Windows Vista security 'rendered useless' by researchers

[Marc57]

Two security researchers have developed a new technique that essentially bypasses all of the memory protection safeguards in the Windows Vista operating system.

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1324395,00.html


This sure doesn't sound good.

[polonus]

Hi marc57,

That is why I use Fx or Flock as a browser with NoScript as my main line of defense against all sorts of malicious script that likes to run inside the browser as an attack vector. They are contemplating now to bring in Giorgio Maone's extension NoScript into the Firefox browser by default. There is an enormous discussion amongst developers to do this or not. Also recently I find a very good companion of NoScript is Firekeeper, an IDS inside the browser, that really alerts when a site is breaking any of the Snort-like rules it has, you can also add malware blocking there as well. We are entering the days that there is rattling at the very gates of the Internet castle, they are inside, they have crossed the moat already, have the peck and feathers ready for the malcreants,

polonus

[bob3160]

From what I read, if this is actually true, then it not only effects Vista but
virtually any OS.

[Marc57]

From what I read, if this is actually true, then it not only effects Vista but
virtually any OS.

That's the way I read it bob.

It may not be as bad as I thought:

http://arstechnica.com/news.ars/post/20080811-the-sky-isnt-falling-a-look-at-a-new-vista-security-bypass.html


"Furthermore, these attacks are specifically on the buffer overflow protections; they do not circumvent the IE Protected Mode sandbox, nor Vista's (in)famous UAC restrictions."