The marketing propaganda touting Microsoft’s new Vista operating system as “the most secure version of Windows yet” has done nothing to stop both white and blackhat hackers from discovering Vista vulnerabilities. Unless you simply enjoy acting as an experimental Microsoft guinea pig, it’s best to wait before trying to run Windows Vista.
Quite disturbing were recent revelations that Microsoft’s own Live OneCare antivirus program, tailored specifically for Vista, is unable to block many well-known computer viruses. Another antivirus package from McAfee also fails to do the job. This fulfills predictions made in early 2006 by antivirus firm Symantec (maker of Norton AntiVirus) that, because of Microsoft’s failure to provide ways for antivirus programmers to fully integrate their products with Vista, many antivirus programs would have a hard time protecting Vista users. I guess that includes Microsoft, as well.
Russian hackers posted instructions to an underground forum describing how to implement “privilege escalation,” which could bypass some Vista security measures. This hack could escalate the “privileges” of a normal Vista user into that of a “superuser,” allowing him to change anything he desired on the system. This would be particularly dangerous in a corporate environment where normal computer users have limited privileges, in that they cannot install programs, visit certain websites, etc. This threat is considered so serious that Microsoft has scrambled its “Security Response Center,” which is ostensibly still trying to figure out what to do.
Microsoft also recently acknowledged that Vista’s built-in speech recognition software could be exploited by bad guys to delete files and even shut the computer down. This wacky (and quite clever) hack works something like this: a Vista user downloads and plays a malicious audio file, probably thinking that it’s the latest Toby Keith song. Instead, the audio file begins barking commands through the computer’s speakers, such as, “Delete all files in the ‘My Documents’ folder,” or, “System shut down.” These verbal commands are picked up by the computer’s microphone, processed by the built-in speech recognition software, and the computer obeys. Crazy, huh?
Research done by Tokyo-based security vendor Trend Micro, makers of the popular PC-cillin antivirus products, has uncovered the existence of ongoing eBay-style blackhat hacker auctions where attack programs that can be used to compromise Vista computers are being bought and sold for as much as $50,000. Reports are that, in order to steal as much money as possible, computer criminals are biding their time and building their arsenals, waiting for Vista to be installed on more computers around the world before unleashing their most powerful Vista-busting weapons.
In the face of known Vista security holes, Microsoft spokesmen have been unapologetic. Stephen Toulouse, senior product manager at Microsoft’s “Trustworthy Computing Group,” told CNN, ” We know from the outset that we won’t get the software code 100 percent right … but Windows Vista has multiple layers of defense.” Another Microsoft representative told ZDNet, ” It’s important to remember that no software is 100 percent secure.”
Still, I wonder, “Why is it important for me to remember that no software is 100 percent secure? Oh, yeah, so I’ll remember to hold off on installing Windows Vista.”
Said one very irritated and frustrated Vista early adopter, “I should have bought a Mac.”