Comments on: Cursor flaw gives Vista security a black eye

Tuesday's "critical" patch casts a shadow over the software giant's promises about the quality of the OS's defenses.
Video: Hacking a Vista PC

[Netrilix]

Eh?

Calling Firefox insecure is just plain ignorant. As the video pointed out, Firefox was only vulnerable because it was using a component straight from Microsoft. The real question here is why Microsoft has Vista restricting permissions of IE (so they can claim security) while giving another browser, Firefox, full write capabilities to the entire operating system. They're holding Firefox to a higher standard than their own Internet Explorer, and when Firefox has a vulnerability, they're able to say "See, it had a problem that could screw your whole computer". If Internet Explorer has the same vulnerability, Microsoft can say "Well, it was run in a sandbox and didn't have access to your system, so it's ok". That's the real question. If Vista is so secure, why can a third party app access the entire hard drive that easily? Why don't they restrict all browsers at the same security level they restrict IE at?

[Netrilix]

Oops

Meant to reply to richto.

[ITprosupport]

because..

the people behind firefox demanded it that way honey...next question?

[rcardona2k]

I *don't* trust Microsoft

That's why I run Windows in a snapshot-backed virtualization jail
--where it belongs.

Any "security professional" should do the same...

Windows doesn't belong on the hardware, period.

[pentium4forever]

Microsoft shouldn't make promises

Microsoft are shooting their selves in the foot if they want to claim that Vista will be the most *secure* OS yet. Windows is a hacker's candy bag. Exploits will be found and patches will be applied time and time again. I hope Vista has less security holes found than XP.

[refusalspam]

Read the promise before you say they broke it

The actual quote from the article is "most secure version of Windows yet". You left out "version of Windows" which is a much smaller claim than most secure OS.

Here's another claim, if I put spray some perfume on some dog poo, it might well be "the most pleasant smelling dog poo yet", but it will still not be very pleasant smelling.

[kentonr]

It ALWAYS amazes me...

how Windows users try to rationalize and justify the security (or
lack thereof) of Windows.

And the worse part is, they try to drag every other OS down with
'em.

Windows has more glory holes than a German bathhouse :-)

[Sumatra-Bosch]

The Most Fireproof Pinto - EVER!

Who else in the universe could develop an operating system with a dangerously exploitable cursor but Microsoft?

At least Ford can make a car that isn't plagued by its tires spontaneously bursting into flames.

[ITprosupport]

lmao

dangerously exploitable cursor!!?? you sound like someone that would actually buy a pinto!!what the hell would you want an animated cursor for?? Get serious and grow up!!

[dansterpower]

Disgusted with Vista

I have put three of my clients on Vista boxes in the past 10 days
-- two migrated from Win 2000 and one from XP. All run
businesses on their PC's.

All three of them have called me to tell me how frustrated they
are with the migration, with incompatibilies in older apps,
especially one business critical app with some older visual basic
code.

All three of them have lost in my recommendation.

Apart from Vista's handling of 10bit graphics for future HD
applications in Dental Imaging (an industry I service) I must say
that Vista is a HUGE dissappointment to me: I don't like the
interface, I think Microsoft has totally botched the security, UAC
is a Complete and Annoying Joke, and so many old Microsoft
annoyances and GUI flaws still exist.

[Sumatra-Bosch]

Can You Say Vistapocalypse?

Almost everyone who boots Vista regrets it.

Can you tear it out and go back to NT and XP?

[Lindy01]

You blame Vista and MS

ITS YOUR FAULT! I specialize in SBS support, I will move customers to Vista...only when I have tested it for them.

Crazy what you did.

[Penguinisto]

Not just the cursor anymore...

Proof of concept that proves even Vista's "protected process" is
crackable:

http://www.alex-ionescu.com/?p=35

So much for the "Most secure Windows ever!" mantra.

Any MSFT fanbois and/or astroturfers care to explain this one?

/P

[Jim Hubbard]

Where's the app?

Didn't see a link to dl the app. Do you have a link?

[Jim Hubbard]

Security at what cost?

I'll admit that Vista is more secure than XP. Anything that slows users down like Vista will definitely have fewer opportunities for exploiting flaws.

What is the real price for the "security" of .Net and Vista?

.Net applications are slow and kludgy compared to the older C++/VB6 apps. They are mor bug-ridden than the older C++/VB 6 apps that we were finally getting used to, and they offer less protection of the code base than the compiled apps of the pre-.Net era.

Vista follows up this massive .Net mistake with screens that constantly ask you to OK everything that you do. Does Microsoft really think people will read each one of these? Has it occurred to any thinking human in Redmond that people will (as they always have) simply click whatever button gets them to the app or song or movie or whatever it is that they want?

This has been the way that users have always reacted to prompts....don't read 'em...just click OK until something happens. Vista will not change this.

I have been using Vista and Office 2007 since December 2006, and when you slap a few .Net apps in this little mix, your productivity actually nose-dives.

For all of the hype about viruses and such, I (as a software architect for 21 years and presently a system administrator for 18 small to mid-sized businesses) have yet to see a catastrophe that would justify the loss of productivity that Vista and .Net are forcing upon us.

In all of my small business support, I have yet to see a virus or attack of any type that wasted as much time as the daily drain of time that .Net apps and Vista will (especially if the users did proper backups and had even a mediocre antivirus solution in place).

.Net and Vista were written for Microsoft - not you. .Net keeps code tied more tightly to Windows while maintaining a fascade of OS interoperability. While Vista is simply an attempt to gain revenue by "putting SOMETHING out there".

Vista has had so many core items removed from it, it doesn't even vaguely resemble the OS we were promised.

Microsoft should have simply admitted that the whole Vista project crumbled due to multiple problems internally, and that they would issue service packs for XP while they re-started the Vista OS and got it right. But, that would take something Microsoft knows little about - corporate responsibility.

Instead, they opted to put out an OS that hinders more than it helps - only to generate revenue. I'll need to look it up, but I have a quote from one of the program managers on the MS team for Vista/Office 2007 that wrote in his blog that he & Microsoft didn;t write software to please customers, they wrote software to please shareholders.

I guess he knows what he's talking about.....