a monopoly and not opening their code.

They are a confirmed monopoly, they lost their rights when they lost their case. I suppose you fail to see that Microsoft is to blame for its own label of a Monopoly, and a Monopoly is why they lose the right to make any change they wish to their OS.

Trust me, Microsoft has to walk a fine line with EVERY feature they put into their OS. Symantec isn't alone here.

Score: 0

By yountmj

posted Dec 16, 2007 - 3:13 PM

Look, I understand what you're trying to say, but I still do not believe that applies in this particular scenario. I'm not oblivious to their past legal troubles, especially with the EU. I simply think this is a different matter altogether.

Microsoft owns the code, plain and simple. They didn't just decide to disallow any anti-virus solution except for theirs to run. They simply changed the way in which anti-virus software is allowed to integrate with the rest of the OS. That's all.

If Symantec is unwilling to accept Microsoft's help in facilitating that, then that is not Microsoft's problem. Microsoft is simply trying to ensure the best chance for stability and reliability by blocking unauthorized kernel patching. They have never supported this method, and they finally took active steps to try to prevent it. No matter how much others may disagree with it, there is no wrong-doing in that action. Low-level kernel patching has been the major causes of 'blue screen' errors in the past. So far, with Vista (or XP Pro x64 for that matter), I have seen none.

Like I said, other security vendors develop anti-virus suites that coexist happily with kernel patch protection using documented methods through a supported API, and are quite effective... more so than Symantec's products. I believe Symantec became complacent and was simply whining about having to rewrite that much code.

Beyond that, I suppose I'll agree to disagree on this area. I've always respected your comments and opinions in the past, and see no reason to stop now. Sorry for another long-winded response. I'm done. :)

Score: 0

By horsecharles

posted Dec 15, 2007 - 3:05 PM

MS is only liable for listening to a bufoon company like Symantec-- i'd let Symantec rot in hell.

Score: 0

By godofthunder

edited Dec 16, 2007 - 5:23 AM

@ terminalx

>"You truly are an idiot,"
Congratulations, you just branded yourself hypocrit.

>"it was symantec's fault not MS. "
FALSE, go read up.

"It took 2 1/2 to 3 years to create Vista. "
FALSE, go read up.

Score: 0

By terminalx

edited Dec 16, 2007 - 8:08 PM

ROFL!

You edited your entire post, thanks for proving my point that you are an idiot you had to go and hide it. Nice.

lets start with your first accusations

False, go read up.....reading

Last February, PatchGuard was theoretically defeated, using methodology made public by, ironically, Symantec.

Who's fault again?

It took 2 1/2 to 3 years to create Vista (the first version was scrapped and redone.) if you are going to quote me at least get the entire quote, doing so though invalidates your comment.

False, go read up

as stated below and is common knowledge that the first version of Vista was scrapped, hence it didn't take the current version of what we call Vista 6 years, your original reply was 10 years which makes it even further off.

Score: 0

By yountmj

edited Dec 16, 2007 - 11:29 AM

Instead of replying to him, you edit your entire original post as your reply?

I believe the 'idiot' remark applies in this case.

By the way, Vista (in its current form) only took approximately 3 years to develop (not 10, as you originally and falsely stated). Development originally started in 2001 and was supposed to be based on Windows XP code. In 2004, development was scrapped entirely, and was restarted from the ground up based on Windows Server 2003 code.

This is 2007. Do the math, Professor.

Score: 0

By terminalx

posted Dec 15, 2007 - 7:10 AM

You truly are an idiot, an experienced company symantec? ROFL, their software is a joke and their detection rate is even worse.

They were the ones initially to release code on how to break it, so it was symantec's fault not MS.

It took 2 1/2 to 3 years to create Vista. (the first version was scrapped and redone.)

Score: 0

By horsecharles

posted Dec 15, 2007 - 3:09 PM

Agreed. Norton was beautiful up to win95, then slowly commenced declining with 98...the descent picking up ever more steam w/ each subsequent Win release.

Score: 0

By Program86

posted Dec 14, 2007 - 4:26 PM

same old, same old sad story. Its just too damn funny.

Score: 0

By computershack

posted Dec 15, 2007 - 7:19 PM

Indeed.

Morons complain about Vista not being secure yet are too stupid to realise that it's because they want to keep using their crappy ancient software which is the reason why the security problems exist.

Other morons complain about Vista being slower than XP but run XP even though Win98 was faster than XP, Win95 is faster than Win98 and DOS is the fastest of the lot. Funny how non of this group are posting from computers running DOS as the OS.

Score: 0

By ingram091

posted Dec 16, 2007 - 5:23 AM

Yea when your ready to fork over over $400,000 for upgradea to a corporate system in a company with less then 150 employees. Then we will talk... Sorry, No reason to upgrade to sharepoint, Vista Business, and Office 2007, when Windows 2003 server, Windows XP Pro , and Office 2003 Enterprise has been working without flaw for years. Proper policy and security management ensure that, NOT unneeded upgrades that blow your budgets for the next 3 to 4 years to come.

Indeed another client has windows 2000 Adv Server, with over 60 Windows 2000 terminals, and office XP pro, and exchange 2000 ... They are more then happy to stay with that for several years as there is nothing wrong with it at all. They indeed have never had a problem on it once. Even after the minor Timezone DLST fiasco... Which was the biggest cry wolf thing there was for that client. Can you say y2k farce part duex? After all it was a simple registry patch and problem solved. Something MS was unwilling to do even once paid for support to do it. Because they insisted they HAD to upgrade their system to Vista, which was a flat out lie.

Thankfully there are technet people that do still support those systems for the community even if it is unofficially like with intelliadmin. Why MS keeps trying to push OSes on companies that have NO reason to break something that's been working for years for them, I will NEVER understand. Its not like the corporate world wants or needs all the vista bling and bedazzlement... they just need a stable OS environment that can be customized to the Corporations needs as effectively as possible while maintaining their corporate privacy and security.

Is it any wonder that the US government has a mandate in place stating that Vista is NOT to be installed on any government sensitive computer? Humm could it be the CIA FBI NSA SAC and so forth does not like the idea of MS looking into the system processes and reporting back to MS every few mins any more than the consumers do? Or that with a touch of a button MS can decrypt anything encrypted with bitlocker technology in a Vista machine from a remote location? That's the main reason for the moratorium of Vista, at least with other encryption Knowingly in place and not relying on bitlocker technology, a machine is more secure. But since many of the better encryption systems are not compatible with the Vista kernel, well there is just no reason to go to it is there?

Score: 0

By alphatrigon

posted Dec 14, 2007 - 3:05 PM

i use Vista and love it.
Symantec used to complain a whole lot because of Vistas inate harder to affect structure, guess they worked hard at trying to hack it. Now since you are happy symantec, go back to creating some decent software...namely unbloated anti-virus programs that aren't actually more harmful than many virii out there.

Score: 0

By frankwick

posted Dec 14, 2007 - 3:14 PM

Agreed. I have lost all respect for Symantec (I despise Norton and I also use their Enterprise Vault software at work -- garbage). When they started pushing MS to make it "less secure" it made them appear like a desperate company.

Over a year ago, Symantec was arguing that since Vista was more secure, and had built it security controls, it would limit consumer choice. What kind of backwards argument is that??!?!

Score: 0

By bourgeoisdude

posted Dec 14, 2007 - 2:43 PM

"Precise details of this latest vulnerability have not been released by either Microsoft or SkyRecon...security engineers who have communicated with SkyRecon report the problem involves the Advanced Local Procedure Call (ALPC) system, which was updated for Vista to take advantage of the new kernel setup."

Microsoft explains that much:

http://www.microsoft.com.../bulletin/MS07-066.mspx

Score: 0

By Digitalfox

edited Dec 14, 2007 - 2:11 PM

Well here's my opinion...

I use XP SP2 right now in all my personal PC's and laptop..

I was one of those crazy beta testers for vista since beta 1 and gave a lot of feedback..

And so i actually was liking the way vista was going in beta stage, but then RC and lot's of stuff were broken and microsft always told us beta testers it's " By design ", and that was crap, they were just rushing vista to release by the end of the year..

So what i actually feel like a good OS became a bad release, and yes in that part is just like ME, releasing before real completion.. Now don't get me wrong after SP1 i'm sure it will fix a lot of stuff that was broken because of " By design ", but bad press was given in RTM because of that and vista may never recover of that rush to release an unfinished product..

Also i want windows 7, why? Because it's been controled by the same guy who oriented office 2007, and i feel will probably be the best OS Microsoft has ever released, unless ofcourse the bug " By design " appears again :)

Score: 0

By mjm01010101

posted Dec 14, 2007 - 2:30 PM

I did about the same. Beta tested the RC of Vista, hated it immediately and put it away thinking this was nowhere near being ready.

Tried the gold release in late february of '07, found activation completely FUBAR (I eval for rest of company, ) and decided to wait until SP1 was out.

It wasn't until October where I felt Vista was really at RC levels. I will once again test SP1 for my company, and if it isn't ready, I'll wait another 6 months before deployment. There is no rush. XP has near 100% reliability for us as a company, there is little reason to damage our uptime levels just because Microsoft has a new OS. We run a business, not a beta test company, and we need our OS's to be reliable first, features are a distant second.

I'm not saying we're jumping ship to another OS like ubuntu or OSX, but we've yet to see the maturity and stability compared to XP from ANY vendor, save Red Hat, and after running the numbers red hat was NOT cheap.

Score: 0

By horsecharles

posted Dec 15, 2007 - 3:15 PM

I would recommend SP1 as an improvement-- although the update process can be buggy & glacially slow...once past that though, it's smooth sailing. However, xp will still be way faster. In your shoes, i'd prefer trying Ubuntu in 64bit mode first.

Score: 0

By ingram091

edited Dec 14, 2007 - 2:09 PM

Its not just MS. No OS is ever fully secure. If it connects to the internet in any form, its subject to insecurity. Its just MS is the favorate Target as its business practices are so much hated world wide. Trust me if the tides turned and it was Apple on top market share wise they too would be the key targets... As it stands now the most secure systems are older ones. Cause they are not targets of NEW exploits... namely many companies are very happy with Windows 2000 because no one launches nation wide hacks against that aging OS anymore, and all the old stuff is already patched up and secure.

However I stand by my statement. Its not necessarily MS that is not making a secure product. I think ANY company that makes an OS that has a lot of people that HATE them is going to have a big bullseye on their source code for people to shoot holes into. Its just the way it is...

A secure computer is one that never touches the internet. Always will be the case.

A close second is a government practice of using the internet through secured virtual OS installations. So no machine is ever directly connected to the internet, only a virtual image mounted to an intranet that can easily be wiped and re imaged in a few mins time and never has anythign of consequence on it to begin with.

Score: 0

By amroliwala

posted Dec 14, 2007 - 1:28 PM

I don't think any OS from Microsoft will be decently secure until legacy services and support is removed.
It's unfortunate that it won't happen, but I think at some point Windows has to start anew with support for only new hardware and software.

Score: 0

By Terry60

edited Dec 15, 2007 - 1:11 PM

"It's unfortunate that it won't happen, but I think at some point Windows has to start anew with support for only new hardware and software."

What world do you live in ?
When I upgrade my Hardware and/or OS, I want EVERYTHING I do to keep working, not start again from scratch reinventing the wheel.
That's my chief complaint with Vista (I'm having to dual boot with XP) because so much of my carefully tailored, finely honed, routine work, loses functionality, fails to run, hangs the system, or simply won't install on V64. (eg 16 bit installers for 32 bit software - how difficult can it be for MS to let a 16 bit installer run for 1 minute instead of writing a routine to tell you it's not going to run it?).

"The customer is always right"

It's MS's job to provide seamless improvement, not tell the world "You'll have to do it like this from now on".
I've invested a great deal of money, and more importantly time, in developing the ways and means of carrying out the tasks for which my PC is essential.
I don't want to start all over again at the whim of someone else.
(and don't tell me to stick with W95/ME/XP or whatever when the same people who foist semi-complete new OSs on us, can also kill support for the alternatives - I'm still convinced that the last ever WUD for ME crippled it, forcing a switch to XP, but at least all my own stuff ran on both of those)

Score: 0

By Banquo

posted Dec 14, 2007 - 1:31 PM

At the moment Windows 7 appears to be on that road. Whether or not they follow through with it remains to be seen. They don't have a very good track record for doing so.

Score: 0

By frankwick

posted Dec 14, 2007 - 3:17 PM

The legacy support is for corps, not really individuals. They must do it to keep their largest customers ($$$) happy. The best bet for MS is to create Win 7 new, and run legacy support in a virtual instance of XP/Vista. The hardware will be more than sufficient to do this when Win7 ships. The virtual instance will be transparent to the user and should startup/shutdown as needed.

Score: 0

By Banquo

posted Dec 15, 2007 - 3:08 PM

Yeah, I meant the virtual instances. Should have made that clear. I've been reading that is what they may be doing and I think it's the best way to go. Certainly worked for Apple.

Score: 0

By NULLedge

posted Dec 14, 2007 - 1:01 PM

layers upon layers

Score: 0

By kappen

posted Dec 14, 2007 - 12:47 PM

I'd be interested in knowing if the issue symantic made public came from the code they whined and whined about microsoft not giving them on how to attached their bloatware deeper into the kernel. which finally made Microsoft give in and hand over. Symantic is the most useless softare company.

Score: 0

By DJInsomniac

posted Dec 14, 2007 - 12:37 PM

So there's a flaw in Vista that makes it as vulnerable as XP is right now, and you say you'll stick with XP.

I love the way you guys think - ME for the 21st Century. What was XP then? ME Pt. 2?

Your all spitting the same bulls*** people did when XP came out, look at it now. No one wanted to touch it back then, no one wants to leave it now.

Score: 0

By Banquo

posted Dec 14, 2007 - 1:30 PM

One of the primary reasons Vista was supposed to have been better was it's security. Take that away and I see far more disadvantages to Vista than advantages. XP may not be any more secure but security being equal I'd take XP any day of the week. That is my opinion so if you're planning on trying to tell me that my opinion is wrong you should just stop now and not waste your time.

Oh and for your information I loved XP from the day it was released so don't try that BS argument about what people said when it came out.

Score: 0

By DJInsomniac

posted Dec 14, 2007 - 11:16 PM

I didn't narrow you down, did I?

Vista is more secure than XP. Doesn't matter what you say, or the fact they're finding exploits. Yeah, it happens. It always will, nothing is perfect. Just thank Microsoft for filling the holes.

Score: 0

By Banquo

edited Dec 15, 2007 - 3:26 PM

"Vista is more secure than XP. Doesn't matter what you say"

In other words you're going to stick your fingers in your ears and go Na Na Na!

The security features Vista added have already been exploited and will be again. Neither OS is really secure in the hands of one who doesn't know what they're doing.

I've had XP since it was released, and I've never been infected, hacked, or killed by it. So forgive me if I don't pony up the money for a more (IMO) bloated, ugly and poorly designed hardware hog that really give me no benefits at all.

Score: 0

By DJInsomniac

posted Dec 15, 2007 - 8:57 PM

Hey, I haven't upgraded either. I've yet to be attacked, but it's nothing to do with the OS itself. That's just because I'm safe about what I do on the net. Plus, it is ugly and bloated. But the general community need a more secure system, they aren't net nerds.

Vista has security features that haven't been exploited, and the overall process to hack Vista is tougher. XP is fine and dandy, but it's a bit more open than Vista because hackers know the system.

XP is updating, patching holes, what have you; on both. But that doesn't mean XP is at Vista's standard in overall security.

Score: 0

By horsecharles

posted Dec 15, 2007 - 3:17 PM

What do you expect from someone who claims nothing was wrong with XP initially?

Score: 0

By NULLedge

posted Dec 14, 2007 - 1:04 PM

reminds me of that scene in 300 where they're pushing the persians off the cliff, except in this case the spartans are microsoft and the persians are their customers. ADOPT OR DIE. :)

it may not be accurate but it's a fun visual, plus i love 300. ;)

Score: 0

By Aires

edited Dec 14, 2007 - 12:30 PM

Do you know what kiss Vista goodbye - it's Me for the 21st century. Start designing the follow-up os now, because until that's released - I'm sticking with XP.

Score: 0

By lvthunder

posted Dec 14, 2007 - 1:31 PM

Do you really think they are not developing the next OS. They started that the day after Vista was out the door.

Score: 0

By bourgeoisdude

posted Dec 16, 2007 - 1:48 AM

Actually it started before Vista was even at beta...initially the OS we now know as Vista was going to have that future WinFS file system and such, remember?

Score: 0

By Metshrine

posted Dec 14, 2007 - 12:45 PM

Yes, because XP has just as many, if not more, vulnerabilities than vista

Score: 0

By sjc001

posted Dec 14, 2007 - 1:35 PM

And they are plugged, though. What has both Vista and XP beat for security is Linux. Of course it isn't perfect, but it doesn't have to be.

Score: 0

By Banquo

edited Dec 15, 2007 - 3:29 PM

Exactly, people act like Microsoft has stopped updating XP since Vista came out. If an XP vulnerability is found it's patched. I've heard all the "Vista is more secure" marketing since it was announced, and that's all it was. Marketing.

Score: 0

By dizzy_davidh

posted Dec 14, 2007 - 12:15 PM

Yet another reason I'll be sticking with XP for a while longer!

Score: 0

By HBX

edited Dec 14, 2007 - 1:27 PM

yet another reason to see more security improvements in Vista SP1, probably even more security implemented into the kernel upgrade when sp1 hits rtm, instead of making stupid comments lets all thank the computer security companies that find these exploits and make them public to microsoft and other companies. Security in general this day in age is crutial, especially for Windows which has a large userbase.

Score: 0

By THZGryphon

posted Dec 14, 2007 - 1:37 PM

Yeah, it is more secure than Vista....

Score: 0

By RussellLive

edited Dec 14, 2007 - 2:23 PM

Really makes me angry to read such pro-linux publicity. I would not run linux. I am running Vista with SP1 and it is fine, no problems, and no security breaches, as I have much antivirus and antispyware nets.

Score: 0

By bourgeoisdude

posted Dec 14, 2007 - 2:45 PM

You're using SP1? Really?

Score: 0

By HBX

posted Dec 14, 2007 - 2:59 PM

im running sp1 and I agree its a substantial improvement across the board, everything seems much more quicker, and transitions are faster within vista. I've also tested sp3 for xp and i can tell you this i dont know where Devil Mountain got there numbers but i've test both sp1 and sp3 against each other on the same hardware and sorry to say it but Devil Mountain is spreading FUD, not only that i've seen more crashes 10 in total with sp3 than the 1 i got in sp1 which i'll add was due to a driver not loading at boot, which was a known issue in the newsgroups and was fixed, if you ask me Microsoft should DROP SP3 FOR XP, and piss off everyone and push Vista forward, and if ppl dont like it too bad. And if your still on ancient technology trying to run an updated operating system then look elsewhere for your operating system needs theres unix/linux, but dont start crying about your going with xp over vista and thinking xp is better, cause its not. Overall Microsoft knows and has something up its sleeve like always and i think there gonna do the right thing.

Score: 0

By horsecharles

posted Dec 15, 2007 - 3:20 PM

However, XP sp2 is way faster than any Vista release.

MS should go to 64bit exclusively & just tell everyone to piss off.

Score: 0

By computershack

edited Dec 15, 2007 - 7:13 PM

Windows 98 is faster than XP. Win95 is faster than Win98. DOS is faster than them all.

So if speed is the issue, why aren't you using DOS?

d***heads who come out with "XP is faster than Vista" comments are stupid ****s.

MS won't go fully 64bit as long as arseholes like Terry60 still want their ancient crap to work. Terry60 and his fellow arseholes b**** about the security in Vista yet can't see that it's their attitude that's the main reason MS weren't able to produce the OS they wanted.

Score: 0

By Banquo

edited Dec 16, 2007 - 3:45 AM

Yes DOS is faster than Windows but what about functionality? Going from XP to Vista can hardly be compared to going from DOS to Windows. When I see something I can do in Vista that I can't do in XP let me know, until then there is no reason at all to spend money switching to a much slower (and imo poorly designed) OS.

Not even going to bother replying to the rest of your post since it's just a bunch of childish idiotic swearing.

Score: 0

By Terry60

edited Dec 15, 2007 - 9:57 PM

Thanks for the constructive criticism shack - shame you couldn't learn how to post it in the right place, but foul-mouthed people are generally too cowardly for direct confrontation, or maybe your PC is just a toy you haven't learned to use yet.
I never said anything about the relative speed of any of the current or legacy operating systems. My comment was merely concerned with forward and backward compatibility - A basic piece of business good-practice.
As for my "ancient" crap. One example is brand new "out of the box" Adobe Premiere Video Editor bundled with the brand new PCI express graphics card on my brand new dual core 64 bit system, which hangs Vista in a page-thrashing frenzy taking task manager 30 minutes to intercept, but works fine on the XP partition.
I didn't complain about Vista security either, I quite like Vista when it's working, I just don't like the fact that it has such compatibility problems.
Why on earth do you feel threatened by my expectation that my Oxford English Dictionary 32 bit software should continue to run on my latest system ? The language is dynamic, but not to the extent that we need to buy new dictionaries every year.
I shouldn't need to buy a product twice just because MS can't be bothered to deal with 16 bit installers.
I don't think my attitude is responsible for their failures.
Your attitude, in putting up with the second-rate as if it were gold plated, is perhaps responsible for why they keep producing it

Score: 0

Aug 19 - 7:26 PM ET Palm's magic act makes Treo Pro 850 appear, disappear

Aug 19 - 7:18 PM ET Pandora: Last gasp for Internet radio can't be further prolonged

Aug 19 - 5:48 PM ET Has Firefox 3 certificate handling become too 'scary?'

Aug 19 - 3:35 PM ET Apple gives MobileMe subscribers more free time

Aug 19 - 3:23 PM ET Microsoft supports Blu-ray mastering in Windows; is Xbox next?

Aug 19 - 3:23 PM ET Japan says iPod nanos may pose overheating risk

Aug 19 - 1:49 PM ET Users to Microsoft: 'Just make Windows faster'

Aug 19 - 1:46 PM ET TSA-approved laptop bags: $220+

Aug 19 - 1:15 PM ET Apple releases iPhone 2.0.2 update, 3G problems remain

Aug 19 - 12:50 PM ET Google: Android-based HTC Dream may not be alone for long