Re: 9 More Holes Revealed in Windows Vista

[Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx>]

__/ [ p5000011@xxxxxxxxx ] on Thursday 05 April 2007 01:49 \__

> On Apr 5, 1:59 am, Roy Schestowitz <newsgro...@xxxxxxxxxxxxxxx> wrote:
>> Vista Security: 3 Holes Patched, 9 Holes Revealed
>>
>> ,----[ Quote ]
>> | Now that we're all patched up, Virus.org today pointed out that
>> | Symantec is warning of another seven vulnerabilities (nine in actuality)
>> | in Vista's network services.
>> `----
>>
>> http://itsvista.com/2007/04/vista-security-3-holes-patched-9-holes-re...
> 
>>From the article:
> 
> 'What it does point out of course is that Vista is not perfect when it
> comes to security. Then again, Microsoft never claimed it was, so
> enough of the Vista trash talk every time a vulnerability is
> discovered. Vista is more secure than other versions of Windows.
> Nothing more, nothing less.'
> 
> How can anyone say Vista is more secure when so many vulnerabilities
> are found within a couple of months of its release?
> 
>> Cursor flaw gives Vista security a black eye
>>
>> ,----[ Quote ]
>> | Microsoft's release of a "critical" patch on Tuesday poked holes in
>> | Vista's security promises, but security experts advise against
>> | discounting the new operating system.
>> `----
> 
> Clearly the security businesses relying on the lack of security in
> Microsoft SW must be breathing a sigh of relief. Vista is business as
> usual for those who produce SW that hopefully protects the gullible
> Vista adopters from Microsoft's latest offering. What is amazing is
> that anyone thought it would be otherwise. Windows is fundamentally
> flawed. Vista just adds lots of new holes on top of what was already
> there.

Marketing changes perception, provided the words are repeated often enough
and spewed out from many directions. The same promises can be found in news
archives that go back to 2001-2 (Windows XP release). When it comes down to
reality, more code was added (the codebase was an XP sibling in late 2005)
on top of fragile code that had some subsequent patches missing (it's the
issue of patching an already-patched piece of code and maintaining many
different versions). This means more buffer overflows, which is something
Symantec predicted and warned about last year.

Promises are cheap (expensive if you rely on marketing rather than word of
mouth and reputation). Show us results. Show us _track record_.

-- 
                ~~ Best wishes 

Roy S. Schestowitz      |    Open the Gate$ to Hell
http://Schestowitz.com  |    RHAT Linux     |     PGP-Key: 0x74572E8E
  3:05am  up 24 days 10:08,  7 users,  load average: 1.32, 1.29, 1.09
      http://iuron.com - Open Source knowledge engine project