![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
We've been yearing for years now about Windows Vista, formerly called Longhorn, and how it's going to be so much more secure than previous versions of Windows and will prevent the kind of trivially-executed machine compromises that have plagued existing versions, leading to the creation by crackers of zombie botnets of tens of thousands of compromised PCs.
And no-one will be surprised to know that all the usual suspects are responsible:
"We discovered a number of implementation flaws that continued to allow a full machine compromise to occur," Matthew Conover, principal security researcher at Symantec, wrote in the report titled "Attacks against Windows Vista's Security Model." The report was made available to Symantec customers last week and is scheduled for public release sometime before Vista ships, a Symantec representative said Monday.
Conover looked at the February preview release of Vista. The report describes how an attacker could commandeer a Vista PC with Internet Explorer 7, the reinforced version of Microsoft's Web browser. The final version of Vista is not expected to be broadly available until January.
The attack starts out by planting a malicious file on a Vista PC when a rigged Web site is visited. The placing of the file involves using a specially crafted Web program called an ActiveX control, which exploits a security hole. The report then describes how the malicious program could gain privileges and ultimately give an attacker full control of the PC.
Microsoft claims to have addressed the issues raised by Symantec. But they've claimed a lot of things about Windows security before that have turned out to be false.
The biggest single thing Microsoft could do to improve the security of Windows is perfectly simple: Decouple Internet Explorer from the operating system and rip the inherently insecure ActiveX out of it. But Microsoft will never do it, because they're afraid of losing browser market share -- for a browser that they don't actually sell as a distinct product or make any money from anyway.
no subject
no subject
no subject
Embrace and ExtendPlagiarize and Pollute" standards philosophy. Microsoft wanted something that worked like Java, but which would lock people into Internet Explorer, and would do things that Java couldn't because it had access to the entire system, and feh, who needs all that stupid sandbox security stuff anyway .... after all, why SHOULDN'T untrusted content be given unrestricted access to everything on the machine? All those security restrictions get in the way of the Shiny.