From: "Rich Gauszka" 


"Mike N."  wrote in message
news:uu3ls21brd11khlgjm73gadaa9f5e28gft{at}4ax.com...
> On Wed, 7 Feb 2007 15:14:33 -0500, "Rich Gauszka"
>  wrote:
>
>>The researchers tested whether each of the antivirus products would stop a
>>set of viruses known to be currently circulating. In order to be awarded a
>>pass, the software had to detect all the viruses with no false positives.
>
>  Another stupid story that doesn't answer the real question - how well
> does UAC work?   Did it stop the escalation of privilege?
>
>   Virus Blacklisting has become a dismal failure.   The majority of
> malware pretty much marches freely by any AV product out there.

'Core Security, for its part, says this proves that Vista -- for all its
out-of-the-box impregnability -- is only as secure as the weakest link in
its application chain.'

http://rcpmag.com/news/article.aspx?editorialsid=8212

Security specialist Core Security Technologies, a developer of security
testing and assessment software, claims that an attacker can successfully
take control over a Vista machine by exploiting any of several buffer
overflow vulnerabilities in the BrightStor ARCserve Backup product set from
Computer Associates International Inc. (CA).

The vulnerabilities affect BrightStor ARCserve Backup versions 9.01 through
11.5, and Enterprise Backup 10.5, along with CA Server/Business Protection
Suite r2, Core Security says. An attacker who successfully exploits these
vulnerabilities on any Windows system, including Vista, can execute
arbitrary code possibly gain access to network systems, too.


Core Security, for its part, says this proves that Vista -- for all its
out-of-the-box impregnability -- is only as secure as the weakest link in
its application chain.

The point, says Russ Cooper, director of publishing with security
specialist CyberTrust and a Windows bug-tracking veteran, is that pre-Vista
software can't take advantage of security niceties such as UAC or Vista's
Mandatory Integrity Confirmation (MIC) routines.

"Vista is built so that services that need to have elevated privileges
don't run constantly with those elevated privileges," he commented.
"If it was written properly for Vista -- as opposed to a [case where
a] researcher, for example, upgrades Windows XP to Vista and then says
'Look, the [ARCserve] software still runs!' -- it shouldn't pose a
significant problem."

--- BBBS/NT v4.01 Flag-5