Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Security

+ - Will Vista really improve Windows security?

Submitted by Anonymous Coward
An anonymous reader writes "On first glance it appears a no-brainer that Vista will improve security a lot. After all, Microsoft has been working on it for five years. However, the major changes that make it different from XP with respect to security are LUA and IE7 always operating at a lower privilege level (even when run by Administrator)

These are good and necessary changes, but bring Vista to the same playing field that Unix, Linux and more recently OS X "enjoy", where you have to concern yourself with a whole new class of privilege escalation problems. This is something Microsoft has never needed to address before and bug hunters were never concerned with finding. When almost everyone runs XP as Administrator, what good is a locally exploitable hole that lets a non-Administrator gain Administrator privileges?

Now, as this article at news.com.com.com.com shows, these holes are just now starting to be investigated, and are already being easily found. And comparatively few researchers and blackhats are looking hard at Vista, since it is so new that hardly anyone is using it now. Certainly many such bugs remain to be found, and given Microsoft's track record on security and the likelihood that their programmers have never really concerned themselves with this class of bug before, it seems quite possible that breaking into a Vista system will be almost as easy and common as breaking into a Windows 2000 or XP system. The only difference in technique will be that in addition to the initial bug that allows gaining local user privileges, a second bug will need to be used that then escalates that privilege to Administrator. After that, the typical rootkit or virus installation can take place as before."

Professional wrestling: ballet for the common man.

Working...