Douse the Glim, it's night
|
|
|
PR spinner insists Vista kernel is secure
IT IS NOT OFTEN that anyone at Waggener Edstrom, Microsoft's pet public relations firm, writes to The INQUIRER. Read on, and we think you'll soon understand why that's the case.
We received the following missive a couple of days ago:
From: [email address]
To: Egan.Orion@theinquirer.net
Subject: Article: Vista kernel is vulnerable
Date: Tue, 2 Dec 2008 18:20:17 +0000 (GMT) (10:20 PST)
Emailed from The Inquirer...
http://www.theinquirer.net/gb/inquirer/news/2008/11/24/vista-kernel-vulnerable
Hi Egan,
I wanted to let you know that the Windows Vista vulnerability identified in your article is located in the Device IO Control, and when exploited, causes a buffer overflow which then corrupts kernel memory. The vulnerability does not lie in the Windows Vista kernel itself.
It would be great if you would be able to update your story - please let me know if you can.
Thanks,
Rickard Andersson [phone]
Since our article explicitly said that a "buffer overflow flaw exists in Vista's networking I/O subsystem," we didn't pay that email any mind. In particular, we did not notice the sender's email address. Rarely do our stories that mention Microsoft fail to generate at least one or two flames.
Apparently accustomed to dealing with somewhat more accommodating publications, such as those that receive significant revenues from Microsoft's advertising, but not having seen a quick change to our story, our correspondent emailed again yesterday:
From: Rickard Andersson
To: egan.orion@theinquirer.net
Subject: Re your article: Vista kernel is vulnerable
Date: Wed, 3 Dec 2008 15:12:55 +0000 (07:12 PST)
Hi Egan,
Writing from Waggener Edstrom, Microsoft's PR agency, as I wanted to let you know that the Windows Vista vulnerability identified in your article is located in the Device IO Control, and when exploited, causes a buffer overflow which then corrupts kernel memory. The vulnerability does not lie in the Windows Vista kernel itself. Would you be able to update your story to reflect this? Please let me know.
Thanks!
Rickard
Vista kernel is vulnerable
Monday, 24 November 2008, 4:49 PM
http://www.theinquirer.net/gb/inquirer/news/2008/11/24/vista-kernel-vulnerable
Rickard Andersson
Senior Account Executive
Corporate Practice
Waggener Edstrom Worldwide - London
[phone]
[email addresses]
[miscellaneous other bumf]
Well sure, Rickard... since you insist. We'll be glad to clarify that story for our readership.
As we initially reported, this particular security flaw in Windows Vista is indeed in the I/O subsystem, specifically – as you have pointed out – in the Device I/O Control module, and we will be glad to take your word for that nomenclature.
Further, the security flaw is a buffer overlow that, when triggered, corrupts Vista kernel memory. That can – again, as we initially reported – "cause a blue screen of death system crash, allow denial of service attacks, or enable injection of rootkits or other malware..."
So yes, technically, this security glitch is not in the Vista kernel itself, since you consider it important to make that distinction, but in the Device I/O Control module, so very different.
This would tend to suggest that the Vista kernel remains perfectly secure... as long as you don't actually use any devices in your computer. You know, things like a keyboard, mouse, video screen, hard disk, DVD/CD drive, printer, or... network interface.
But the fact is, the security flaw enables corruption of kernel memory, that is, potentially compromising the integrity and security of the entire Vista operating system, and with it, the entire computer system itself.
This obsession with meaningless classification of security flaws is simply characteristic of Microsoft, which has a long history of defining away, making excuses for, simply hiding, and even flatly denying numerous, continuing and overlapping problems with its horribly designed, bug-ridden, user-hostile, DRM-infested, poorly performing software products.
So this security problem doesn't originate within the Vista kernel, it merely has the plainly obvious potential to completely compromise it. Fine. Microsoft's statistics look better now.
It reminds us of Microsoft's attempts to compare the number of security patches to Windows itself with those distributed for all of the thousands of applications, utilities and so on that make up a modern Linux distribution.
The Vole hasn't tried that one for a while now, so it's due to come around again. Maybe it will come up along with the next self-serving round of Microsoft-sponsored Total Cost of Ownership studies, since those seem to be about ready to ramp up again in this recession.
Similarly, the gaping security holes in the Vole's Internet Exploder and Microsoft Lookout must not count either, we're sure. It's just a coincidence that those security vulnerabilities are present by design and have spawned a robust software industry populated by vendors of security products catering almost exclusively for Windows-based computers, certainly.
Does Microsoft still maintain that this proven security flaw in Windows Vista is somehow so unimportant that it's still unable to say whether a fix will be included in the next Vista service pack or estimate when that service pack might be released?
We guess we'll see. µ
See Also
Vista
kernel is vulnerable
Tags: Microsoft
Share this:
Share
And as for Rickard, please stop trying to fill us with more FUD. Instead please tell us when this secuirity hole will be fixed.

Rickard, are MS working on this? Is the fix into Testing yet? Have they even created a patch for test? Or are they asking cronies like yourself to go to work instead of the engineers?

MS has taken their eye off the ball, the customer. They no longer focus on customer need, only on dollar per quarter. Greed without product will result in shrinking customer base.

Windows XP - it works. Domestic and Professionals are used to that interace. It's now more stable and quicker than Vista. It also costs MS a lot less in the past 2 years than Vista. It is MS's cash cow, but they want to barbeque it. Fools.

MS wants to RENT Office for $70/year. Have you seen this in PC World?

I guffawed when I saw it at the entrance stand. In a recession they are offering to scam us every year for something we will never ever own. Nutters, greedy nutters.

MS, greed is eating you from the inside.

Free Office - www.openoffice.org.
Free Antivirus - free.grisoft.com, panda and others.
"Vole's Internet Exploder and Microsoft Lookout"
LOL!
Nothing like a good laugh in the morning.

Thanks for the amusing reading everyday, Inq.
Ah, and where did you get your degree in computer science, Mr. PR flack? And your credibility is derived from what? The fact that Microsoft throws money at you to bleat their story?

Seeing as most people have no idea how Windows is actually architected, as far as most of us are concerned, the Device I/O Control module is loaded during startup along with the so-called "kernel" so that makes it part of the kernel. If it bleats like a sheep... and so forth... So, Microsoft and PR flack, take your micromanaged approach and shove it.

Besides, I heard that Windows is a mess internally anyway, so who knows what is part of the kernel and what isn't? Even those people that work on it aren't too sure.