Vista's vulnerabilities begin to surface

Vista's vulnerabilities begin to surface

Summary: The games have now officially begun in Windows Vista cracking Olympiad. According to a News.

SHARE:
TOPICS: Windows
8

The games have now officially begun in Windows Vista cracking Olympiad. According to a News.com story, the first examples are exploiting vulnerabilities in the command-line shell that will support Windows Server 2003 and XP as well as Vista platforms. [Updated 8/5/2005 @ 6:20 am: George Ou explains why this security issue is not a vulnerability, but an example of malicious code.] The exact roll-out of the command shell, code-named Monad, isn't clear yet, but it is slated to be part of next year's major Windows overhaul. The long beta cycle--at least a year--for Vista and related software will give Microsoft more opportunities to iron out the bugs as its programmers and hackers, which the company is befriending, beat on the code. The problem is that those with malicious intentions will also have more time to find the faults that could compromise software security. Granted, Vista code will be more secure than previous Windows generations, but "more secure" doesn't mean "secure," and at some point next year Microsoft will have to ship it to keep the money machine on track. It will be most interesting to see how disclosure of vulnerabilities in the Vista ecosystem are handled during this beta phase and what kind of problems surface. It will certainly be the most scrutinized piece of software ever to ship, no matter when that happens.

Topic: Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

8 comments
Log in or register to join the discussion
  • We've heard that before

    "Vista code will be more secure than previous Windows generations"

    Where have we heard that before??? Oh yes, they said the same thing about Windows XP and look what happened to that.
    JP70
  • Wrong to call it a vulnerability

    These are not remote exploits or buffer overflows. These are standard scripting features of the Vista operating system similar to Linux scripting.

    If I wrote a cmd script that said something to the effect of:

    delete all documents
    delete critical program files
    delete all registry keys

    That is not a vulnerability in the OS, that is a vulnerability in social engineering to be able to get someone to run that script. Fortunately, Vista will default to non-admin mode which will limit the damage of a script if a user fell in to the trap of running it.

    This is just like the incorrect reporting of the donut virus which was portrayed as a black eye against the Microsoft .NET framework. It was simply written using the .NET language which required the .NET framework runtime engine. It obviously didn?t go too far because most computers don?t have the runtime installed.
    george_ou
  • Define "vulnerabilities" please

    Please explain to me how these examples are vulnerabilities? Do these scripts some how escalate permissions, or do they simply do what they are allowed to do? If they don't circumvent security restrictions, then there is no vulnerability here - only malicious code.
    toadlife
  • Hackers please wait

    I call on all hackers to refuse to touch Windoze Riska - until it is deployed! Why help the evil empire by pointing out the flaws in its battle plans BEFORE it attacks? You know Iraqi militants, you should really place your IEDs under bridges, since you could destroy 2 routes of travel at once and possible being down the bridge on top of your enemy . . . I mean US. So STOP being so sloppy!
    Roger Ramjet
  • Windoze Vistux

    A CLI shell? For Windoze? The transformation of Windoze 9.x into UNIX is almost complete! I wonder what is left to copy?

    "Those who do not understand UNIX are doomed to reinvent it, poorly." -- Henry Spencer, Usenet signature, November 1987
    Roger Ramjet
  • Irresponsible...

    Typical for you to use the title: "Vista's vulnerabilities begin to surface" to try to spread FUD
    Da-Man
  • Sensationalist journalism

    Sure, pick on Windows again. Easy target, but Monad - the target of these exploits - isn't even shipping with Vista. It's a seperate product and still under development for heaven's sake. Are you suggesting that Microsoft products should be kept under wraps while being developed, so that nobody can hack them? No; one valid argument of the open source movement is that there's no security through obscurity. Let people pound on the beta code now and make it a better final product. But don't fall for cheap headlines like this article's; this has *nothing* to do with Vista.
    swrdfghtr
  • ZD Geeks Lack of Understanding

    It is apparent the editors at ZDNET either lack the understanding or ethics to report creditable accurate news.
    whatsup_z