| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
More fatal Windows Vista exploits | |
|
||
| Time: 03:30 EST/08:30 GMT | News Source: *Linked Within Post* | Posted By: Kenneth van Surksum | ||
|
Last week, the media went schizophrenic over the Windows Vista speech recognition ‘loophole’ which allowed anyone with a microphone to have full access over your computer. Granted, you must also be partially-deaf, turned your speaker volume to full, carefully place your microphone next to the speakers, turn on speech recognition and train your speech profile as if you were someone else. It might sound incredibly challenging to get this exploit working properly, but the media assures this exploit is a “fatal flaw”, so obviously Microsoft is to blame and Vista gets a big red “Fail” on security. This week, two top Swedish security experts only to be named “Long” and “Zheng”, to hide their identity from Microsoft, exposes many more “fatal” security flaws inside the newborn operating system, Windows Vista. Here are the two most dangerous exploits you should be concerned about. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 324 Last | Next |
The time now is
5:58:05 AM
ET.
Any comment problems? E-mail us |
| #1 By 73334 (81.6.216.24) at 2/6/2007 5:05:11 AM |
| I hope Activewin and it's readers realise this story is a joke before the story gets circulated and starts popping up on other sites as a legitimate concern |
| #2 By 45754 (164.140.159.143) at 2/6/2007 5:31:56 AM |
| I did while posting :) |
| #3 By 3 (62.253.128.14) at 2/6/2007 5:48:00 AM |
| ActiveWin does - but trust me, a lot of people won't! |
| #4 By 18033 (194.106.62.200) at 2/6/2007 6:31:42 AM |
| BREAKING NEWS: These expliots have been tested and are also found to be working on all minor operating systems! Thats right, names you all know and care less for , like APPLE, UNIX, and others! Everybody is at risk. Although we found it harder to exploit on a MAC, as the owner disappeared up his own ass before we were able to distract him.. |
| #5 By 53078 (72.252.15.246) at 2/6/2007 8:13:02 AM |
| ya someone needs to put a bug "COMEDY" tag on this before some lame people go insane on digg with it |
| #6 By 8556 (12.210.39.82) at 2/6/2007 8:20:01 AM |
| Reading the article gave me a fatal heart attack. I'm now dead. But things aren't so bad on this side of the veil. Windows 3.1 is alive and well here. Best of all, its finally bug free. |
| #7 By 15406 (216.191.227.68) at 2/6/2007 12:06:45 PM |
|
"The more things change, the more they stay the same..."
http://www.vnunet.com/vnunet/news/2174209/microsoft-onecare-fails-virus Not only can current virii & malware run under Vista, OneCare doesn't stop them. To be fair, other AV suites didn't catch them all either (which is amazing considering these threats were all in the WildList which the major AV vendors all have access to, but I digress...). |
| #8 By 135 (209.180.28.6) at 2/6/2007 2:29:05 PM |
|
This is all further proof that we need to use Linux and Mac OSX.
Not to mention, proof that Microsoft hates America and wants the terrarists to win. But I digress... |
| #9 By 7754 (216.160.8.41) at 2/6/2007 2:35:27 PM |
|
#7: Interesting article, but I want more details. Specifically, they don't list what virii were missed (and OneCare does indeed have some work to do, if that's the case), and more importantly, what effect it had on the system.
- How did it enter the system? - Were they just loading infected files on a machine and seeing if they would have any effect if executed? - Did it require user interaction? - Did a person have to load it deliberately avoiding security warnings? - Was the file an executable type, which are very likely blocked by many attack vectors (e.g., email)? - Even if it did execute, was it running under a standard user account (i.e., non-root/admin, as it should be if compared against other OSes), thereby severely limiting the impact it could have to a system? etc. etc. I'm not impressed by someone seeing if they can damage a machine somehow, whether manually or by some infected file. I can do that too. Anyone can certainly destroy a machine if they have enough rights over it. Let me write a few simple batch files for you so you can royally screw up your own machine. Does that qualify as a virus or an exploit? C'mon. That's what makes this article classic. |
| #10 By 61 (72.64.142.151) at 2/6/2007 2:38:21 PM |
|
#9, exactly.
Now if a virus was able to severely damage Windows while in a restricted user account, THAT would be a problem. |
| #11 By 7754 (216.160.8.41) at 2/6/2007 2:41:21 PM |
| Soda... nice to see you around again. :) Speaking of terrorists winning... did you see the Colbert Report episode during the 2006 election? That "Congratulations Terrorists!" cake had me laughing for months.... |
| #12 By 73360 (68.59.125.155) at 2/6/2007 3:16:01 PM |
|
It can be done,if you created scripts to by pass the security. Which from what I understand, almost all of Vista was created with scripting in mind to even install. 1. load voice command, 2. load speech pattering 3. start narrator. 4 run script to tell narrator what to say.
It wouldn’t be to hard, since most people leave there head phones with microphones on the desk, or have a desktop microphone that isn’t muted. I actually had my computer doing it’s own thing with my speech program, and didn’t know it till it started doing things that I didn’t want it to do. So yes it can be done since Narrator and other speech TTS programs have better English speaking skills then we do. Not to mention they speak clear. And this is being posted by a Totally blind person :P This post was edited by Artic Wolf on Tuesday, February 06, 2007 at 15:23. |
| #13 By 135 (209.180.28.6) at 2/6/2007 4:16:26 PM |
|
bluvg - Yeah, Colbert is da bomb or whatever the latest colloqial is for awesome. :-)
|
| #14 By 32132 (64.180.219.241) at 2/6/2007 6:04:26 PM |
|
OneCare under XP caught all the virus's on the WildList.
OneCare under Vista caught 99.91% (missing 37). Which means 37 out of 40,000 were missed. Yes, they can do better. No, it isn't a tragedy. McAfee also missed some. And this implies that the VB100 test was a screwup: "According to McAfee, Virus Bulletin has accepted that it was not using the latest antivirus updates available at the time of test, which caused McAfee VirusScan Enterprise 8.5 to fail when detecting the test viruses. McAfee is currently working with Virus Bulletin on this discrepancy and to make the updated test results available." http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=software&articleId=9010440&taxonomyId=18&intsrc=kc_top Confirmation: http://www.virusbtn.com/news/vb_news/2007/02_06.xml "In the wake of the recent VB100 test on the new Windows Vista platform, VB has been in communication with the makers of many of the products tested. The developers of one of those adjudged to have failed the test, McAfee, have insisted that when their VirusScan product is fully updated with the data provided for testing it is capable of detecting the samples missed during our tests. After intensive investigation, VB has found that detection routines for the two malware samples missed were indeed included in the update package provided by McAfee. However, when McAfee's manual update procedure was run it failed to apply the update to the product, despite both on-screen messages and logs stating that the product had been updated successfully. This behaviour was reproducible throughout the review period and has continued to be the case in several subsequent retests. The problem was found to be a result of the way in which McAfee VirusScan interacts with User Access Controls (UAC) included in Windows Vista. Despite being run by a user logged on with administrator rights, the update program designed for use in sealed environments like the VB test lab was also required to be executed with the 'Run as administrator' option to succeed, but did not report this to the user or display an error messages when the update failed. 'We feel fully justified in denying the product the VB100 in this case,' said John Hawes, Technical Consultant at Virus Bulletin. 'The product reported it had updated itself. A user who is fooled into thinking they are running up-to-date protection is in as bad a position as one who is running up-to-date but inadequate protection; a false sense of security is a dangerous thing.' 'Users with more standard update methods would apparently not have had the same issue we did,' continued Hawes. 'The problem we had can be put down not to an inability by McAfee to keep up with the latest malware, but rather to a failure to properly integrate all aspects of the product into the new Vista operating system, and most importantly the new security controls. Vista caused trouble for a lot of products and this, though seemingly a minor issue, had a major effect on the protection provided by McAfee's product.' " I wonder if OneCare's signatures were up to date? This post was edited by NotParker on Tuesday, February 06, 2007 at 18:05. |
| #15 By 135 (75.73.90.215) at 2/6/2007 10:50:07 PM |
|
McAfee is pretty bad at updating itself.
One of my servers had McAfee go off into lala land, because it's update failed. Instead of being able to go back to the last known .dat files, it just caused the service to fail to start and spew error messages at me. Had to update it manually. |
| #16 By 6859 (206.156.242.36) at 2/7/2007 10:40:52 AM |
| Heh... I've got your Long Zheng right HERE! ;) |
|
Write Comment
Return to News |
Displaying 1 through 25 of 324 Last | Next |
The time now is
5:58:05 AM
ET.
Any comment problems? E-mail us |
