Symantec has been eager to illustrate its dominance in the field of PC security, particularly since the release of Microsoft's own virus and malware scanner.
One has to wonder, then, what constitutes too
eager, as the makers of Norton products have already released a second report
on Windows Vista.
The report outlines a security flaw in one of Vista's most touted features, the User Access Control (UAC). This runs the machine in a non-administrator mode, but allows the user to enter a password to install or run privelaged code as an administrator. When the install finishes, the machine reverts back to a basic user, keeping you from needing to be an administrator all the time.
Apparently, it is possible to escalate the user information via an ActiveX control from a website, which allows the website to install cookies and the like in administrator mode. According to Symantec, the machine can be taken over if the script is coded properly.
Microsoft has been rather dismissive of the whole issue, stating that "highlighting issues in early builds of Windows Vista does not accurately represent the quality and depth of the final functionality of User Account Control."
Of course, like Tony at The Inquirer
, this journalist is particularly skeptical of anyone who is selling you a $50 product to patch all the holes in the up-to-$400 product you just bought from them. Worse yet is that the bug was found by its competitors, which doesn't look all that good for MS. Forutnately, with it being caught before the product goes gold, this particular bug will not have good odds at seing the light of day in final release. I'd be willing to bet that over at MS Vista headquarters, there is some yelling going on...
Got a thought on the catch? Anyone think it could have been a deliberate oversight? Think I should grab my tinfoil hat? Let us know in our forums