Microsoft Asserts Vista Was Flawless
Microsoft has confirmed that 'Vista' can succumb to malware belonging to the year of 2004, but asserts it is not a flaw in the operating system.
Security vendor 'Sophos' on November 30, 2006 reported that it was possible to exploit Microsoft's 'Vista' by at least three items of malware. Two of them date back to 2004. The three popular Internet worms labeled by Sophos as 'Stratio-Zip', 'Netsky-D', and 'MyDoom-O' are able to run on the operating system.
Microsoft has come under great pressure that it has been compelled to ship much more restrictive code. The company is sure that this will resolve many of its security issues. Also, if it denies access to the Windows' core part, the 'kernel', is a must if the company wants to accomplish its security goals.
Russ Cooper, a 'senior information security analyst' at 'CyberTrust' said, Microsoft is totally mistaken that it will be able to provide patches for 'Vista beta testers', in any other form than 'official beta tester channels'.
Both McAfee and Symantec have expressed impatience saying Microsoft has taken too long to provide the detailed API information. They need this information so that they can make their products ready and suitable for 'Vista'. Microsoft, however, disagrees with it and said it was one part of its operating system, which was going through modifications.
But as these attacks depend on 'user interaction' to run the code, Microsoft has declared the flaw to be untrue. Microsoft said these types of attacks actually rely on social engineering techniques to succeed.
Although Microsoft did not blame third-party e-mail clients for this problem, the company said 'User Account Control' (UAC) could help to give better protections. UAC restricts users' ability to install applications that do not have 'administrator privileges'. IT managers can run those 'Vista end-user accounts' that have limited "standard user" privileges, while possibly not those having 'administrator privileges'. These accounts also alert for security measures when trying to run executable code.
On December 1, 2006, Microsoft had to defend itself against charges that it had stepped back from its promise to make Windows Vista adjustable with third-party security products and that IE7 was vulnerable.
Related article: Microsoft Patches Live OneCare to Tackle Quarantined E-Mails
» SPAMfighter News - 11-12-2006