LAS VEGAS — Two security researchers have developed a new technique that essentially bypasses all of the memory protection safeguards in the Windows Vista operating system,
an advance that many in the security community say will have far-reaching implications not only for Microsoft, but also on how the entire technology industry thinks about attacks.
In a presentation at the Black Hat briefings, Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. will discuss the new methods they’ve found to get around Vista protections such as Address Space Layout Randomization(ASLR), Data Execution Prevention (DEP) and others by using Java, ActiveX controls and .NET objects to load arbitrary content into Web browsers.
By taking advantage of the way that browsers, specifically Internet Explorer, handle active scripting and .NET objects, the pair have been able to load essentially whatever content they want into a location of their choice on a user’s machine.
Cripes!
Found by ECA on Cage Match.
Everyone seems to have forgotten the Hardware Certification part of the DRM garbage. That’s where Micro$oft can cancel a particular piece of hardware’s ability to run under Vista by revoking that hardware’s certification. I’m just waiting for the day some 15 year old Finnish kid cancels the ticket on a whole buttload of Intel or nVidia’s chipsets worldwide just for fun. Can you say economic collapse? Sure. Sure you can, boys and girls.
Vista was rendered useless long before the security breach.
Well, what next ?
Great big gobs of greasy grimy gopher guts,
Itty bitty birdys feet,
Emulated monkey meat…
Great big gobs of #@!$@#$@# flowing down the avenue…
And you can eat it without a spoon..
That’s why you should buy a Mac.
Microsoft has a new web site with videos showing that if people can be tricked into trying Vista they might not think it sucks so much:
http://www.MojaveExperiment.com
Geez, how embarrassing is it for a major corporation to have to stoop to deceiving people to even try its allegedly new and improved product 18 months after it came out? That sure spells “product launch flop” to me.
#17, Lou,
Amazing! Something on John C. Dvorak’s blog that doesn’t involve petty and stupid left-wing paranoia.
Maybe, but this still happened on Bush’s watch.
After how many years of Winbloze, we should by now know the M$ and “Security” are MUTUALLY EXCLUSIVE !!! Except for DRM that DESTROYS YOU “FAIR USE” RIGHTS !!!
#26
There’s nothing wrong with the product, people actually liked Vista if they though it was something else. What it shows is that Microsoft did a terrible job marketing. Judging from all the idiotic comments to this article they still have a lot of work to do.
The headline to this article is deceptive. As I mentioned in my earlier comment, the security breach was in the software, not the operating system. Even the most secure OS will be compromised by bad software and idiot users.
Vista now performs just as well (and better in a few games) than XP (keep in mind that XP was never faster than 2000), and I’ve found it to be very stable and secure. The 64-bit version gives me a nice boost since I can use 64-bit AutoCAD, and still runs all my old programs. I like Vista, and I think most people who use it do too.
It seems to me that people are running out of reasons to hate Vista, and now that all the alleged DRM/performance/stability issues have been debunked more and more people will be using it.
Yep, I’m waiting for the other shoe to drop with caveats galore. This is not a vista killer. We aren’t even told what it is. Some really smart guys at Black Hat have figured a way around vista, yet for some reason my machine with vista sp1 still runs. Amazing!
I’ll wait for the second half of the story before I move it from FUD to news.
Somebody_Else:
Actually, with the Mojave experiment (from what I’ve read), people were simply shown a video of the OS and weren’t able to really try anything with it. When shown a video of an OS versus actually using the OS, it’s pretty easy to sugar coat everything in the video.
Thank you for posting that. I’m a Vista x64 user and am quite happy… I even have Ultimate on my laptop at home and home edition on my wife’s computer. VISTA IS FINE.
I love how people glom on to the hate train when bugs or security flaws are found on Microsoft products… as if Ubuntu is flawless and Mac is some kind of polished jewel.
As a developer, I use all of these O/S at one time or another. They’re all good in their own right.
I agree that this is an overblown headline… unfortunately, it has teeth and it has entered the media echo chamber. I get the feeling Microsoft abandoned hope for Vista’ marketing when they put the Windows 7 buzz out there.
Here’s the other shoe.
http://arstechnica.com/news.ars/post/20080811-the-sky-isnt-falling-a-look-at-a-new-vista-security-bypass.html
Read it, and for the Vista Hate Monger Crew…weep.
Wow, two Microsoft shills to do damage control on this little web site. I feel honored by the attention. I hope they pay you guys overtime.
I sure wish Microsoft would pay me for doing what they should be doing.
I’m a college student (computer engineering major) with a low-paying internship (not at Microsoft
).
Check out some of the larger computer forums (I mostly read HardOCP’s forums at hardforum.com). The general consensus seems to be that Vista is actually a really good OS. You can see the same thing if you listen to TWIT or other shows, people are starting to use Vista and finding that it’s not bad at all.
@Somebody_Else
I want some of what you are smoking and I would like to wash it down with some vista kool-aid.
@29
“There’s nothing wrong with the product, people actually liked Vista if they though it was something else. What it shows is that Microsoft did a terrible job marketing.”
Wait, so what you are saying is that all the early reviews of Vista, showing all the problems with this OS, were just a marketing problem?
One of the first main stream reviews of Vista I read described it as “a chrome plated turd”
I love that.
So when my Vista 64 system just decides to reboot, on a clean install for no reason, or my video card crashes and tells me windows has encounterd an error and is shutting down to keep from causing damage…what kind of error is that by the way….all of this is just a marketing problem. Ubuntu on the same computer does none of this by the way.
Translation. Vista is buggy and bloated and the users…you remember them right? The users are reporting lots of Vista issues and the problem is that us…Microsoft…have not done our marketing properly as in the past….all computer problems are the users fault. Buy an upgrade and our next OS.
#37
I don’t really know what to tell you. I’ve built dozens of systems with Vista. I’ve run it on everything from my roommate’s 1.6 GHz Pentium M notebook with 1 GB of RAM to my quad core gaming machine with 4 GB of RAM. I’ve had no issues.
It did take a couple of hardware companies a couple months to get decent drivers out (Nvidia and Creative come to mind), but otherwise it was smooth sailing right from the start. Even my LSI Logic U320 SCSI controller had a 64-bit Vista driver.
Vista wasn’t perfect at launch, sure. It wasn’t a “chrome plated turd” either.
Your own experiences don’t sound like what people have generally been experiencing. If I may ask, what hardware are you using? Do other OS’s boot fine on that system? Have you run memtest or any other test on it?
#5 “McAfee joins Symantec protesting Vista kernel lockout.”
Do you know WHY the protest? It is because if security software can’t LEGALLY access the kernel it won’t be able to protect against malicious kernel level s/w like root kits.
The security companies knew that Vista wouldn’t prevent crims from accessing the kernel but the legal restrictions WOULD stop MS from certifying legit Security products.
#35 “The general consensus seems to be that Vista is actually a really good OS.”
Actually, the general consensus amongst Sys Admins is that they aren’t rolling it out to the corp desk top.