Linked by Amjith Ramanujam on Mon 11th Aug 2008 16:13 UTC, submitted by gonzo
Ars Technica has analyzed recently publicized Vista's security flaws. "Unfortunate, yes, but not as was reported in the immediate aftermath of the presentation evidence that Vista's security is useless, nor does this work constitute a major security issue. And it's not game over, either. Sensationalism sells, and there's no news like bad news, but sometimes particularly when covering security issues, it would be nice to see accuracy and level-headedness instead. ... Furthermore, these attacks are specifically on the buffer overflow protections; they do not circumvent the IE Protected Mode sandbox, nor Vista's (in)famous UAC restrictions."
Thread beginning with comment 326528
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[4]: Comment by Soulbender
by kurtlinux on Tue 12th Aug 2008 01:06
in reply to "RE[3]: Comment by Soulbender"
Member since:2006-06-20
If IE7 and FF2 "opts out" of this (DEP, ASLR) AND that this is exploitable, then I think this is pretty serious. When you say "Ah, no problem, this exploit works only on certain apps" you can bet your ass that this will be major problem if those "certain apps" include IE7 and Firefox. These 2 "certain apps" are the most used apps over the internet (Heck, I'm even writing this on FF3). So, if IE7 and FF can be exploited in Vista, then I believe it's pretty much game over for Vista.
RE[5]: Comment by Soulbender
by WorknMan on Tue 12th Aug 2008 02:25
in reply to "RE[4]: Comment by Soulbender"
Member since:2005-11-13
So, if IE7 and FF can be exploited in Vista, then I believe it's pretty much game over for Vista.
From reading the post linked by a user a couple of posts before yours, I think the problem is actually the plugins Java/Flash moreso than the browsers. To be able to take advantage of this, you still need an exploit that is unpatched.
Basically, it's like this - a vunerability in IE7 wouldn't be an issue if it's running in the UAC sandbox. But vunerability in Java/Flash could be a problem.
So technically, from the standpoint of somebody who has been running XP for the past 7-8 years, this is nothing new
Again, not to say that the issue doesn't need attention, but it's still nowhere near game over. It basically brings us back down to the Windows XP level, and even then, that is only true in certain/liminted scenarios.
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Link
Member since:
2006-09-18
You trivialize it by saying "it's not really game over" and agree with the author on that point! no take backs.
A serious error and game over are not the same thing. I'm not aware of any public unpatched exploits that take advantage of this. There may never be one. There are critical exploitable, common, bugs patched monthly, and they don't get the coverage and hype of this. The act of installing flash/plugins has screwed people from a security standpoint well before this bug was public.
not this time.