Vista is more vulnerable and less secure; New penalty prepared for Microsoft

Mar 4, 2007 11:56 GMT  ·  By

As you surely know, Windows Vista was designed by the software giant to represent an innovative operating system, often regarded as the most secure edition of Windows. That's why Microsoft decided to implement many security utilities - such as Windows Defender, Windows Firewall and Application Control - to make the operating system safer. Although it was meant to be the safest environment for a computer, since the official release of the operating system, Windows Vista is more vulnerable and less secure. This statement is sustained by two security advisories released by The French Security Incident Response Team on Monday that discovered some new vulnerabilities in Windows Vista and Internet Explorer.

"A weakness has been identified in Microsoft Internet Explorer, which could be exploited by malicious websites to conduct spoofing or phishing attacks. This issue is due to an error when handling certain "onunload" events, which could be exploited by attackers to spoof the displayed address bar by tricking a user into entering a trusted URL manually in the address bar while visiting a malicious web page," the security company reported. The affected products are Internet Explorer, versions 6 and 7, without any compatible patch to fix the issue.

"A weakness has been identified in Microsoft Windows, which could be exploited by malicious users to disclose sensitive information. This issue is due to an error within the "ReadDirectoryChangesW()" API that does not properly validate user's permission for child objects when retrieving information regarding objects that they do not have "LIST" permissions for, which could be exploited by local attackers to gather information about protected files (e.g. their names), facilitating further attacks," FrSIRT sustained in the second notification.

On Tuesday, Microsoft made another important step into its online products' expansion by announcing the acquisition of a company that provides a beta search technology especially designed for health matters.

"Medstory's mission is to enable users to search complex fields on the Web intelligently. We're starting with health and medicine - an area where many people will appreciate a service that helps them quickly get high value information, and a field where we have expertise based on our work with health-related organizations," it is mentioned in the description of the company.

The decision is at least interesting because at this time, there are three Internet giants that are challenging one another for the most powerful company in the virtual world. Google, the search giant, Yahoo, the giant portal and Microsoft, the software portal, are fighting to produce more attractive products for both online and offline users. That's why Microsoft tries to improve its search technology with new acquisitions, to compete the well known search engine provided by Google.

On Wednesday, Vista's security features were again brought in the spotlights after security company Symantec published an advisory to underline the security features implemented in the latest version of the operating system. As I said before, Microsoft included several security utilities such as Windows Firewall, Windows Defender and Application Control, but it seems that the tools are not quite as useful as the company sustains. Symantec released an analysis sustaining that Windows Vista is vulnerable to many exploitations although Microsoft included numerous security tools.

"One example is Vista's firewall, by default it is configured to disallow all third party and untrusted network communications unless the user clicks the unblock button. This feature, if slightly enhanced, poses a great limitation for malicious code looking to back door a host. Unfortunately, the unblock button may be accessed with the same privilege level as a standard user. This configuration of privileges creates a point of vulnerability that undermines the effectiveness of the firewall's policy in Windows Vista," Symantec sustained in a security advisory published on Wednesday.

"Competition: Commission warns Microsoft of further penalties over unreasonable pricing as interoperability information lacks significant innovation. The Commission's preliminary view is that there is virtually no innovation in the 51 protocols in the 'No Patent Agreement' where Microsoft has claimed non-patented innovation, and that Microsoft's current royalty rates for this agreement are therefore unreasonable. This takes into account the advice of both the Monitoring Trustee and the Commission's technical advisors, TAEUS, who both consider that there is no innovation in any protocol in the Gold and Silver categories," the European Commission sustained in a press release published on Thursday.

Let's take a quick look into the past. Last year, Microsoft received a huge fine from the European Commission for the infringement of numerous antitrust laws used by the company to promote their products and increase the monopoly in certain locations on the continent. This time, the software giant is criticized for the same matter, so I guess its officials will be really interested to resolve the problems and avoid a new fine imposed by the European Commission.

On Friday, Microsoft published a special press release to reply to the European Commission's warning which sustained that the software giant can be fined again for unreasonable prices on its products.

"Microsoft has spent three years and many millions of dollars to comply with the European Commission's decision. We submitted a pricing proposal to the Commission last August and have been asking for feedback on it since that time. We're disappointed that this feedback is coming six months later and in its present form, but we're committed to working hard to address the Commission's Statement of Objections as soon as we receive it," the company sustained.

Microsoft also added that its prices are at least 30 percent below market rate for comparable technology and numerous companies or government organizations from the US and every corner of the world already discovered enough innovations into its products to avoid a new penalty from the Commission. "We've always said we are willing to entertain any reasonable price offer from any potential licensee, and that we are willing to be flexible to meet any unique business needs of potential licensees. Currently, we're in negotiations with a number of potential licensees," Microsoft said. Maybe the software giant aims to use special prices for certain companies or developers?

Photo Gallery (2 Images)

Open gallery