backtop

Print E-mail del.icio.us 56 comment(s) - last by Randalllind.. on Jul 20 at 10:28 AM
Microsoft says Vista will be the most secure Windows ever

Despite all the interim releases of Windows Vista, Symantec has come out and said in a report that Windows Vista is very likely to be less secure when it ships than Windows XP is today. According to Symantec, it already has discovered many security flaws within Vista that have to do with networking. Symantec says that it's Vista's large chunk of new code that is the problem.

According to the Symantec report, "Microsoft has removed a large body of tried and tested code and replaced it with freshly written code, complete with new corner cases and defects. This may provide for a more stable networking stack in the long term, but stability will suffer in the short term."

Microsoft has been stating that Windows Vista would build on the security that it has been achieving with XP. In fact, this is one of the reasons why Windows Vista's development has been taking a long time. The new operating system will also contain new network stacks that natively support the IPv6 standard.

Microsoft responded to Symantec's report by saying "given that Windows Vista is still in the beta stage of the development and not yet final, the claims made in this report are, at best, premature. And given the extensive work we are doing to make Windows Vista the most secure version of Windows yet, we believe the claims are also unsubstantiated." Symantec said that it provided Microsoft with the report to help.

Symantec said earlier last week that there were no viruses for Apple's OS X.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
No surprises here
By brystmar on 7/18/2006 9:58:16 AM , Rating: 5
quote:
According to the Symantec report, "Microsoft has removed a large body of tried and tested code and replaced it with freshly written code, complete with new corner cases and defects. This may provide for a more stable networking stack in the long term, but stability will suffer in the short term."

In a subsequent press release, a Symantec spokesperson later added: "The only way to remedy these problems and achieve a high level of stability is to buy our award-winning software, starting at only $29.95!!"




RE: No surprises here
By tuteja1986 on 7/18/06, Rating: -1
RE: No surprises here
By Lord Evermore on 7/18/2006 10:26:34 AM , Rating: 1
So communists drove Shermans, and democratic countries drover Panthers and T34s?


RE: No surprises here
By tuteja1986 on 7/18/06, Rating: -1
RE: No surprises here
By kondor999 on 7/18/06, Rating: 0
RE: No surprises here
By MrPieGuy on 7/18/2006 11:24:59 AM , Rating: 4
Well I suppose I'd rewrite that tosuit my bias:
Microsoft = Democracy
Linux, Unix = Communist
Apple = Well... another Democracy with flashy colours.

As far as I can tell, its based in a free market, so I'd have to say MS and Apple are both the same... ones just the underdog. And Linux is free for everyone... which is more ofa communist market... oh well, just my view.


RE: No surprises here
By djcameron on 7/18/2006 11:26:39 AM , Rating: 4
A better analogy is...

Microsoft = Capitalist
Apple = Capitalist
Linux = Socialist/Communist


RE: No surprises here
By TomZ on 7/18/2006 11:39:21 AM , Rating: 2
Finally, someone got it right!


RE: No surprises here
By dilz on 7/18/2006 11:55:48 AM , Rating: 4
I dunno... Apple's reluctance to let other vendors sell hardware moves them away from the "freedom of choice" inherent in true capitalism. Their "enthusiastic" user base paints them more as facist, I would think.

MS = Captialist
Apple = Fascist
*nix = Marxist/Socialist

The case could also be made for MS being Fascist as well, whereas there's little room for debate concerning the ideology behind *nix.


RE: No surprises here
By djcameron on 7/18/2006 12:12:15 PM , Rating: 2
Interesting. You have a point, since Apple has historically been propietary, they could easily be considered the Facist OS.


RE: No surprises here
By shamgar03 on 7/18/2006 4:05:14 PM , Rating: 2
Dude! Just about to say that. Apple definately the "fascist" of the group


RE: No surprises here
By rcmpcbf on 7/18/2006 8:38:42 PM , Rating: 2
Linux = Socialist/Communist???

A number of companies offer their customized Linux distribution bundled with Open Source applications for business and desktop use - Redhat, Novell, Mandrake, etc. These companies are out to make money; they rely on providing technical support. If any ISP offers a free modem with their service does that make it communist/socialist? Just because it is available free does not make it socialist/communist. Linux is a product with many unique competitive advantages- cost to the user is one of them. If you were unaware of such a business model, then you better educate yourself. Also, there is no centralization with Linux or Open Source - since you are given access to the source code, given that you are capable, you can modify it as you see fit. That is freedom.


But...
By dilz on 7/18/2006 9:13:23 PM , Rating: 3
Linux's roots are best described with something other than "capitalism." Even if profits are derived from Linux development and distribution, those companies could fold and Linux would continue to develop. Tell me how BeOS has done since official development stopped in 2000?

Exceptions don't make it the rule...

http://distrowatch.com/


RE: But... - as people:
By L1NUXownz1fUR1337 on 7/18/06, Rating: -1
RE: No surprises here
By Chillin1248 (blog) on 7/18/2006 10:47:53 AM , Rating: 3
Indeed, they are basiclly saying the following:

"Windows Vista is very secure, however we are a anti-virus and firewall company for mainstream users, this will hurt out business. So let's announce to the press that Windows Vista is actually less secure than a 6 year old OS with god knows how many scripts written for it so when Vista is release we can sell our anti-virus and firewall"


On a serious note...
By Goty on 7/18/2006 10:02:47 AM , Rating: 2
Remarkably, I almost agree with Microsoft's stance on this. The program IS still in beta revisions, and is probably nowhere near complete. I mean, come on, how many times has Microsoft delayed Vista already? What's one or two more delays to make sure it's up to people's standards as far as security is concerned?




RE: On a serious note...
By rrsurfer1 on 7/18/2006 10:17:42 AM , Rating: 2
True. But whenever you add a large base of new code, there are going to be bugs. I'm sure the final release will have some bugs but obviously the MS programmers feel the new code is better than the original code. There will still be a number of bug and security fixes after release. As is always the case with such a large project.


RE: On a serious note...
By marvdmartian on 7/18/2006 2:27:57 PM , Rating: 2
Mmmm-hmmmm.....and isn't that the same Microsoft that delayed the release of windows 2000 (or was it XP? geez, I have NO memory left!), and gave us the wonderfully written windows ME as a stop-gap?? And yet, how many patches have we seen come out for 2000/XP??
Not to mention that it seems every time you turn around, MS is making some excuse or other about why they're cutting another feature from Vista, so they can release it "on time". Yeah, whatever!

Chances are very good that I'll stick with XP on every system I own or build, until such time passes that a sufficient number of patches have been released for Vista, so that it will be somewhat safe to use. I don't expect that to happen much before 2010, imho.


By tygrus on 7/18/2006 9:55:51 PM , Rating: 2
Windows Vista tries to give the user a bigger&brighter outlook. This may also mean a bigger and less obstructed view for hackers (virus/worms etc.) to run amuck.

It's hard to say how secure until after release and count the holes (qty, rate, severity) and compare to past versions.
MS may be able to fix some of the existing security holes/bugs before release but no doubt there will be more later.
Be prepared for a 200MB worth of auto-updates to release by 3months after release and a 500MB+ SP1 when 12m old. But that's just wild speculation.
MS will claim that the re-design allows them to plug more holes easier after release and that it was worth the change.


By Laughing all the way 2220 on 7/19/2006 3:33:18 PM , Rating: 2
I think I'll wait for Windows Corporate-Home-Professional- Standard SE .... in like 10 years from now


Also, don't like TCP. AMD and Intel now have TPM's built INTO their CPU's. XP's already telling me I can't install certain software because it's not "Trusted" and I'm running an old Athlon XP 1600 Abit KR7A Raid with 512MB and XP SP2.
I'll upgrade to Athlon 939 4400 X2 Toledo with no TPM. I know I'll have to upgrade so Big Brother can watch me and tell me what I can and can't install later on down the line but Hell's gonna freeze before I finally do. Hack the Planet


XP, anyone?
By AxemanFU on 7/18/2006 10:25:35 AM , Rating: 1
Looks like unless you HAVE to play the latest and greatest Dx10 only games (for which there is no hardware or games yet anyways),or HAVE to play with HDvideo technology on your system, there's not going to be all that much of a good reason to get Vista. I'll go with my old reliable MS upgrade philosophy: Wait until 1 year after new OS release, or SP1, whichever is later, and THEN buy it. By then, most of the system breaking bugs are worked out, and it's reasonably reliable and secure.

The company I work for just now upgraded my PC from win2K to XP, and they're only about 70% done with the upgrade process. We won't see Vista here for 3-5 years.




RE: XP, anyone?
By Lord Evermore on 7/18/2006 10:32:35 AM , Rating: 2
There will be games released that will be set up to only run if you have Vista, whether they really rely on anything integral to Vista like DX10 or not, because Microsoft knows that such a requirement will be a big draw to get people to upgrade. Even games that have been in development for a long time already may end up being made to only support Vista, just for this reason. Aside from that, 99% of new Dell, HP, and other OEM machines for consumers will be sent out with Vista installed as the default, because most people will either not notice an option to get XP, or will just go with the latest and greatest version of Windows (and Dell will more than likely have it highlighted as "Dell Recommended" like they do with memory and hard drive upgrades).


RE: XP, anyone?
By TomZ on 7/18/2006 10:39:33 AM , Rating: 3
quote:
The company I work for just now upgraded my PC from win2K to XP, and they're only about 70% done with the upgrade process. We won't see Vista here for 3-5 years.

This is typical for corporate IT; it is not a statement about Vista. Corporate IT likes to stay one generation behind in an attempt to reduce risk associated with deploying new software.


RE: XP, anyone?
By kelmon on 7/19/2006 3:05:47 AM , Rating: 2
This is what I'm thinking. I had been worried about buying a copy of XP Pro in the next month or so (Boot Camp + Parallels on a MacBook Pro) only to upgrade to Vista in the next 6-months or so, but this report makes me think that I won't be missing anything. The principle reason that I was planning to upgrade was for better security but if this is not going to happen (at least not in the short-term) then I'll at least get some value out of XP and will not bother to upgrade. As far as I am concerned Aero is a waste and I have no interest in playing Halo 2 so DirectX 10 won't be a loss to me either, so XP Pro should suit me fine for a few years.

Mind you, given the source of this report and the apparent conflict of interests, I'm taking this report with more than a few grains of salt...


By gotaclue on 7/19/2006 1:04:56 PM , Rating: 2
For those suggesting that:
quote:
Linux = Socialist/Communist/Marxist/Whatever

From what I understand true communism has never been established anywhere in the world. While there is an open source community, there is no little relationship to communist governments in Cuba or China. These countries have communist governments, the the governing body is far from open. The round block doesn't fit in the square hole, so quit trying to make it fit.

Linux and Security
The reality is that many defense systems are Linux based and this number is only growing.
The Department has recently published and released Open source in the national interest which either proves that the Department of Defense is full of communists or that some people that have posted here lack a basic understanding of what open source is.

http://weblog.infoworld.com/openresource/archives/...

When Microsoft states that
quote:
Microsoft says Vista will be the most secure Windows ever
they are simply repeating what the previously said about XP. The problem is that each successive release of Windows has only less secure then the previous version. The history so far is that XP has been least secure OS Microsoft has ever released. What does everyone have to look forward to with Vista? The problem is that Microsoft can't get away from integrating new features and this integration only results in the availability of numerous vulnerabilities to keep all the all the crackers, hackers and security companies happy. There will still be plenty of money to be made from all Vistas weaknesses no matter what side of the fence they are on.




By dilz on 7/19/2006 4:39:50 PM , Rating: 2
quote:
For those suggesting that:


Sorry, I can't agree with you.

No one is saying that using (whatever) OS means you support a particular ideology, or that these OS's have affiliation with governments of a particular ideology.

Most of what is worth consuming in software is made by the global North, and primarily in the Far West and East. None of these nations are communist, because communism is a theory. If a nation/OS were truly communist, it would technically be the greatest nation/OS ever, because its existence would be proof that people can actually work together and have cast off their corruptibilities and selfishness. Instead, we compromise.

Please don't mix authoritarianism/totalitarianism with communism. Communism is Marx's plan, Auth/Tot is what elites do with it.


By gotaclue on 7/19/2006 7:52:30 PM , Rating: 2
I can agree that true communism might be utopia, but as I have stated, "From what I understand true communism has never been established anywhere in the world"

The definitition of what most people know as communism, has negative connotations, therefore I am differentiating. The other factor is
that no matter what the definition of communism is, communism is not community.

Communism \Com"mu*nism\, n. [F. communisme, fr. commun common.]
A scheme of equalizing the social conditions of life;
specifically, a scheme which contemplates the abolition of
inequalities in the possession of property, as by
distributing all wealth equally to all, or by holding all
wealth in common for the equal use and advantage of all.
[1913 Webster]

Community \Com*mu"ni*ty\, n.; pl. {Communities}. [L. communitas:
cf. OF. communit['e]. Cf. {Commonalty}, and see {Common}.]
1. Common possession or enjoyment; participation; as, a
community of goods.
[1913 Webster]


By dilz on 7/19/2006 9:05:40 PM , Rating: 2
By the same token we can agree that OSX isn't actually "fascist" - we were simply in search of approximations.

To see everything portrayed in the “capitalism/communism” false dichotomy annoys me as a poli sci major, but I'm happy to see that people realize how the definition of communism has been distorted as a result of the Cold War. BTW, welcome to DailyTech!


In other news...
By Tebor0 on 7/18/2006 9:58:56 AM , Rating: 5
In other news... supermarkets announce that people still must eat.




RE: In other news...
By Tewt on 7/18/2006 3:46:30 PM , Rating: 2
Ahh, that provided some much appreciated lunch-time levity. I'm going to use that on another forum as soon as the opportunity arises.


Symantec also has its problems
By gnumantsc on 7/18/2006 10:16:29 AM , Rating: 2
Symantec is also the only major antivirus vendor whose products also have problems with holes and what not.

Symantec did not release a compatible version of their products for Windows Vista, NIS 2007 Beta is for Windows XP only and with Vista supposedly being released around Q2 2007 how the hell is anyone making Vista secure?

Not even the latest version of McAfee does not work, Trend Micro's beta of their product does not work and neither does Panda Antivirus.

This does not look good, unless of course, those companies are boycotting Vista for their OneCare package.




By rrsurfer1 on 7/18/2006 10:21:35 AM , Rating: 2
quote:
This does not look good, unless of course, those companies are boycotting Vista for their OneCare package.


That's a pretty moronic statement. It would also be a moronic move on the part of security software makers, to not support the next version of windows because they want to "punish" MS by giving them MORE market share for OneCare. How does your logic for this statement work again?

You boycott something by not purchasing because you don't believe in it. You don't boycott something by not competing and allowing the product to be the only thing on the market ;)

I'm sure ALL the security companies have products in development for Vista.


RE: Symantec also has its problems
By gerf on 7/18/2006 12:12:28 PM , Rating: 2
quote:
Symantec is also the only major antivirus vendor whose products also have problems with holes and what not.
What about Computer Associates? They has a whole slew of issues in the last year.

And don't tell me other AVs are perfect. They just haven't disclosed, or had problems with their holes yet.


One-sided much?
By BioRebel on 7/18/2006 11:42:02 AM , Rating: 2
And this comes shortly after Symantec claims that Apple's OS is the most secure OS out there. Gee, it almost sounds like they're trying to push Apple's software.




RE: One-sided much?
By plinden on 7/18/2006 12:02:25 PM , Rating: 2
quote:
And this comes shortly after Symantec claims that Apple's OS is the most secure OS out there. Gee, it almost sounds like they're trying to push Apple's software.


I think you mipselt "Sophos": http://www.vnunet.com/vnunet/news/2159765/apple-se...


RE: One-sided much?
By BioRebel on 7/18/2006 1:12:03 PM , Rating: 2
By clementlim on 7/18/2006 11:59:34 AM , Rating: 2
So...let's do an anology: Half-life 2 before it is released, is very buggy compared to Half-life that came out 2-3 years ago. A prototype Honda Civic ver2006 that is being tested in the R&D plant is full of hitches when compared to Honda Civic ver2004. A new Sony-Ericsson W850 that is being tested is inferior to W800 that was released a year ago. And Symantec's point is?

And yes, I know Half-life 2, Honda Civic ver2006 and W850 are already out...




RE: So half way finish and they verdict is already in?
By TomZ on 7/18/2006 12:13:34 PM , Rating: 2
quote:
So...let's do an anology: Half-life 2 before it is released, is very buggy compared to Half-life that came out 2-3 years ago.

But your analogy ignores that fact that Microsoft is in fact rewriting major portions of Windows for the Vista release. It's more like a car company having a successful model in the market for several years and having worked out all the bugs. Then they do a "refresh," and consumers are left to guess whether the refresh adds problems and whether that model should be avoided for the first year.

One thing in Microsoft's favor in the case of Vista: the legacy code in Windows was originally written with zero security requirements (same for most commercial OSs). New code being re-written is designed for, reviewed for, and tested against security requirements. While this obviously doesn't preclude the possibility of security issues due to mistakes in this process or other kinds of bugs, it is probably going to generate code that pretty good in terms of security.

I think that Symantic's analysis is not unreasonable, even if it is entirely self-serving.


By clementlim on 7/18/2006 12:26:13 PM , Rating: 2
So, I guess you are saying that Half-life is also using Source engine from Half-life 2? Or are you saying that Half-life 2 is using Half-life's engine? That's why my analogy didn't work?

Fact is Half-life 2 used a whole new set of codes/engine, just like Vista. It is indeed a REFRESH. Gamers are left to wonder how it will ultimately turn out to be when it comes out.

That aside, I agree with you. The new codes could ultimately be a new playing field for Vista, much like Source did for HL2. It could also break Vista...then again, that is yet to be seen...Unless Symantec was recently appointed by The-Almighty-Power-That-Be to serve as the Oracle in the ICT world.

To Symantec: WORK ON YOUR OWN PRODUCT. Your new version of softwares are probably worse than your current ones too...and the previous versions are already bad as it is.


Norton Ant-virus slows down machines also
By Randalllind on 7/18/2006 3:22:58 PM , Rating: 2
so why do people contuine putting that crap on a machine?




RE: Norton Ant-virus slows down machines also
By TomZ on 7/18/2006 5:44:25 PM , Rating: 2
quote:
so why do people contuine putting that crap on a machine?

Because we are supposed to live in fear of viruses! Kind of like the "terrorism" thing.


By Randalllind on 7/20/2006 10:28:52 AM , Rating: 2
I have a router fire wall and AVG and I don't have any issues. It also helps to edit the HOST file to block popups as well.


From the original article...
By Griffinhart on 7/18/2006 3:30:12 PM , Rating: 2
So, a company that makes it's money selling security products is claiming that Vista might be less secure than XP. Hmmm. Color me not surprised.

From the original article:
quote:
In their paper, titled "Windows Vista Network Attack Surface Analysis: A Broad Overview," Symantec researchers put the networking technology in Vista under a magnifying glass to determine its exposure to external attacks. The team said it found several flaws in build 5270 of Vista and even more in earlier test versions. However, these were all fixed by Microsoft in build 5384 , the version of the operating system that was publicly released in May as Beta 2.


So, they found bugs in Beta Software that was fixed before the first public beta copy was ever sent out.




RE: From the original article...
By TomZ on 7/18/2006 4:56:44 PM , Rating: 2
LOL, good find!


RE: From the original article...
By rrsurfer1 on 7/18/2006 5:00:41 PM , Rating: 2
Haha, very nice.


Long Term is the Goal
By ViperROhb34 on 7/18/2006 10:27:14 AM , Rating: 1
quote:
According to the Symantec report, "Microsoft has removed a large body of tried and tested code and replaced it with freshly written code, complete with new corner cases and defects. This may provide for a more stable networking stack in the long term , but stability will suffer in the short term."


We're all shooting for better 'long term stability and security'

Linux=Communism. The Russians already proved you can't give something away for free to everyone and have a fair, balanced society. What next ? Make games for free and expect them to be innovative ? Where does it stop..




RE: Long Term is the Goal
By djcameron on 7/18/2006 12:13:58 PM , Rating: 2
Remember, Symantec is pissed at Microsoft for releasing OneCare.


RE: Long Term is the Goal
By gotaclue on 7/19/2006 11:29:52 AM , Rating: 1
A certain exec at Microsoft said in the past that XP would be the most secure Windows ever. As it turns out it has been the worst so far. If you understand Microsts development model, Vista will only worse than XP.



"The Russians already proved you can't give something away for free to everyone and have a fair, balanced society."

Choose a better analogy. The former Soviet Union wasn't a truly communist state to begin with. In any case, the open source community are a bunch of developers who share a common interest in developing software.

The funny thing is that this community of developers doesn't have any real motives except to develop quality software.


"What next ? Make games for free and expect them to be innovative ?"

Nobody has to give away anything and any business can charge for their work.

There is really a lot of innovation in the very aspect of open source. When someone has a unique idea for an interesting software project they simply start the project and others join in.

"Where does it stop."

Open source will not stop. There will continue to be a growth of the community because it will only continue to benefit more and more people and organizations.

You on the other hand seem to want to bad mouth those people who are simply trying to help provide superior software through their time and effort. Maybe there is some need for a little more education.


It will be a good day when...
By RyanLM on 7/18/2006 6:34:34 PM , Rating: 2
I never have to use the pile of CRAP that is Norton AV, or wore the testicle cancer I call Internet Security.

WHAT CRAP. Install this and you will be protected from all f these threats mainly because our product will prevent you from doing ANYTHING with your computer.

McAfee is terrible is well, OneCare actually does it better.

Instead of getting on MS's case about making a competing product, how about not forcing them into it? YOUR PRODUCTS SUCK. I dont even want to know I have it installed, just sit there and protect me, I dont need a damn popup, or some huge uglything on my taskbar, or wizing sounds when ever you think you need my attention.

I hope vista is so secure you all go out of business.




By INeedCache on 7/18/2006 7:49:13 PM , Rating: 2
In the Symantec fine print "you'll need an extra 1gb of RAM just to run our overbloated Norton".


Breaking News...
By Gallius on 7/18/2006 10:27:39 AM , Rating: 3
Symantec bought by Apple.

On a more serious note:

Symantec need to sort their own software out first. You shouldn't throw stones in glass houses....

First they talk about no Virii on OSX then they announce there will be more problems in Vista than XP.. Apple don't need a marketing department, Symantec does it for them.




The price of software evolution
By mindless1 on 7/18/2006 10:46:42 AM , Rating: 2
It is unquestionably going to reveal new security problems. It will have bugs only revealed later. The idea of "more" or "less" secure will depend on MS followthrough on patching these holes, the same as it did with XP.

MS was too sluggish in many cases with XP patches, BUT a great deal of time has passed so many finally surfaced. Vista will inevitably be less secure than a fully patched XP, but not all XP are fully patched, and the turnaround time between discovery of insecurity and the patch will be very very important.

Crackers will not yet know all the security holes in Vista, so ultimately "more" or "less" secure will depend on the amount of time that elapses between discovery and patch. It's not total number of holes that determines insecurity, it's whether those holes are KNOWN. Otherwise it's only a potential insecurity and MS will never be rid of those because of their philosophy to enable rather than disable potentially insecure feature sets by default.




Hello?
By Ifyousayso on 7/19/2006 8:14:40 AM , Rating: 2
If Microsoft told you that your fingers were actually your toes, the lot of you would spend the rest of your life walking around on your hands apparently.

How can you go around calling an OS like Linux that people make a fortune off of packaging and supporting Communist? Get a clue people.




?Fair?
By Trisped on 7/19/2006 12:36:41 PM , Rating: 2
So they test Apple's product months after release and patching and give it a good bill of health. They test Microsoft's 6 months before release and give it a bad one.

Doesn't seem fair. Yes, the security flaws are an issue, but only if Microsoft doesn't fix them before it ships (many of which it probably won't, but judgment should still be reserved until the product is official).

It is nice to see they added native support for IPv6. With support built into Windows I don't think it will be too long before it starts getting added to other things too. How long before I can get my own suite of IP address? Still, this is the type of thing I am regularly wrong on.




LOL!##@#@$
By desiplaya4life on 7/18/2006 9:17:14 PM , Rating: 1
LMAOOO at all the analogies posted. lol GG!




Re: No Surprises here
By GReaper on 7/18/06, Rating: 0
We don't know how to make a $500 computer that's not a piece of junk." -- Apple CEO Steve Jobs











botimage
Copyright 2010 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki