| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
White Hat: Vista Gets High Marks For Security | |
|
||
| Time: 13:45 EST/18:45 GMT | News Source: CRN | Posted By: Jonathan Tigner | ||
|
The Windows operating system always has been notorious for its security flaws. This has been partly because its ubiquity makes it the most widespread target for hackers and thieves, but it's also because Microsoft's security efforts have often been clumsy or incomplete. But with Vista, the much-ballyhooed (and delayed) version of Windows, the company seems to finally be on the right track. Dan Kaminsky, senior researcher at DoxPara Research, says that after eight months of kicking Vista's security tires, he's convinced that Microsoft has learned from its mistakes. "Vista's security is at a level I didn't think was possible at such a large software development house," he says. "They just get it." | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 311 Last | Next |
The time now is
11:37:12 AM
ET.
Any comment problems? E-mail us |
| #1 By 32132 (64.180.219.241) at 8/10/2006 1:59:47 PM |
| Hey ... how did this article slip through the editors relentless attempt to spread anti-Microsoft FUD? |
| #2 By 15406 (216.191.227.68) at 8/10/2006 3:12:50 PM |
|
#1: Microsoft does a good enough job of spreading anti-MS FUD by itself. Every time I use an MS product, I Fear it will crash. I'm Uncertain as to whether or not it's sending personal info back to MS. And I Doubt that MS can act ethically, innovate, and do what's best for the consumer.
As for the story, some unknown guy from some random company says Vista is da bomb. Good enough for me! I'll take 10 copies. |
| #3 By 7754 (216.160.8.41) at 8/10/2006 3:32:31 PM |
|
Wow... I'm rather surprised myself. Usually an article like this would have an unrelated, sensationalist headline like "Does Anyone Trust Microsoft to Secure Vista?"
Microsoft has taken some well-deserved shots for previous security problems, but I've been saying for a long time that they are actually one of the few non-security vendors now that really "get it." It has taken awhile to see some products come from this, but it takes a lot of time to make that sort of change. |
| #4 By 8556 (12.217.111.92) at 8/10/2006 3:58:49 PM |
|
What happened to Vista being open to Blue Pill virtualization rootkits? Was this threat addressed in the last week or so?
The last few sentences are an example of D- level writing. This post was edited by bobsireno on Thursday, August 10, 2006 at 16:02. |
| #5 By 32132 (64.180.219.241) at 8/10/2006 4:04:20 PM |
|
#3 "some unknown guy ..."
coffee girl, sitting at her PIII 500, hasn't heard of Dan Kaminsky? I guess its too slow to do a search ... |
| #6 By 2459 (69.22.124.202) at 8/10/2006 4:07:07 PM |
|
That threat (Blue Pill), as demonstrated, required ignoring a UAC elevation prompt to work.
I've read that Microsoft has developed further countermeasures against that type of attack however. This post was edited by n4cer on Thursday, August 10, 2006 at 16:08. |
| #7 By 15406 (216.191.227.68) at 8/10/2006 4:43:15 PM |
|
#6: Parkkker, standing at the fry machine he isn't qualified to use, claims to know everything 3 seconds after Googling it.
No, I've never heard of him. I doubt you had either, since he doesn't work for Microsoft. |
| #8 By 7754 (216.160.8.41) at 8/10/2006 5:43:24 PM |
|
Well, I had heard of him. He's been doing this for quite awhile. A good interview of him (though a year old) is here:
http://www.securityfocus.com/columnists/342 |
| #9 By 32132 (64.180.219.241) at 8/10/2006 7:10:21 PM |
|
This report goes along with Symantec's begrudging support:
"The kernel mode security enhancements in Windows Vista are quite substantial, resulting in a dramatic reduction of its overall attack surface," wrote the report's author, Matthew Conover, principal security researcher with Symantec. " |
| #10 By 8556 (12.217.111.92) at 8/11/2006 9:25:03 AM |
| n4cer: Thanks for the update on Blue Pill. I had hoped that MS would develop a virtualization "cop" of some kind. |
| #11 By 32132 (142.32.208.232) at 8/11/2006 12:18:38 PM |
|
Blue Pill
http://www.virtualization.info/2006/08/debunking-blue-pill-myth.html "Rutkowska claims to have create a "100% undetectable" piece of malware. The basic idea behind her claim is that one could create a piece of malware that also was a Virtual Machine Monitor. If the VMM could take over the host Operating System (imagine if you could launch Xen on a running copy of Windows and instantly have the previous Windows system be a virtual machine), then it could potentially hide a virus from that virtual machine by remaining within the VMM. Having a VMM take over a host operating system would be very difficult. It's not outside of the realm of possibility but it would take a huge engineering effort. However, for this malware to be successful, it would not only need to be able to take over the host Operating System, but it would also need to prevent that operating system from being able to detect that it was now a virtual machine. While the former is at least possible (albeit tremendously difficult), the later is not possible which means that anti-malware software will always be able to detect this sort of attack." |
| #12 By 8556 (12.217.111.92) at 8/11/2006 2:56:26 PM |
|
Steve:
Proper design requires Failure Mode Effects Analysis. If it can be conceived that virtualization layer takeover is possible, reengineer the process to prevent it from happening. Period. Any thing else is lazyness. |
| #13 By 32132 (64.180.219.241) at 8/11/2006 8:59:59 PM |
| If someone could take a running Windows Server, convert it to a virtual instance almost instantly while replacing all the drivers with the appropriate VMware/Virtual Server drivers and keep it running, Microsoft should hire them. I'll buy that product. |
|
Write Comment
Return to News |
Displaying 1 through 25 of 311 Last | Next |
The time now is
11:37:12 AM
ET.
Any comment problems? E-mail us |
