Submitted by Malware writers appear to be much further along in developing malware for Vista than the security industry is in making products to protect the new operating system. Speaking exclusively to IT PRO, Tim Eades, senior vice-president of sales at security company Sana Security said that 38 per cent of malware is already Vista-compatible. “Malware writers have gone through the WHQL list to make sure that their code works on new machines,” he said. “They have managed to port code to Vista quicker than the security industry.”
Simple – which industry earns the most money?
This is a tremendous irony and I’d laugh no end if it weren’t a potential tragedy for so many people.
…wasn’t Vista supposed to be impervious to malware? 😉
Well, that’s what you get for enforcing backwards compatibility, I guess (not that they really had a choice).
what compability? does all Your apps works in vista or You need to update them?
Edited 2007-01-23 09:49
what compability? does all Your apps works in vista or You need to update them?
When I tried vista my apps did work actually. But they where slow and also looked a bit weird unless I used the classic style. So yes, there is backward compatibility but you’ll still need to upgrade your apps.
What the hell are the security companies doing? I mean, if you’ve got hackware being pushed out and compatible with Vista before the security software, it speaks volumes to me about the laziness of these companies in regards to testing and making sure their products are delivered ontime when Windows Vista is released.
May I be wrong but I remember about the big security companies (Macfee, Symantec, …) complaining about MS refuse to publish all the specs needed, or be late on that, so that they could adapt their products.
So, please, put this bill on MS account.
Also, remember that is easier to adapt little programs to a new system than huge and complex ones, like Symantec and Mcafee suites (which I don’t use anyway).
Edited 2007-01-23 01:34
May I be wrong but I remember about the big security companies (Macfee, Symantec, …) complaining about MS refuse to publish all the specs needed, or be late on that, so that they could adapt their products.
You’re incorrect; Microsoft provided an API; Defender API on which so far 4 security products (including Microsofts own) have been released, and now relying on – rather than digging deeply into the bowls of the operating system, the security vendors link against that API specifically written just for that particular purpose.
Symantec and McAfee waged a PR Microsoft bashing campaign; and given that you were sucked into believing the bullcrap spouted by Symantec and McAfee, it speaks volumes as to the ignorance out there of Microsofts technologies and what the real story was behind the whole ‘drama’ which Microsoft competitors drumed up.
Right an API that does not let the security product have access to some of the areas of the OS that the bad guys can get to. Typical!
This is typical, as fast as MS makes products, hackers, crackers and the like, kill Windows before it even gets off the starting block!
Yet another extremist view; I guess you’re also a creationist as well.
The defender API provides the necessary userspace API to access the necessary lower level of the operating system without needing to place things within kernel space to make it possible; in otherwords, its a uniform way of accessing those neither regions which all vendors can exploit.
Again, look at the facts and stop taking an extremist position based on ignorance and scaremongering.
I wouldn’t call it ignorance. What the big security vendors where bitchen’ about has more to do with MS not releasing the specs to the API. MS is known for either charging for the information or flat out suppressing it.
How can you expect a company to tailor it’s products to a system if you don’t have the information pertaining to that system?
I do agree that their PR sounded like a bunch of winging children having a hissy fit.
I wouldn’t call it ignorance. What the big security vendors where bitchen’ about has more to do with MS not releasing the specs to the API. MS is known for either charging for the information or flat out suppressing it.
Incorrect, Microsoft has made the Defender API available:
http://windowsvistablog.com/blogs/windowsvista/archive/2006/04/21/4…
Why should Microsoft get the blame for peoples stupidity? I mean, I’m not Microsoft supporter (currently running OpenSuSE), but lets use facts rather than half baked rhetoric born out of a competitors hissy fit.
Nice one, thanks for the link.
I stand (and type) corrected 🙂
“What the hell are the security companies doing?”
Well, if you are referring to Symantec and McAfee, they are too busy writing the malware so they can justify their existence. You do know that for some reason those are the only “security” companies that required access to the kernel enough to make a claim to the EU?
Since malware is considerably simpler in nature than security software I don’t see how this could be a surprise for anyone.
“See, I TOLD you open source was more efficient than proprietary!” 😉
Of course the malware will be created first. As many seem to repeatedly ignore over the last ~15 years, “security” companies are reactive, not proactive. Antivirus software, and anti-malware software are primarily “signature-based” scanners. They look for KNOWN bad-ware, and report/eliminate it.
This is why it requires a weekly (or daily) update to get the new signatures.
There’s no reason for McAfee and Symantec to release updated “security” products for Vista until Vista has known security problems and malware – right? It’s also NOT in these companies’ best monetary interest to create software for a product that doesn’t have much marketshare yet. They are making gobs and gobs of money off Windows XP users still…
I hate these corporate “security” companies – they could seriously care less about security in the end – it’s all about money. They do the bare minimum they have to in order to keep corporations begging for more of their peddled wares.
No surprise here – I actually find it quite amusing though.
Edit: missed a set of important quotes
Edited 2007-01-23 07:12
No surprise here – I actually find it quite amusing though.
I don’t find it amusing when my tax euros, and billions of others’, are being spent on damage control when government computers turn zombie. Not to mention all the crap that is being sent by them, wasting the planet’s bandwidth.
and thats why you should be spending more time attempting to get the gouverment to stop use products created by that certain company.
and thats why you should be spending more time attempting to get the gouverment to stop use products created by that certain company.
Maybe I should.
However, in 2003, our parliament voted in majority for a call on the government to actively promote the use of open source and open standards on computers paid for by tax payers.
Three years later, the prime minister received Bill G. in his office.
I only will say one phrase:
“Wellcome to the marvellous world of Windows”
Ahhh, if you have not realized, I was trying to be sarcastic
Edited 2007-01-23 09:31
“I hate these corporate “security” companies – they could seriously care less about security in the end – it’s all about money. “
That must be why Symantec provides free virus removal tools when there is a nasty infection out there.
Example:
http://www.symantec.com/enterprise/security_response/removaltools.j…
That must be why Symantec provides free virus removal tools when there is a nasty infection out there.
Of course – it’s called marketing…
Microsoft should completely ditch Windows and write a brand new O/S from scratch in a safe programming language (i.e. not C). Windows programs should run within a Windows emulator.
Good point, and I think MS is actually attempting something along those lines with singularity.
http://research.microsoft.com/os/singularity/
C is an unsafe language like a hammer is an unsafe tool. There are plenty of ways to use it safely and effectively.
Linux, OS X, FreeBSD, BeOS, etc were all written in C/C++ and don’t have the issues Windows has. Its not the car, its the driver!
C is an unsafe language like a hammer is an unsafe tool. There are plenty of ways to use it safely and effectively.
History has shown us that the vast majority of programmers are NOT capable of using C safely and effectively.
Linux, OS X, FreeBSD, BeOS, etc were all written in C/C++ and don’t have the issues Windows has.
Yeah, because there have never been any buffer overruns, signed integer overflows, NULL dereferences, or other common C/C++ issues in any of those OSs.
Yeah, because there have never been any buffer overruns, signed integer overflows, NULL dereferences, or other common C/C++ issues in any of those OSs.
And rockets have never exploded, and car crashes never occur, and nuclear plants have never melted down.</sarcasm>
All of these things have happened, it doesn’t reduce the usefulness of rockets, cars, or nuclear energy. It just reminds us that the people using these tools better know what they are doing, and not be self-trained hacks or hobbyists. You don’t let an unlicensed contractor build your house, so why do you let an unlicensed developer build your OS?
I’m not saying credentials should be required to program, but I’m saying we need higher standards for developers, test processes, and distribution. And I’m not saying other operating systems don’t have buffer overrun vulnerabilities, I’m just saying Microsoft is notorious for them, slow to release patches, and has a large enough market share for those to have a huge impact.
The tools are irrelevant, and at some level you’re going to be writing in C or assembly. .Net requires a runtime which is written in what? C. Java requires a runtime which is written in what? C. You’re just adding a level of abstraction which adds bloat, not protection. Its a fallacy that VMs are required to make you safe, and Microsoft and Sun have convinced so many people of it (even smart people!).
How do I get a buffer overrun using an STL vector or string? I don’t. You don’t need a VM to write safe software. You need competent programmers and good tools.
With our groundbreaking Windows for Workgroups software we single-handedly created a whole new area of computer business — data insecurity! After 20 years of experience in the computer insecurity business, Microsoft is second to none in ignoring exploits and vulnerabilities. The world-leading home and office operating system platform MS Windows is so full of holes we affectionally call it the “brinkless zero” and honoring this tradition, we present you MS Vista, compromised from the get go!
*SCNR*
Apologies if I’m being dense here, but why would a malware-writer be interested in ensuring their program works on specific hardware? I don’t think I’ve ever heard of a virus that couldn’t properly execute because I have a poorly-supported videocard or a CDRW drive that doesn’t perfectly conform to specs. Seems to me like malware is almost purely concerned with software.
Just struck me as odd, that’s all. Can someone elaborate?
Forget Vista; does the malware run under Wine?
It can, but you have to install it yourself
In fact, Windows is sure bugged and have a lot of exploit possible, but no OS is safe from this. In fact, I’ve seen scary bug in Linux too. Windows has a large userbase and a lot of applications, it’s the main problem. Remember the good ol’ DOS? DOS is a rock-stable OS; the apps aren’t. I mean somebody could get hurt with a spoon if he handle it the wrong way. Windows simply have a lot more sharp edge than Linux, simply because of the backward compatibility. Programmer working at MS aren’t suckers… I’ve applied for an internship there and they ask you some serious questions.
I strongly support the idea for ditching Windows and creating something new. Singularity is pretty promising. I guess MS is aiming at this with it’s .Net framework at longterm.