Drudge, “Crisis of Confidence in Vista”

Matt Drudge should stick to what he does best; linking to other people reporting news and repeating rumors that reputable newspapers can’t publish without confirmation.
Where is the source for the information he posted today?

MSFT facing early crisis of confidence in quality of VISTA; security researchers, hackers find potentially serious flaws in system… Developing…

It is rather typical for anti-Microsoft people to talk them down new Microsoft releases while at the same time claiming that Microsoft has promised them to be bug free. Can we settle this now? Microsoft Vista will have better security than XP. Just as XP had better security than 2000 and 2000 was better than NT4. Does better mean bulletproof? There is no such animal.
What security flaws are in the news that would lead to this supposed “crisis of confidence.”
Is it the Windows Client/Server Runtime Server Subsystem (CSRSS) privilege escalation vulnerability? Reported here. A privilege escalation vulnerability means that a logged on user can gain higher rights than those already assigned. This is bad, but its not like a WMF vulnerability or a blaster vulnerability. The way most people currently use a computer, where everyone runs as admin ,this attack would not even be needed.
The metric for evaluating Vista isn’t when the first vulnerability is publicly announced. Vista will be evaluated based on the number of patches it doesn’t need that XPsp2 does. It will be evaluated on the number of patches in the first year, not the first month. It will be evaluated based on the severity of the patches.
Lets look at history, the other products developed under the security lifecycle have done great. Matt Drudge don’t hype vulnerabilities that you don’t understand.
— Update — Drudge now has a link to a New York Times article.


  1. @Jo – You refer to an captivating point there. Not every person has the capacity to make certain these effects are undertaken in the proper approach and handy tips such as those you have provided will help endorse the problems to a much larger point than it is at present.

Comments are closed.