Microsoft can't defend Windows Vista

Microsoft can't defend Windows Vista

Summary: Windows Defender for Vista has failed miserably when it comes to protecting users of Microsoft's latest operating system from a very basic attack.The penetration of Windows Vista is increasing but all the signs point to users of Microsoft's new OS facing a very scary few months when it comes to security issues.

TOPICS: Security, Malware

Windows Defender for Vista has failed miserably when it comes to protecting users of Microsoft's latest operating system from a very basic attack.

The penetration of Windows Vista is increasing but all the signs point to users of Microsoft's new OS facing a very scary few months when it comes to security issues.

Vista has only been on the shelves for about a month but big businesses have been playing with the final release since December 2006. Microsoft didn't find it necessary to patch the new operating system in its most recent batch of patches, which were issued last week.

However, the February patch Tuesday did fix a critical vulnerability in Windows Defender, which is a security tool that, according to Microsoft's Web site, is designed to protect Vista from "pop-ups, slow performance, and security threats caused by spyware and other unwanted software".

Because of the flaw in Defender, a specially crafted PDF document e-mailed to a users' PC could result in remote code execution as soon as that file is scanned by Microsoft's security tool.

According to a security bulletin published by Microsoft: "An attacker could exploit the vulnerability by constructing a specially crafted PDF File that could potentially allow remote code execution when the target computer system receives, and the Microsoft Malware Protection Engine scans, the PDF file".

The situation is likely to get a lot worse before it gets better.

Last December I was fortunate enough to have a lunch with David Perry from Trend Micro, who described a "sweet spot" for attacking Windows Vista, which will appear once there is a critical mass of Vista users but before Microsoft releases the first service pack.

According to various sources, SP1 for Vista will not arrive till the second half of this year.

This means that early adopters of Vista are likely to face a turbulent few months as newly discovered vulnerabilities are exploited in both the operating system and its applications.

Topics: Security, Malware

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Jesus Has Failed Us!!!

    You have just pointed out that a new product (from windows) has not been 100% perfect...big news! As we all know, windows is not known for the first time perfection. Anyone who knows anything about computers will probably obtain a copy of vista in about 6 month from now after all the non-tech people are purchased and been screwed by those of us who feel the need to destroy the sanity of other, you know who you are.

    Instead of almost every website posting information about vista being about how bad and unreliable it is, why not look into the good points of it? The actual functionality of Vista is quite remarkable. Yes, it does have a few down points, but what doesnt on first release?

    So, yes, there are a few bad points in vista at the moment, and alot of people might see this as a reason not to get any microsoft product. Their loss. After trying the "other" major OS's I have again returned to windows for its reliability, its customer server (slow but effective and correct) and their all around performance in updating. Opposed to few hundred nerds swearing at eachother on forums trying to prove that Linux/Mac has better features.

    So go ahead, use linux or max os x and use an inferior product. Just leaves more copies of vista for those who want a much better overall product.
  • Good idea

    You know what, I WILL use an "inferior" OS like Mac or Linux. I've been using windows XP for a while now and I like it, but I even with a free upgrade to Vista I refuse to move over. There are several key points in Vista that make me not want to ever mover over to it.

    1) DRMs. Plain and simple, I don't want DRM, I don't like DRM, and I will use software that doesn't support. For Microsoft Biggots out there, I don't use Windows Media Player and I make sure all my music is encoded using a freeware tool. I do not use the standard firewall that comes with Windows. On a positive note: I use notepad and wordpad because they still work well and don't send my information out to Microsoft every time I open them.
    2) The EULA - Because Microsoft changed the licensing a bit was good, but it scared me from moving. Many businesses have issued corporate statements: "Don't upgrade to Windows Vista".
    3) I remember that XP wasn't that bad when it first came out. In fact, it was pretty stable with just a few problems people had to deal with.
    4) I'm scared to use Vista based off the "We are more secure" statements they keep putting out. They invite hackers to test the waters.
    5) I can't stand the MPAA or organizations like it. Since Windows invited them in the front door, I've already migrated my work systems over to Linux completely. I'm getting used to the Linux system and find it more flexible. There are problems with it still, but I don't feel like they are making off with my information.
    6) Windows is great for games, but Vista is so computer intensive (once again thanks to DRM "innovations") that I really am only going to buy games for my gaming console instead of the PC.

    Final point, you can live with Vista and its problems. I'm sure you'll be happy with them. I'm not because it doesn't work for me anymore.
  • DRM/MPAA phobia

    I think it's funny that the biggest complaint/fear/phobia on here is that DRM's might interfere with gratuitous hacking, stealing, and ripping, and MPAA's might keep kids from watching porn, chatting with adults, viewing R movies, etc etc. Then in the very next paragraph this very same phobic poster will gaily state he has no problem at all buying a console, buying games for that console and other media for that console. Think about that will you? The latest consoles are all DRM'd and MPAA'd to death!!! Let me repeat, your PS3, XBOX 360, Nintendo WII all have DRMS and MPAAs, and they are much much tougher to crack than anything in VISTA. Sooooooo...what the ___ is your problem???!! If you'll be legit with consoles, do you have any excuse but to be legit with computers too??? And also...last I checked, you can STILL rip your little heart away or download your soul away in Vista just the same as you could in XP. And what's this crud about MPAA? What's that concern? Parental Controls? You're afraid of Parantal Controls!? Are you kidding me? Now if your mommy has set parental controls on you so you can't watch porn, awww, you poor thing. About time she started being a parent. Smart actually, might keep you (and subsequently her by way of responsibility for you) out of jail and out of court. Hey you might want to remind her that there are parental controls on your console too, eh?
  • Your mouth is flapping, sir..

    I think you might want to know that your mouth is officially overriding your sense of credibility. One cannot "MPAA" games to death. Personally, to change the topic of exclusively DRM to other points, let me say this:
    Microsoft is very good about keeping their interfaces simplistic, for which I give them credit where credit is due. Not everyone can use either linux or mac. Not everyone needs to drive the same type of car if they don't want to. That being said, I shifted to linux primarily because the known malware list for it is several orders of magnitude smaller in size than that of any windows OS. Plus, I like getting my hands dirty in the shell. I am not a sweaty nerd, nor totally obsessed with DRM (although it is approaching orwellian proportions in the media). As for my games, I'm going to happily sit back and play quake 4 natively on my linux box. Y'all have fun getting sweaty by arguing and yelling at each other.
  • You really need to do some reading...

    on Vista's DRM scheme.

    MS made Vista capable of degrading the quality of video or audio output if the OS believes that you don't have the right to view/listen to the audio at its highest quality. That means that every piece of music I ripped to lossless format on Mac, I can not move to a Vista PC because there is the possibility that Vista will convert it to a lossy format - with no way for me to prove I have the right to have the content in that format.

    So instead of posting an uneducated and insulting rant towards another user, why don't you spend some time educating yourself about how Vista screws people who want to use high end audio or video equipment with their PC.
  • Insanity

    Are you completely insane? What crap is this about Vista degrading audio quality?! If the operating system detects that VIDEO not AUDIO is from a source which is incompatible or untrusted then it will downgrade the quality and I have tested it and found the quality to be no less impressive than a DVD movie so I don't know what you are complaining about. You are a typical Mac user who is completely ignorant to anything else than your own sense of self satisfaction and overwhelming smugness. Oh I'm sorry what would I know; I'm a boring, geeky, overweight businessman with a thinning hair line. Are you one of the Mac users who thinks (inaccurately) that only powerful Macs are capable of exporting high quality video and audio? Because I have been using XP and now Vista for a while and have found both to be equally as capable as OSX or Tiger or whatever you use. Yes I am in contact with Macs and PC's on a daily basis and I seriously don't know how people justify using a Mac (I am forced to use one). Why do I say this? They are incredibly sluggish when running on a server, they will simply quit programs occasionaly without even telling you what the problem is, you have to spend up to $100 buying a stupid two button mouse with a...wait for it...mouse wheel *gasp* and if there is a problem with your Mac which your precious help system can't solve then you have to pay close to what you paid for your Mac to get a technician to come and open her up then most likely you would just have to replace it anyway
  • If I decide to buy a cross will you supply the nails

    Your commentary is no better than MS's BS. I get the feeling you have little knowledge of MS's business and marketing schemes. If you did and you aren't connected to MS, then you are either heavily invested with MS stock or you are as naive as a woodpecker looking for night crawlers in a tree. Leaves more copies of Vista ? Are you mentally relieved of your senses ? I get the impression you are either a candidate for the basket weaving committee or too ignorant or immature to know the difference between MS BS or HS. Justify your claims with facts or leave your intelligence with the commentary at down points which don't need any further releasing. Windows has never been perfect before, during or after final support from your buddies in Redmond. They are interested in one thing and this you can't take to the bank as you left it with these miserable excuses for exploiting the publc
    as well as the business's doing business with MS. Mac's new Leopard OSx is something that begins where your Vista left off. Wait for the reviews and let's see where Vista is but you may have to wait for the dust to clear
  • Are you...?

    Some of these positive replies about Vista makes me wonder if these folks are using the same Vista I'm using. Since getting Vista Home Premium...

    1) it won't update itself (keep getting an error code when trying, and the various fixes by MS don't help.)

    2) it crashes randomly, and 1/2 the time won't give a reason why (IE: just locks up).

    3) I've had to use the cd to "repair" it about 6 times now (over the course of a week..IE: about every day) when it wouldn't even get to the boot-loading progress bar. Only one of those times did the repair actually find something to repair. The other times, it just told me to unplug any new hardware. I'd reboot, and it did something unknown, because suddenly it'd boot up.

    3) it crashed once when I was just trying to type in my login password (IE: start typing...system locks up).

    4) it crashed mid-installation of some programs, which hosed up the registry hive.

    5) On occasions when it crashes a program w/o totally locking up, it insults you by asking it you want to seek help. You click "ok", and it returns the software company's web-site without further info except "go ask them". Well, duh...that's pretty obvious. It insults you further by saying "if this program continues to not work in Vista, you can always uninstall it". We're not talking about some third-rate, hackish program here, we're talking Half-Life 2. Valve makes quality software. It seems half-assed that MS designed Vista to pass the buck when a problem occurs. ("Oh, no, it can't be the OS...". Yes, it can, and it is.)

    6) Vista has made adminning the computer a real pain, since admin-mode isn't really true admin mode. There are still system files that have a "higher authority" than your admin clearance, thus you have to fight to get control of them. Namely stupid services like Windows Media Player applet (ehtray.exe) that you try to switch off, but it respawns itself. It's such a pain sifting through tons of menus to figure out how to control (or get control) of these things. And the UAC is constantly harping at you to be doubly-sure you want to do what you'd really like to do. So, they've made it annoying for me to admin my machine, but a virus can still sneak in through Windows Defender. Brilliant.

    7) The usability sucks. Used to be only a couple ways to get to things in XP. In Vista, they've focused so much on making it like surfing the web when you're trying to tweak things, it's annoying. The context menus are sometimes misleading and annoying (read as "don't show the options you thought they would"). Once again they renamed stuff so you have to figure out where stuff is again (EG: "add/remove programs" is now called "programs and features"). They have a lot of crap turned on by default (EG: all the services to use Windows Media Player as a DVR / TV program...who gives a crap. That should be an optional tweak requested in setup, not a mandatory install). It's just annoying at how overly complex they've made it in, ironically, an attempt to make it "user friendly".

    People keep harping on if Linux is ready for the Desktop. Heck, compared to Vista, yes it is. Vista needs a few more months in the oven to bake out the rest of the issues.