Windows Vista has been compromised?

"update LAS VEGAS–While Microsoft talked up Windows Vista security at Black Hat, a researcher in another room demonstrated how to hack the operating system.

Joanna Rutkowska, a Polish researcher at Singapore-based COSEINC, showed that it is possible to bypass security measures in Vista that should prevent unsigned code from running.

And in a second part of her talk, Rutkowska explained how it is possible to use virtualization technology to make malicious code undetectable, in the same way a rootkit does. She code-named this malicious software Blue Pill.

"Microsoft is investigating solutions for the final release of Windows Vista to help protect against the attacks demonstrated," a representative for the software maker said. "In addition, we are working with our hardware partners to investigate ways to help prevent the virtualization attack used by the Blue Pill."

Read the rest here

Obviously this is a good thing, with a fresh set of more expert eyes seeing the code, this will only help Microsoft release a better, more secure and reliable product in the end. The openess of Microsoft at this conference has really shown the Company’s comittment to security. One thing must be noted that sometimes, what might seem like a vulnerability that has not be found or fixed in Windows Vista might actually been discovered, just that fix is not implemented yet, as noted in the following excerpt:

The audience appeared very interested in the presentation, and at times people broke out in laughter, for example when Lambert talked about the public disclosure of a serious flaw right after the release of the Beta 2 of Internet Explorer 7. How did Microsoft react to that? Lambert showed an animation of a man banging his head on a keyboard.

But after the initial embarrassment, Microsoft realized that it had actually found the IE 7 flaw a couple of months earlier, it just had not been addressed in that beta release, Lambert said. Before final release, bugs like that will be fixed, he said.

Read more from that report here


1 Comment

Filed under Windows Vista

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s