Security flaws spotted in Microsoft's Windows Vista
Windows Vista, Microsoft's latest OS, apparently isn't living up to the hype that the company has created around it. Microsoft has claimed that the new operating system is the company's most secure ever, but already, even before the January 29th consumer launch date, security flaws have been detected by computer security experts in the United States and Russia.
The most serious flaw involves a faulty piece of software underlying Internet Explorer 7 that could allow hackers to take over any computers that visit a rogue website set up to exploit the flaw. "Web users could potentially become infected simply by visiting a site designed to exploit the flaw," Alexander Sotirov, senior security researcher at Determina said. "It allows any web site you visit to gain control of your browser, execute code on your system and take control." Reportedly, the malicious code can also be executed on Firefox.
Another security breach centers on code that allows users to upgrade their privileges on a computer, potentially allowing them to install unauthorized programs. That could occur if someone is actually sitting in front of the PC or otherwise gets the computer's owner to install rogue software, said Mikko Hypponen, chief research officer for Finnish security research company F-Secure Corp.
"The bottom line is you couldn't use a vulnerability like this to write a worm or hack a Vista system remotely," Hypponen said Tuesday, as quoted by AP. "It only has historical significance in that it's the first reported vulnerability that also affects Vista. It's a nonevent in other ways."
In a posting on its website, Microsoft said it was aware of the vulnerabilities but believed that there was only a low probability that they would be exploited.
"Currently we have not observed any public exploitation or attack activity regarding this issue," wrote Mike Reavey, operations manager of the Microsoft Security Response Center. "While I know this is a vulnerability that impacts Windows Vista, I still have every confidence that Windows Vista is our most secure platform to date."
It was reported that the computer industry is taking a "wait-and-see" attitude before deciding whether or not security would be a long-term problem with Vista. At the same time, some security experts said they expect to see bugs cropping up for the next six months. Most security researchers believe a complex product like Vista can never be error-free.
Past experience with Windows 2000 and Windows XP (if I think well, even with Windows NT) indicates that Microsoft's operating systems were reliable enough only after the second Service Pack. That's at least two years away for Vista. However, other operating systems, generally considered much more reliable, such as Linux, have had problems with security too.
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home