Microsoft is frequently dinged for having insecure products, with security holes and vulnerabilities. But Symantec, no friend of Microsoft, said in its latest research report that when it comes to widely-used operating systems, Microsoft is doing better overall than its leading commercial competitors. The information was a part of Symantec's 11th Internet Security Threat Report. The report, released this week, covered a huge range of security and vulnerability issues over the last six months of 2006, including operating systems.
To read all comments associated with this story, please click here.
Member since:2007-02-17
{Hackers have shifted their focus away from the OS and are now using vulnerabilities in the apps that are installed on the OS. e.g Word, Excel, IE as these products will be trusted by the firewall and allowed to access the internet.
Brutal assaults on the OS are no longer necessary. Now it's the apps turn to feel the heat. So the OS can be as "secure" as ya'll wanna say but it won't mean diddly squat if you are using buggy, vulnerable programs on it. It'll get "owned" if the right measures are not taken. And there is the slight chance of a zero-day exploit doing a number on you. }
If you are a "black hat" person wanting to write an exploit so that you can "own" a system, you might use an application as a route to get your exploit code installed onto the target system, but the exploit code itself has to target the OS, not applications.
It isn't much use "owning" a system only when it happens to be running Powerpoint, for example. To be useful, you must "own" the system full-time. That means "owning" the OS itself.
Black hats may be targetting vulnerabilities of applications in order to gain access into systems (ie, to get past firewalls as an example you gave), but that does not mean that "Hackers have shifted their focus away from the OS".
BTW, on Windows systems, black hats do not have to rely on particular applications being installed in order to have potential holes in firewalls. Microsoft have built in several nice holes deliberately ... WGA checks, Windows update, remote desktop, online help, DRM checks, new codecs ... there are already quite a few exploitable holes pre-installed on Windows systems without any applications at all!
Edited 2007-03-23 02:20
Member since:2006-03-23
Er. Yes and no. Malware commonly uses the fact that certain applications are trusted by the firewall to get around it. But most of the time malware isn't actually using an exploit in the app. Rather it's using a rather bad design decision on Windows named:
CreateRemoteThread
http://msdn2.microsoft.com/en-us/library/ms682437.aspx
On linux we have equivalent posix functions.
On both systems you need to have the correct privileges to open the process.
The difference? On Windows, the user often has those privileges, on linux, not as much. And SeDebugPrivilege.
SO if you want your threat to ensure the only way that you can be deleted is with a reboot, you inject into System.
If you want to get around the firewall, you inject into IE.
You don't need to exploit anything.
Edited 2007-03-23 03:16
Member since:2005-08-11
Actually, what you are saying is not a bug, it's just that when you run Windows as an Admin, it allows you to run CreateRemoteThread. You are exploiting something, but it is not a bug, it's a problem with the defautl settings, and a problem with the culture of Windows users.
Member since:
2006-12-11
Hackers have shifted their focus away from the OS and are now using vulnerabilities in the apps that are installed on the OS. e.g Word, Excel, IE as these products will be trusted by the firewall and allowed to access the internet.
Brutal assaults on the OS are no longer necessary. Now it's the apps turn to feel the heat. So the OS can be as "secure" as ya'll wanna say but it won't mean diddly squat if you are using buggy, vulnerable programs on it. It'll get "owned" if the right measures are not taken. And there is the slight chance of a zero-day exploit doing a number on you.
Edited 2007-03-23 00:36