Windows Vista Flaw Not Cause for Major Concern
Let the games begin: Now that Vista is on its way to companies around the globe, hackers, researchers, and security firms have taken aim. On one side, you’ve got the bad guys hoping to find bugs that will enable them to wreak havoc, and on the opposing side, you’ve got the good guys trying to save us from the harm that hackers plan.
This weekend, a report from the New York Times put the spotlight on a Russian programmer who discovered a Vista flaw letting hackers raise the level of a user’s permissions. In plain English, a user’s permissions determine what type of software he can install, and, whether or not he can install software at all. Often, IT departments will deny their end users a high level of permissions to prevent them from installing unauthorized software — malicious or otherwise — on their machines.
The flaw was discovered over a week ago and exists not only in Vista, Microsoft’s first Windows release in five years, but also in Windows 2000, 2003, and XP. The Linux operating system, which is fast becoming Windows’ chief rival for control of laptops, desktops, and servers, tends to curtail the user’s power to install software, leaving those permissions in the hands of system administrators.
Five More Flaws
Security firm Determina reported five more flaws in Vista, including one that would let hackers install rogue software through Microsoft’s Internet Explorer 7, the Redmond firm’s latest Web browser.
Microsoft has touted IE7 as a “sandbox” that won’t give hackers access to a user’s system even if the browser itself has been compromised. Determina’s discovery appears to negate Microsoft’s claim.
Mike Reavy of Microsoft’s Security Response Center downplayed the problem on Microsoft’s Web site, according to the Times. “Currently we have not observed any public exploitation or attack activity regarding this issue,” he…
