Monday, 8 August 2005

Old blog - Flaws in the architecture of Windows Vista (formerly Windows Codename Longhorn) could allow user driven code execution

Following hot on the heels of the news that the first viruses that target Vista have(n't) been discovered comes news that the fledgling OS is vulnerable to an even more basic attack. Microsoft have architected the system in such a way that it's possible (in fact it's down right child's play) for a user to download an application, install it and run it.

The implications of this are staggering. With just one or two mouse clicks users could be launching applications that have full and unrestricted access to their computer. It's all very well them not releasing MONAD (some kind of black window, a bit like DOS) as part of Vista but what is to stop a user visiting http://www.fuckyourpc.com, downloading something and then watching helplessly as their machine is destroyed?

Microsoft have to pull this shoddy beta right now. And then they need to come back with a version of Vista that doesn't have such obvious flaws.

As a precaution I recommend finding any .exe on your machine, and renaming it to .idontthinkso. In fact, just delete any exe you find. You may have to power down, stick your hard drive into another PC and do the delete from there, but it's worth it.

For more news on Vista vulnerabilities see the F-Secure blog.

Next week: Doors and windows in your house? You're just inviting the thieves in.

No comments:

Post a Comment