"We found a number of holes, which is still possible unpleasant incidents in working with a PC" - writes Matthew Conover, an analyst at Symantec Security in a report entitled "Attacks against security model Windows Vista". The report was published by Symantec customers last week, giving him full transparency is scheduled to break Vista, Symantec representatives said on Monday.

Conover considered the February release of Vista. The report describes how an attacker can command a Vista PC with Internet Explorer 7, the next version of Microsoft browser. The final version of Vista is not planned for release until January.

The process begins when the attack malicious file while visiting the web site through Vista. The file is run through ActiveX control that uses a security hole. The report describes how ill-intentioned program can receive privileges and give a hacker full control over a PC.

"Trivialnost the system privileges… portends serious problems with a security model for Windows Vista and division at the middle and low levels within the same user account" - Conover writes.

Microsoft has corrected the most debated issues in the record Symantec, said in the statement, the representative of Redmond. "Osveschaemye problems in the early assembly of Windows Vista incorrectly display quality final version UAC" - spokesman said.

In addition, Microsoft said Symantec analysts that the work permit in Vista in administrator mode, which is not recommended Microsoft. Software giant has recommended limited use standard accounts, which will require users to enter a password in order to carry out administrative tasks - for example, to install the software.

Microsoft positioning itself as a security Vista OS. UAC and IE7 are two key security technologies.
A report on UAC is the second of three reports Symantec, which was scheduled to prepare for Windows Vista. The first report reported Vista network technologies; third of the kernel ispytaet Vista - it will be published this week in the analytical service of Symantec DeepSight security.

Traditional allies, Microsoft and Symantec, now go hand in hand in the market security. In May, Microsoft released Windows Live OneCare, the client version security company working on corporate edited. Symantec has also filed a lawsuit at Microsoft, requiring the deletion of data storage technology.

Name: 456543.jpg Views: 66 Size: 33.5 KB

"Symantec continuously examines and evaluates new technologies" - said Pamela Reese, the representative of Symantec. "Even though Symantec confidence that the problems would be resolved before the final version of Windows Vista, Symantec decided to prepare materials in connection with the extraordinary public interest for Vista".

No described the shortcomings have not yet released the operating system will not help, says John Peskator from Gartner. While it may help Symantec's marketing machine. "They want to successfully sell their tabletop security software with access Vista" - Peskator said.
In addition, companies often win, associating his name with hits vulnerability. "It helps convince people that they are indeed safe to understand."

Symantec said that, however, they see the fruits of diligence Microsoft security around the new OS. "However, Symantec feels that the protection of customers will be complete only when choosing security capabilities offered by other manufacturers or Symamtec" - Reese added.