Vista needs security updates.

Oracle · 11-04-2007 08:46PM #1

Vista out just over 2 months and already needs critical updates: http://newsvote.bbc.co.uk/2/hi/technology/6544089.stm

NutJob · 11-04-2007 10:18PM

Yep vulnerable to ANI cursor exploit
+ that unsigned code injection on boot

Did you expect any different?

mickoneill30 · 11-04-2007 10:58PM

2 questions for you.

1: Wasn't Vista released in November?
2: What's your point?

Webmonkey · 11-04-2007 11:02PM

mickoneill30 wrote:

2 questions for you.

1: Wasn't Vista released in November?
2: What's your point?

What's your point?

They guy was just pointing out a security update.

Black Swan · 12-04-2007 05:59AM

mickoneill30 wrote:

2 questions for you.

1: Wasn't Vista released in November?

Beta came out over a year ago, but official public release in the States didn't occur until end January 2007. Can't answer for the date of the Irish release as I've been overseas for several months.

2: What's your point?

Can't answer for the OP. There have already been several security patches since end of January, four just yesterday alone. Typical MS OS being the target of crackers, so nothing new about that.

mickoneill30 · 12-04-2007 09:04AM

Webmonkey wrote:

What's your point?

They guy was just pointing out a security update.

It's the "already" in his line that makes it look like he's making a point. I thought he was trying to imply that this is unusual for any new OS. Apologies if he wasn't.

Vista was out in November to big businesses, MSDN subscribers and OEMs (and hackers I'm sure).

Webmonkey · 12-04-2007 12:54PM

mickoneill30 wrote:

It's the "already" in his line that makes it look like he's making a point. I thought he was trying to imply that this is unusual for any new OS. Apologies if he wasn't.

Vista was out in November to big businesses, MSDN subscribers and OEMs (and hackers I'm sure).

Ok understandable I suppose, and yes you are right - Bound to be updates for OS's shortly after release, but these seem a bit too critical for normal security updates.
Anyways

Black Swan · 13-04-2007 07:33AM

Just had a patch to the patch. Typical MS!

Blowfish · 14-04-2007 08:57PM

mickoneill30 wrote:

It's the "already" in his line that makes it look like he's making a point. I thought he was trying to imply that this is unusual for any new OS. Apologies if he wasn't.

Well it certainly isn't unusual for an MS OS anyway.

is_that_so · 14-04-2007 09:02PM

Vista Service Pack 1:rolleyes:

Oracle · 18-04-2007 11:49PM

Vista Service Pack in second half of 2007, if that's June/July it's earlier than I expected. I thought it would be October/November just before the busy Christmas season.

From The Register article liked to above:
"However, Microsoft's next-generation file management system, WinFS, which is based on relational databases, the main feature shelved during the Vista development process is highly unlikely to feature in the update. WinFS is unlikely to feature in Windows itself until Vista successor, code-named Vienna, which is scheduled for delivery sometime between 2009-2012."

After Vista there's Vienna! :eek: At least now there's something cool and enigmatic to say when people ask if you're upgrading to Vista:
"No, actually I'm waiting for Windows Vienna." :cool:

aidan_walsh · 19-04-2007 12:43AM

is_that_so wrote:

Vista Service Pack 1:rolleyes:

XP's first pack was released 9 months after launch. Do you have a valid point, or is this just another driveby point and laugh?

mick.fr · 20-04-2007 04:07PM

Here are the facts, in the first 90 days of their existence, here is the number of vulnerabilities identified.

In other words :
Windows Vista: 5.
Windows XP: 18.
Mac OS X.4: 27.
Ubuntu Linux: 100.
SuSe Linux:111.
Red Hat Linux: 201.

Webmonkey · 20-04-2007 07:17PM

That is quite impressive. Maybe this windows bashing is a bit unfair

aidan_walsh · 20-04-2007 07:18PM

Webmonkey wrote:

That is quite impressive. Maybe this windows bashing is a bit unfair

Well, I wouldn't put too much stock in a chart that doesn't put any perspective on the severity of the vulnerabilities.

is_that_so · 20-04-2007 07:38PM

aidan_walsh wrote:

XP's first pack was released 9 months after launch. Do you have a valid point, or is this just another driveby point and laugh?

No, that link was for information although my attitude to it was "here we go again".

I find the "we're not as bad as x" from software vendors specious tbh. Imagine any suppliers of any other goods saying that.

In general I am unconvinced of the approach that large vendors, MS included, use to get their software out to market. I am also somewhat irked that I currently have little choice as a consumer, if I want to buy a PC with Windows. This also influences the type of hardware I have to buy.

So for now I'll stick with what is stable. I will probably move to Vista in time, but not before the Service Pack at least.

mick.fr · 20-04-2007 09:19PM

is_that_so wrote:

So for now I'll stick with what is stable. I will probably move to Vista in time, but not before the Service Pack at least.

Problem with Vista is not really Vista itself. I am sure most users are delighted with it.
The problem with Vista is that a lot of hardware is not supported any more and that even many newest hardware do not have yet a stable device driver.
Plus of course a lot of applications.
But that was the same story already with XP.
I am not worried about the security/system patches, I am more worried about the fact I have to find the proper hardware which is fully supported in Vista.

Anyway the chart is pointed out the number of vulnerabilities in the OS within the first 90 days of their launch.
Some were critical while some were not (But it also depends of your own perception).

If I may, you should have a look to the Symantec Security report, it is really interesting.
http://www.symantec.com/enterprise/theme.jsp?themeid=threatreport

Hobbes · 24-04-2007 08:26AM

Vista security is a joke. Have a gander at this..

http://www.theregister.com/2007/04/23/vista_program_naming_oddness/

It had me in stitches laughing.

Basically you can bypass the admin rights request by changing the name of your program.

mickoneill30 · 24-04-2007 09:27AM

Hobbes wrote:

Basically you can bypass the admin rights request by changing the name of your program.

Exactly. You bypass the admin rights request. It doesn't mean you bypass the request and run the app as an admin. So the program is running with user rights. How is this beneficial to a hacker?

Hobbes · 25-04-2007 09:21AM

mickoneill30 wrote:

Exactly. You bypass the admin rights request. It doesn't mean you bypass the request and run the app as an admin. So the program is running with user rights. How is this beneficial to a hacker?

True you can't exploit the machine but you can still fuk up the users files, and the point is the root request is supposed to stop you installing crap like that.

mickoneill30 · 25-04-2007 09:56AM

Hobbes wrote:

True you can't exploit the machine but you can still fuk up the users files, and the point is the root request is supposed to stop you installing crap like that.

I understand your logic but how is this avoided on other OSes? Can you stop a dodgy application from destroying user files on other OSes if you run said dodgy app? I think you're looking for a way to get prompted for admin access for every app on the PC. That would be pretty unworkable and would mean that users just run as admin by standard.

Vista needs security updates.

Comments