12.11.09

Trend Micro: Vista 7 Less Secure Than Vista

Posted in Microsoft, Security, Vista, Vista 7, Windows at 4:47 am by Dr. Roy Schestowitz

UAC

Summary: Trend Micro’s assessment of Vista 7 concurs with previous analyses which say that Vista 7 is a step back when it comes to security

ON several occasions in the not-so-distant past, experts warned that Vista 7 is even less secure than Windows Vista. To give previous examples of security issues in Vista 7:

  1. Cybercrime Rises and Vista 7 is Already Open to Hijackers
  2. Vista 7: Broken Apart Before Arrival
  3. Department of Homeland Security ‘Poisoned’ by Microsoft; Vista 7 is Open to Hijackers Again
  4. Vista 7 Security “Cannot be Fixed. It’s a Design Problem.”
  5. Why Vista 7 Could be the Least Secure Operating System Ever
  6. Journalists Suggest Banning Windows, Maybe Suing Microsoft Over DDoS Attacks
  7. Vista 7 Vulnerable to Latest “Critical” Flaws
  8. Vista 7 Seemingly Affected by Several More “Critical” Flaws This Month
  9. Reason #1 to Avoid Vista 7: Insecurity
  10. Vista 7 Left Hijackable Again (Almost a Monthly Recurrence)

Now comes yet another firm, Trend Micro, claiming that Vista 7 is less secure than Windows Vista:

Windows 7 is less secure out-of-the box than Vista, despite Redmond’s protestations to the contrary, a top security firm has claimed.

Trend Micro said that the default configurations of Windows 7 are less secure than Vista. Raimund Genes, CTO of Trend Micro, said that Windows 7 had sacrificed security for useability – at least for default configurations.

We shall continue to keep track of such important claims.

In other (in)security news yesterday:

i. Scareware slingers flaunt fake MS endorsement

Surfers visiting the URL on the Windows Support site referenced in the scareware from a clean PC will get a 404 ‘page not found’ message. Hacked PC victims will see an apparent endorsement.

ii. Potent malware link infects almost 300,000 webpages

A security researcher has identified a new attack that has infected almost 300,000 webpages with links that direct visitors to a potent cocktail of malicious exploits.

iii. How many people fall victim to phishing attacks?

According to a recently released report, based on a sample of 3 million users collected over a period of 3 months, approximately 45% of the time, users submitted their login information to the phishing site they visited.

The important point to remember is that Vista 7 changes nothing as far as security is concerned. Microsoft and/or its apologists love to defend Windows using the talking point that security issues are the fault of people who do not migrate to the latest version of Windows. It’s a sales pitch.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

This post is also available in Gemini over at:

gemini://gemini.techrights.org/2009/12/11/vista-7-insecurity-2/

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

12 Comments

  1. Yuhong Bao said,

    December 12, 2009 at 11:32 pm

    Gravatar

    “To give previous examples of security issues in Vista 7:“
    I already explained or debunked some of the previous ones. On this one, it is about default configurations of Vista and 7, and I am sure that most of the defaults can be changed.

  2. Yuhong Bao said,

    December 12, 2009 at 11:34 pm

    Gravatar

    On Linux default configurations, one of the most famous disasters was to allow any local users to install packages by default:
    http://lwn.net/Articles/362771/

    your_friend Reply:
    December 13th, 2009 at 12:46 pm

    That article in LWN is surprisingly rude and ill informed. It is rude because it paints the changes as ignorant and arrogant if not malicious. It is ill informed because the result is not really a big deal. I would not configure my system that way but I would not be so rude to a software maintainer about it. We’re talking about free software here, love it or change it. Outrage is only proper in the non free software world, where the user has traded their rights for promises of care. Why do you equate the obligations in two models which have such clear differences?

    More fundamentally, why do you try to equate Microsoft and Unix insecurity? Both systems have 30 year security histories and one is obviously better than the other which requires a useless, often abusive, monthly patch. Microsoft’s insecurity is a blight on the internet. Vista and Windows 7 are just as bad as any previous version of Windows. Claims of better security have been made of every previous version, usually with detailed technical descriptions that ignore fundamental flaws that allow attackers remote, root level access. With so long a history of failure, it is unreasonable to expect a change.

    Malicious claims of flaws in competing software is part of Microsoft’s criminal behavior. Their agents religiously defend Windows and make vague threats of doom for others. They have said the same things about Netscape, Mac OS, Unix and GNU/Linux. This has gone on for so long, it is surprising to see that Microsoft credibility lives on.

    Yuhong Bao Reply:
    December 19th, 2009 at 4:16 am

    “Both systems have 30 year security histories and one is obviously better than the other which requires a useless, often abusive, monthly patch.”
    It is not that simple.
    “Malicious claims of flaws in competing software is part of Microsoft’s criminal behavior. ”
    One of the most recent is when MS tried to FUD Chrome Frame.
    “usually with detailed technical descriptions that ignore fundamental flaws that allow attackers remote, root level access.”
    Really, is NT really that fundamentally flawed? I don’t think so, look at ReactOS

    Roy Schestowitz Reply:
    December 19th, 2009 at 4:39 am

    “Malicious claims of flaws in competing software is part of Microsoft’s criminal behavior. ”
    One of the most recent is when MS tried to FUD Chrome Frame.

    Or Google search.

    your_friend Reply:
    December 19th, 2009 at 10:11 am

    Yes, NT was fundamentally flawed. The security record speaks for itself. I know people who had NT hosed over like any other version of Windows. It’s all the same.

    Yuhong Bao Reply:
    December 19th, 2009 at 3:17 pm

    http://www.reactos.org/en/about.html

    Roy Schestowitz Reply:
    December 19th, 2009 at 3:21 pm

    I’ve taken a look. You have to remember their bias though; they need to justify their own choices.

    your_friend Reply:
    December 19th, 2009 at 9:18 pm

    NT as is flawed as it and it’s descendents are worse. That is the well established record. A free software implementation of NT will be better than the thing that Microsoft’s team of poached VMS engineers could throw together but it won’t be NT if it fixes NT’s fundamental and implementation flaws. I consider access control lists poor design, but what do I know? So here are words of wisdom from people who do know. Michael Feathers,

    a willingness to live with a little less to avoid the bigger mess and a willingness to see elegance in the real rather than the vision

    and the famous words of someone who knows all about legacy code, Michael Feathers

    Those who don’t understand UNIX are doomed to reinvent it, poorly.

    Reactos is a nice effort but it’s hard to take seriously anyone who’d say the crazy things on that about page. It would be nice to have a free implementation of Windows to run other user hostile legacy programs. The about page, however, reads like something from Microsoft’s “Get the facts” pages. Someone who knows better should clean that embarrassing mess up.

    your_friend Reply:
    December 20th, 2009 at 3:16 pm

    NT is flawed as it is. That’s how the last one should have started. I’m not sure what happened to make it so incoherent looking.

    Roy Schestowitz Reply:
    December 13th, 2009 at 2:36 pm

    Wasn’t this reversed?

    Yuhong Bao Reply:
    December 19th, 2009 at 4:11 am

    Yes, it was.

What Else is New

  1. IRC Proceedings: Thursday, April 22, 2021

    IRC logs for Thursday, April 22, 2021

  2. Links 22/4/2021: virt-viewer 10.0, PipeWire 0.3.26, LibreELEC (Matrix) 10.0 Beta 2

    Links for the day

  3. Links 22/4/2021: Ubuntu Release, KDE Gear 21.04, GNU/Linux on MacBooks

    Links for the day

  4. GNU/Linux Turns 38 This Year, But the (Partly) Microsoft-Led Linux Foundation Wants You to Think It's Only 30 and a Good Friend of Microsoft

    What the Linux Foundation calls “Linux” (as its PR staff members refer to it in their new press release) is 38 years old, not 30. “Open Source” as a term did not formally exist yet, so this latest waffle makes no sense at all (the press release keeps mentioning a term that’s designed to attack and replace the original). But it’s part of a broader pattern of deception, attacking software freedom and pretending GNU never existed. Did money corrupt everything and is it too late to salvage truth, let alone freedom?

  5. Richard Stallman on Paid Smear Campaigns

    Dr. Richard Stallman on people who lie about him online (4 years after the older campaign of hate and distortion and half a decade before the current one, coordinated by groups funded by monopolies that dislike GPL)

  6. Links 22/4/2021: Grafana Goes for AGPLv3, Godot 3.3 Released, Mesa 21.0.3 Available

    Links for the day

  7. IRC Proceedings: Wednesday, April 21, 2021

    IRC logs for Wednesday, April 21, 2021

  8. Behind the Curtains of Cheap and Cheesy PR the EPO is a Machine of Oppression (Against Its Very Own Staff), Tribunal to Rule on Strike Busting

    The laughable regime of Campinos is a naked emperor with nothing but diplomatic immunity (almost not a single member of staff trusts the President) and the PR strategic front is becoming worse than pathetic; it's like the place is run by infantile career-climbing sociopaths with no qualifications, trying to weaponise a sea of money against staff, inquisitive media, and states (by bribing them or hiring lawyers to intimidate/bankrupt them); while the EPO still swims in money its reputation drowns too quickly to ever resurface, recover

  9. Links 21/4/2021: University of Minnesota Blacklisted Over Defects, Red Hat Satellite 6.9 is Out

    Links for the day

  10. Links 21/4/2021: VirtualBox 6.1.20, GCC 11.1 Release Candidate, Nginx 1.20.0

    Links for the day

  11. IRC Proceedings: Tuesday, April 20, 2021

    IRC logs for Tuesday, April 20, 2021

  12. Some People Who Asked to Be Removed From the Slanderous Hate Letter Against the FSF Are Still Being Denied Removal (But Not All)

    I am aware of some people (evidence is in the public domain for all to see) who asked to be removed from the hate list; their requests have not yet been processed, or simply denied. Maybe they should ask again. There are silent and selective changes.

  13. Overt Abuse and Mischaracterisations by Bully de Blanc

    The campaign to ruin the FSF and silence its founder, Richard M. Stallman (RMS), goes months prior to the hate letter set up by Bully de Blanc, her boss, and the Microsoft-sponsored OSI; they just attack the licence (GPL/copyleft) and they try to redefine things for the corporations which fund them

  14. According to StatCounter, This Month GNU/Linux Market Share on Desktops/Laptops Exceeded 2% (Based on Sites They Monitor)

    StatCounter does not monitor everything and not every machine connects to the Web, but in relative terms, based on the chart above, no doubt GNU/Linux continues growing relative to other operating systems (chart plotted based on the latest raw data, rendered in LibreOffice Calc)

  15. At the EPO, Lawlessness Has Become “a New Normal”

    Without as much as a real consultation with those who are impacted (by the EPO's gross infringements) the management of the EPO rushes ahead again, enjoying zero oversight, no legal review, and no accountability or scrutiny of any kind

  16. Links 20/4/2021: Tails 4.18 and Mark Surman in Mozilla's Board of Directors

    Links for the day

  17. Microsoft as a Censorship Machine Working to Undermine Free Software and Code Sharing (Also Sharing in General)

    Microsoft is, as usual, a tool of destruction rather than creation; it seems to be better at ruining things and censoring things, notably things that compete against Microsoft or pose a threat to Microsoft's business model (and close partners, such as RIAA)

  18. Phoronix Needs to Exercise Caution and Stay Vigilant/Careful of Microsoft

    Taking note or lessons from the blunder of Raspberry Pi (back in February), Phoronix should be careful of Microsoft 'freebies' as they're never free and there are strings attached, destined to alienate longtime supporters

  19. IRC Proceedings: Monday, April 19, 2021

    IRC logs for Monday, April 19, 2021

  20. Links 20/4/2021: EasyOS Dunfell 2.7.1, Phoronix Takes Microsoft 'Freebies', Microsoft Trying to Steal Credit for Linux on Mars

    Links for the day

  21. Richard Stallman on How UPC is a Trojan Horse for Software Patents in Europe

    Dr. Richard Stallman, the Free Software Foundation's founder, offers his analysis of the Unitary Patent (or UPC) and what it means for software patents in Europe now that the EPO increases its influence over continental law

  22. Technology Can Make Life Worse, Even in the Public Sector, Not Just the Private Sector

    There are growing concerns — increasingly justified concerns as a matter of fact — that customer service is universally going away and “COVID” has become the impenetrable shield or a cover in the face of facts, laws, and basic rights

  23. Links 19/4/2021: LibreSSL 3.3.2, OpenSSH 8.6, Firefox 88

    Links for the day

  24. Time to Move to Gemini, Wherever/Whenever Possible, as the World Wide Web is a Burden on Everybody

    A 30-minute rant about what the Web has become and the promise of gemini:// (designed to simplify everything, enable self-hosting, preserve privacy, and empower communities rather than military-connected monopolies)

  25. The Number of Signatures in the Anti-FSF Petition is Decreasing, Not Increasing

    A reader has notified Techrights that belatedly, perhaps where people’s job is at risk (we’ve heard of stories and situations wherein the employer’s view and a worker’s view diverge), the GNOME Foundation/OSI did in fact remove some people from the hate letter they had set up for their monopolistic sponsors. We do, however, still see some names in there of people who asked to be removed, so it must be a very selective process. They don’t want to lose face, so they must have made it very difficult to revoke one’s name. Exceptional circumstances? We have checked to confirm, based on the available archives, and indeed that number decreased since 10 days ago, whereas 6,415 people have thus far signed the support letter (it's still growing), so we’ve just re-plotted the chart.

  26. IRC Proceedings: Sunday, April 18, 2021

    IRC logs for Sunday, April 18, 2021

  27. How Many People Developed GNU (Maybe Hundreds) in the 1980s

    Dr. Richard Stallman, the Free Software Foundation's founder, explains how code was managed and contributed in the early days of GNU

  28. Links 19/4/2021: Linux 5.12 RC8, GNU Poke 1.2, EndeavourOS 2021.04

    Links for the day

  29. Proprietary Software (BT Hub) Has Ruined My Whole Day

    While we did have some plans to publish long articles, those plans were curtailed or at least delayed due to the fact our sole device at home not to be controlled by us (a so-called 'Smart' Hub from BT) decided to break itself and by doing so bring productivity to a standstill (that firmware update, silently installed without notice or any form of consent, managed to screw with the local network)

  30. IRC Proceedings: Saturday, April 17, 2021

    IRC logs for Saturday, April 17, 2021

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts