Tag: Vista

Vista exploits – On Sale Now!

Trend Micro noted that zero-day exploits are being hocked via the internet, and the prices for making sure your zombie network is prepped for Vista’s consumer release in the spring are rising.

Just a year ago, some Russians were selling Windows MetaFile exploits for four grand – the price attached to unpatched execution flaws is now in the $20K to $30K range, with Vista targets fetching as much as $50,000.

I just hope none of the available code can also attack MySQL databases, as Vista users might be stuck with that database for a while – Vista doesn’t seem to work quite right with Microsoft’s own SQL Server.

UPDATE: Techcrunch says that the whole Vista/SQL Server bit might have been off base. I guess I don’t really care either way, as I don’t use IBM or Oracle databases anywhere, anyway. But the correction is noted, nonetheless.

UPDATE 2: The price may be coming back down, as in the grand scheme of software pricing nowadays, stuff is now being offered for free (a proof of concept, anyway).

How much does Vista security matter?

That’s the question the AP’s Brian Bergstein asks, noting that:

Microsoft Corp. took great pains to improve security in its newly released computer operating system, Windows Vista, redesigning it to reduce users’ exposure to destructive programs from the Internet.

According to security experts, however, they (Microsoft) didn’t go to such great lengths. Now, you have to take the alternative opinions with a grain of salt since those spouting them all sell security products and services, almost all targeted at Windows, but they are getting quite bold. Kapersky goes as far as to suggest that almost all existing malware will work on Vista, and that for the bugs squashed by IE7, there are plenty popping up already to take their place.

PatchGuard, User Account Control, you name it…is it all just Microsoft’s PR department playing perpetual damage control, or are the security vendors running scared this winter and pushing pawns across the board early, hoping the King is just being cocky?

Post-Vista Launch roundup doesn’t create desire

I have heard nice things about Vista, mostly related to its beauty. I’ve also heard corporations are not clamoring to upgrade, but I say give it some time – once consumers get hooked in next spring, there will be a lot more buzz. Then I’ve heard:

– That existing malware may still affect Vista;

– that pirated copies of the software may be floating around that are already infected with malware;

– and that hackers have been getting all keyed up for it’s release.

This isn’t the kind of news you like to see, regardless of it’s validity (or the underlying potential for risk longevity).

Is Vista security a selling point?

That is the question ZDNet asks.

Every security feature can be a selling point – it’s when hackers beat the crap out of them that someone tears up the purchase order.

Microsoft using Google HR department for security hunker-down

If you need some people to solve a problem, why not hire, hire away. Microsoft has a security problem, so they’ve hired yet another security guru, stealing Jimmy Kuo away from McAfee.

This is the second top character Redmond has picked off from a security firm. My question is, if Vista is already so secure, why do they need all these people now?

“Hacked Vista” news is overblown

The news all over the net is that Microsoft’s upcoming Vista operating system was hacked in a live demonstration.

I’m not one to stroke Microsoft. In fact, if you’ve read Spamroll for a while, you are probably saying “all this guy does is bash Microsoft.” That’s the impression, but I’m going to lay down here, and throw the bullshit flag at the same time.

Vista was hacked by Joanna Rukowska using a rootkit technology that has been in development for quite a while. Microsoft knew this was coming – it was mentioned over a month ago. If the folks at Black Hat, or anyone else for that matter, can’t find a new and original way in, I’d say Microsoft may actually have something there.

Five ways to get a security headache

Information Week says you don’t have to wait for Vista to get its enhanced security – you can do it all now with Windows XP.

That tells me two things:

1) Vista’s security enhancements can’t be particularly mindblowing if you can replicate most of the behaviour now; and

2) Before you get started, you should ask yourself whether you can make the process less of a hassle than a top-shelf security guy could.

I’m not holding my breath.

***UPDATE***

Your best bet would probably be to attend the BlackHat get-together, and watch as Microsoft shows you how it is all done. I just hope the power doesn’t go out.

Over half of all PCs may be doomed

Doomed to get upgrades, that is. If Steve Ballmer can’t get the infections fixed, who can?

Microsoft just released a report that says 60% of all PCs are infected with some virus, malware, etc. Yikes. However, all is not lost, timely as it may be. Hackers will get a sneak peek at Vista security features really soon. That way, they can crack it silly in 30 seconds, Vista can get delayed until 2009, and you won’t have to upgrade.

Ha.

Another security leader calls Vista bunk

Hot on the heals of the Symantec dissing (and then suing) of Microsoft over the whole idea of security in perpetually delayed upcoming Vista operating system, another security industry leader has announced they are not worried either.

David Moll, CEO of Webroot, says the security in Vista will be akin to “locking half the doors in your house.”

After reading about this guy Moll’s scrappy background, I’ll just bet Microsoft is in for a fight, and I suspect that fight won’t be in a courtroom.

Will Vista kill the security companies?

A CNET post says Vista will hit third party security software vendors. You have to look inward, and make some decisions:

– If you are a venture investor in Webroot, do you go for the IPO now, or assume Vista will actually get released in 2009?

– If your margin account hasn’t been used to pay off your credit cards (that is, after you tapped out your home equity line) do you short Symantec and McAfee?

– If you are Checkpoint, do you hire John Ashcroft to help you get those acquisitions done before it’s too late?

– If you run OS X or Linux, do you even care?

More suggestions from the audience are much appreciated.
(more…)