Get more Mail & Guardian
Subscribe or Login

Vista more secure than previous Windows, but …

“Patch Tuesday”, when Microsoft releases repairs for problems in its software, came and went last week with six critical fixes — including the first one that touches Vista, the new operating system billed as the most secure Windows version yet.

The hole registers high on the irony scale: the flaw was in a “malware protection engine” that helps several Microsoft security products — including Windows Defender for Vista — guard against online threats. The problem could let an outsider “take complete control” of a victim’s computer, according to Microsoft’s security advisory.

This isn’t to say that Vista had previously appeared clean. Already a few vulnerabilities have popped up — including a remarkably low-tech hack.

In that case, security researchers noted a problem with Vista’s improved speech-recognition system, which lets people speak commands to the computer. It turns out that sounds played over the PC’s speakers — on a malicious website configured for this very purpose, for example — can trigger Vista’s speech-recognition engine and execute commands on a victim’s computer.

Mark Griesi, a security manager at Microsoft, acknowledged that the company was investigating the vulnerability, but said it was unaware of any attacks that exploited it.

There are many factors reducing the likelihood of such an attack. A victim would need to have activated speech-recognition — and have the PC’s microphone and speakers on. And if anything suspicious like “delete all data” was coming through, the user could just shut the sound off.

Still, some observers said Microsoft could have installed protections that would have prevented any problem. That’s not what the company wants to hear as it touts — legitimately, in the eyes of many analysts — “fundamental architectural changes” in the name of computer security.

Joanna Rutkowska, a security researcher for CoseInc, a Singapore-based tech-services company, initially had high praise for Vista. But she said subsequent exploration revealed troubling weaknesses — even in features that are supposed to enhance Vista’s security.

After Rutkowska pointed out such issues, a Microsoft security manager wrote on his blog that Vista had intentionally made accommodations for user convenience and making sure applications worked properly — and that those decisions did not amount to “security bugs”.

Rutkowska replied that she now wondered whether Vista’s security model was “a big joke”. In an email interview on Wednesday, she wrote that she still believed Vista could successfully raise the security bar, “but only if Microsoft changes its attitude”.

“Even though there are some flaws in it currently … they could be fixed over time, if Microsoft put enough effort in doing this,” she wrote. Otherwise, “in a couple of months the security of Vista [from the typical malware’s point of view] will be equal to the security of current XP systems”. — Sapa-AP

On the net

Vista security

Subscribe to the M&G

Thanks for enjoying the Mail & Guardian, we’re proud of our 36 year history, throughout which we have delivered to readers the most important, unbiased stories in South Africa. Good journalism costs, though, and right from our very first edition we’ve relied on reader subscriptions to protect our independence.

Digital subscribers get access to all of our award-winning journalism, including premium features, as well as exclusive events, newsletters, webinars and the cryptic crossword. Click here to find out how to join them.

Related stories

WELCOME TO YOUR M&G

If you’re reading this, you clearly have great taste

If you haven’t already, you can subscribe to the Mail & Guardian for less than the cost of a cup of coffee a week, and get more great reads.

Already a subscriber? Sign in here

Advertising

Subscribers only

R270m ‘housing heist’ bid deprives people of decent homes

After alleged attempts to loot Eastern Cape housing funds, 39 200 people in the province will continue to live in atrocious conditions

Cabinet reshuffle not on cards yet

There are calls for the president to act against ministers said to be responsible for the state’s slow response to the unrest, but his hands are tied

More top stories

R270m ‘housing heist’ bid deprives people of decent homes

After alleged attempts to loot Eastern Cape housing funds, 39 200 people in the province will continue to live in atrocious conditions

Stolen ammo poses security threat amid failure to protect high-risk...

A Durban depot container with 1.5-million rounds of ammunition may have been targeted, as others in the vicinity were left untouched, say security sources

Sierra Leoneans want a share of mining profits, or they...

The arrival of a Chinese gold mining company in Kono, a diamond-rich district in the east of Sierra Leone, had a devastating impact on the local community, cutting its water supply and threatening farmers’ livelihoods – and their attempts to seek justice have been frustrated at every turn

IEC to ask the courts to postpone local elections

The chairperson of the Electoral Commission of South Africa said the Moseneke inquiry found that the elections would not be free and fair if held in October
Advertising

press releases

Loading latest Press Releases…
×