[funsec] Microsoft Makes Concessions to Security Software Makers

Dude VanWinkle dudevanwinkle at gmail.com
Sat Oct 14 21:33:15 CDT 2006


On 10/14/06, Nick FitzGerald <nick at virus-l.demon.co.uk> wrote:
> Dude VanWinkle to me:
>
> > As I am sure you know by now Vista already has several security
> > hotfixes that are applied, but usually they bundle those fixes into
> > the next build, but what I was referring to was the statement by
> > Joanna and zdnet:
>
> Yes, and as you will see, I specifically elided that part of your
> message and addressed the issue _in general_, as you had stated it to
> the point UI quit quoting you.

whoops :-)

So are we agreeing that the release of vista has been pushed back so
far that nothing will prevent the current launch date?

>
> My understanding of "blue pill" is that it is far from a given that it
> is actually meaningfully doable.  Theoretically, yes, but in a
> practically workable, distributed/remote attack scenario???

Remember that the 30-some-odd flaws fixed this tuesday have been there
for almost four years. While there will not be a blue pill worm, it
would make a killer payload.

this one even more so:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9003512&source=rss_news50
http://tinyurl.com/fu2tb

> I'm sure MS has some of it's cleverest folk looking at this and
> puzzling over it, but as they probably also haven't come up with a
> straight yes/no answer, the judgement call is that it is "safe enough"
> to not delay Vista further...

Exactly. I guess we are agreeing. And why shouldnt MS do that? No
software is without its security updates. If you were to wait until
your os is completely secure, you would never release it.

Still, an undetectable-from-the-os payload is kinda scary if known
about before the release, but I guess having one machine do the
scanning for its neighbor (as long as you loaded your own driver for
the remote hdd) and vise versa might be a valid work around for
detecting blue pill.

-JP


More information about the funsec mailing list