1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Security flaw in Vista discovered

Discussion in 'Article Discussion' started by CardJoe, 24 Nov 2008.

  1. CardJoe

    CardJoe Freelance Journalist

    Joined:
    3 Apr 2007
    Posts:
    11,346
    Likes Received:
    316
  2. yuusou

    yuusou Multimodder

    Joined:
    5 Nov 2006
    Posts:
    2,844
    Likes Received:
    903
    Seriously... something as bad as this, and only a fix for the next SP? How soon will it come out then?
     
  3. Bauul

    Bauul Sir Bongaminge

    Joined:
    7 Apr 2007
    Posts:
    2,173
    Likes Received:
    38
    Ah bugger Vista, I, and I get the impression a lot of others, are waiting for Windows 7.
     
  4. steveo_mcg

    steveo_mcg What's a Dremel?

    Joined:
    26 May 2005
    Posts:
    5,841
    Likes Received:
    80
    Yeah, don't really see the point in paying for vista when its about to be made redundant. Though i'm the man who stuck with 2k till 2k6.
     
  5. airchie

    airchie What's a Dremel?

    Joined:
    22 Mar 2005
    Posts:
    2,136
    Likes Received:
    2
    Yet another reason to switch to Linux for everything bar gaming tbh...
     
  6. Dreaming

    Dreaming What's a Dremel?

    Joined:
    31 Jan 2007
    Posts:
    589
    Likes Received:
    7
    I agree, but still doesn't outweigh the costs of having to switch to linux for a significant majority of users (including me!). Until linux is reeaaaaaally easy and works as well as windows 'out of the box', I can't see myself switching! Every single time I install (and I use ubuntu - linux for noobs) it goes wrong or theres some driver issue and it's not trivial to fix, unlike windows where it pops up a balloon, you click on it, and it installs drivers. that's my 2p anyway :D

    Although it would be nice to know if this is a vulnerability as in someone hacking into your PC from the internet or whether you have to actually execute malicious code, in which case the vulnerability is the user which makes any system vulnerable.

    Though people shouldn't level lots of hate against vista - it's probably not worth upgrading if you already have XP, but it is sufficiently superior to definitely recommend it over XP for someone who is building a new system.
     
  7. GoodBytes

    GoodBytes How many wifi's does it have?

    Joined:
    20 Jan 2007
    Posts:
    12,300
    Likes Received:
    710
    Oh no Vista has 1 issue found after 2 years and half about. Where XP you have issues at every corner.
     
  8. yuusou

    yuusou Multimodder

    Joined:
    5 Nov 2006
    Posts:
    2,844
    Likes Received:
    903
    I honestly can't consider pressing next next next every time some piece of hardware is detected or having to keep inserting a CD or downloading software/drivers being "out of the box". Only if you mean "Out of the Installation CD Box". Of course its trivial, compared to installing some piece of hardware/software on Linux, but more and more is Linux (and specifically Ubuntu) more and more trivial, which you simples plug it in and thats it, or open up synaptic and select and install.
     
  9. steveo_mcg

    steveo_mcg What's a Dremel?

    Joined:
    26 May 2005
    Posts:
    5,841
    Likes Received:
    80
  10. wiak

    wiak What's a Dremel?

    Joined:
    9 Apr 2006
    Posts:
    105
    Likes Received:
    0
    i agree
    vista had alot less security issues since release
    xp still have security issues since it was released, just check windows update on a XP RTM system and check how many security updates you get :p
    its gonna be many
     
  11. GoodBytes

    GoodBytes How many wifi's does it have?

    Joined:
    20 Jan 2007
    Posts:
    12,300
    Likes Received:
    710
    I have a XP pre-SP1 disk...
    Takes me a day and half to download all the updates up to SP3, and about 2 GB of bandwidth.

    I know my previous comments was a bit exaggerated but compared to XP, it feels this way.
     
  12. DXR_13KE

    DXR_13KE BananaModder

    Joined:
    14 Sep 2005
    Posts:
    9,139
    Likes Received:
    382
    i feel the same.
     
  13. ssj12

    ssj12 Minimodder

    Joined:
    12 Sep 2007
    Posts:
    689
    Likes Received:
    3
    I thought M$ stated they were not making a second service pack for Vista....
     
  14. johnmustrule

    johnmustrule What's a Dremel?

    Joined:
    12 Jan 2006
    Posts:
    345
    Likes Received:
    3
    Vista is definately my favorite OS right now. If your not an idiot its not really very hard to keep any computer running top-notch, windows computers always fill up the fastest and that's because they are the largest target for hackers, nothing surprising there.

    Advanced Windows care v3
    Glary Utilities
    ccleaner

    Basically those and a decent anti-virus are all you need, best yet there free.
     
  15. Cadillac Ferd

    Cadillac Ferd What's a Dremel?

    Joined:
    11 Oct 2005
    Posts:
    220
    Likes Received:
    0
    Honestly I didn't get the impression from the article that it a huge pressing concern. As stated in the article currently all that the flaw can be proven to do is shut off the computer and it needs admin rights to do that. It doesn't really sound like they need to be tripping over themselves working on a patch.
     
  16. nukeman8

    nukeman8 What's a Dremel?

    Joined:
    24 Jul 2008
    Posts:
    867
    Likes Received:
    17
    if you read all the article it states theres a possibility of injecting code and bypassing admin rights completely, very bad stuff.
     
  17. PederVM

    PederVM What's a Dremel?

    Joined:
    25 Nov 2008
    Posts:
    2
    Likes Received:
    0
    If you know how DHCP works, you know that it would be quite hard to exploit this flaw.

    To exploit this flaw you have to control the DHCP-server in the machines local subnet and be able to send a specially crafted DHCP-response, a DHCP-server does not send anything unless a DHCP-client requests it, to a DHCP-request from a DHCP-client (the DHCP-request is send as at broadcast [1] and not to a specific IP-adress, unless the machine is connected to a switch with management and the possibility to setup an IP-helper-adress where DHCP-request gets forwarded to).

    [1] its highly unlikely your router is configured to forward broadcasts to outside adresses, including to the internet.

    Most ISPs configure the routers so they works as a local DHCP-server, so pcs connected to the same network can reach eachother eventhough the internetconnection is down. If your router is configured this way, an intruder would have to take control of the router, modify the firmware on the router and wait for your machine to send a DHCP-request and then try to break the machine.

    Most routers dont run software that users can compile or modify themselves, Linksys has a few that runs Open Source firmware (i can only remember openwrt.org). So watch out if you are in the habit of upgrading your router with firmware from suspicious websites.
     
  18. seanblee

    seanblee What's a Dremel?

    Joined:
    17 Jun 2001
    Posts:
    229
    Likes Received:
    1
    So, if I execute a piece of code and give it admin rights, it can reboot my PC. Wow. A batch file containing 'shutdown -r -t 0' would do exactly the same thing, but that doesn't have people shouting 'oh no, Vista, full of security holes, run Linux, it's teh win!!!!1111one'. People are weird.
     
  19. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,066
    Likes Received:
    6,610
    Except a batch file containing "shutdown -r -t 0" wouldn't overwrite kernel memory with garbage, which is rather more serious than a clean shutdown. Especially if you can control exactly what garbage gets written...
     
  20. cpemma

    cpemma Ecky thump

    Joined:
    27 Nov 2001
    Posts:
    12,328
    Likes Received:
    55
    And your grounds for believing Windows 7 will be unbreakable? :confused:
     
Tags: Add Tags

Share This Page