Jump to content

Why Vista + IE = EPIC FAIL

Guest HBK

By Guest HBK
in Computers & Programming

 Share

Recommended Posts

Guest HBK

Guest HBK

Posted
Posted
This week at the Black Hat Security Conference two security researchers will discuss their findings which could completely bring Windows Vista to its knees.

 

Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. have discovered a technique that can be used to bypass all memory protection safeguards that Microsoft built into Windows Vista. These new methods have been used to get around Vista's Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP) and other protections by loading malicious content through an active web browser. The researchers were able to load whatever content they wanted into any location they wished on a user's machine using a variety of scripting languages, such as Java, ActiveX and even .NET objects. This feat was achieved by taking advantage of the way that Internet Explorer (and other browsers) handle active scripting in the Operating System.

 

While this may seem like any standard security hole, other researchers say that the work is a major breakthrough and there is very little that Microsoft can do to fix the problems. These attacks work differently than other security exploits, as they aren't based on any new Windows vulnerabilities, but instead take advantage of the way Microsoft chose to guard Vista's fundamental architecture. According to Dino Dai Zovi, a popular security researcher, "the genius of this is that it's completely reusable. They have attacks that let them load chosen content to a chosen location with chosen permissions. That's completely game over."

 

Source: Neowin.net

 

Enough said. Have a lot of fun with Vista and IE! :devil:

Link to comment
Share on other sites
rachiee Newbie

rachiee

Posted
Posted

Vista + IE does equal Epic Fail. Especially with experience of being a Vista/IE user until April...

IE is slow and awful xP

I've had awful experiences with IE before, and trust me, you should NOT use IE.  (I'm a proud Opera user ^_^ ) It's not like IE is the only browser out there-and Windows [Vista] is not the only OS xD

Link to comment
Share on other sites
Guest HBK

Guest HBK

Posted
Posted

Yeah, but for some people it's their only reality. I've great experience with different operating systems. Heck, I've tried more than 10 Operating Systems over the last 10 years: Windows 98, ME, 2000, XP, Vista (which I currently use), Ubuntu and other Linux distros like Kubuntu (KDE instead of Gnome shell) and of course, Mac OS X Leopard (which I use too).

 

And Opera is a great browser, I just don't really like the interface, but it's really fast and secure. :)

Link to comment
Share on other sites
antiaircraft Newbie

antiaircraft

Posted
Posted

Well I've always known that IE's integration with Microsoft had an inherently insecure architecture, but I didn't think that it would result in anything this major... :sad01_anim: looks like Microsoft will finally have to get some serious (overdue) changes made.

 

XD It seems like I'm not the only person on the forums who's felt and answered the pull of Linux. Long live open-source! (both Firefox & Linux are open-source by the way :P )

Link to comment
Share on other sites
̊ ˉˉ ̊ Newbie

̊ ˉˉ ̊

Posted
Posted
Well I've always known that IE's integration with Microsoft had an inherently insecure architecture, but I didn't think that it would result in anything this major... :sad01_anim: looks like Microsoft will finally have to get some serious (overdue) changes made.

 

XD It seems like I'm not the only person on the forums who's felt and answered the pull of Linux. Long live open-source! (both Firefox & Linux are open-source by the way :P )

Open-source will someday (hopefully soon) rule the realm of technology!

 

Also, Firefox 3 hates me, It lags terribly, but I'm sticking with it because soon there won't be any more updates for security purposes.

Link to comment
Share on other sites
Ashley Rose Newbie

Ashley Rose

Posted
Posted
The only purpose of internet explorer is to download firefox :)

 

And soon I'm going to have Linux on my laptop :)

 

HAHA So True! Oh and to test layouts in IE so you know they work for others XD I've stopped using IE almost all together. I only use it for layout testing to make sure it looks fine it both browsers, and to log into a side account while staying on my main in FF. If I use IE for more than a couple minutes I start getting errors and I just generally hate IE now!

 

At this point I would be extremely happy to see Vista fail and a new operating system released, of course in hopes that it's better than Vista. I've had nothing but issues with Vista and I pretty much regret buying this computer with Vista on it...though I had no choice.

Link to comment
Share on other sites
antiaircraft Newbie

antiaircraft

Posted
Posted

After thinking about this for a while, I don't think Micro$oft can afford to let this sit like they did for the past few years. With new exploits just round the corner, they will have to make the architecture changes that it takes to secure their system or face a huge risk to their market dominance. Hopefully, this will end up changing Windows and IE for the better. :yes:

 

@Ashley: Well Linux is a free alternative to Windows, and you shouldn't have to buy any new hardware to try it out. :) That said, switching operating systems isn't exactly something to take lightly.

 

@rosyfinch13: Your problem sounds like an extension glitch to me - are you sure you didn't disable add-on compatibility checks?

Link to comment
Share on other sites
̊ ˉˉ ̊ Newbie

̊ ˉˉ ̊

Posted
Posted
@rosyfinch13: Your problem sounds like an extension glitch to me - are you sure you didn't disable add-on compatibility checks?
The only add on I have works perfectly & makes pages load faster (flashblocker thing) The reason is probably a combination of having a "old" computer & the wireless signal having to go through multiple walls & floors, making it weak.

But that's what I get for getting it for free ;b

 

Also on a side note, I got the laptop from my brothers friend who was getting a new one. XP has always been pre-installed on it. Microsoft says it is using an Iligitimate key :0

Link to comment
Share on other sites
Guest HBK

Guest HBK

Posted
Posted
After thinking about this for a while, I don't think Micro$oft can afford to let this sit like they did for the past few years. With new exploits just round the corner, they will have to make the architecture changes that it takes to secure their system or face a huge risk to their market dominance. Hopefully, this will end up changing Windows and IE for the better. :yes:

 

@Ashley: Well Linux is a free alternative to Windows, and you shouldn't have to buy any new hardware to try it out. :) That said, switching operating systems isn't exactly something to take lightly.

 

@rosyfinch13: Your problem sounds like an extension glitch to me - are you sure you didn't disable add-on compatibility checks?

 

I, personally, don't consider Ubuntu or any other Linux distro appropriate to my daily needs. Why? First, no Photoshop. Yeah, I know you can WINE it, but it lags a lot, and GIMP isn't the same. Then, it's not as easy to use as Windows or Mac (to install a program, you gotta use the Terminal, which I don't like).

 

The Mac world, however, is perfect for me - graphics, IM, surfing, music, installing of programs, occasional coding and it does it so much quicker and easier than Windows, so why should I go with the latter anymore?

Link to comment
Share on other sites
Whacker Newbie

Whacker

Posted
Posted
The only purpose of internet explorer is to download firefox :)

 

Rofl, that should be published ^_^

 

I'm still stuck using IE for many flash games (neopets) since FF has that annoying bug that makes games run a lot faster. Fast is good. Just don't over-do it <_<

Link to comment
Share on other sites
antiaircraft Newbie

antiaircraft

Posted
Posted
The only add on I have works perfectly & makes pages load faster (flashblocker thing) The reason is probably a combination of having a "old" computer & the wireless signal having to go through multiple walls & floors, making it weak.

But that's what I get for getting it for free ;b

Ah - well assuming you didn't have that problem in Firefox 2, I guess it's not too much of an issue. :)

 

I, personally, don't consider Ubuntu or any other Linux distro appropriate to my daily needs. Why? First, no Photoshop. Yeah, I know you can WINE it, but it lags a lot, and GIMP isn't the same. Then, it's not as easy to use as Windows or Mac (to install a program, you gotta use the Terminal, which I don't like).

Well Linux isn't for everyone of course - people should use whatever suits them best. With the exception of IE of course, at least until this major security issue is fixed.

 

But for the record - why would you have to use the terminal to install programs? o_O In most Linux distributions, you don't even have to touch the terminal for anything (although I personally love it :P ).

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing
×
×
  • Create New...