Robert McLaws: Windows Edition

Blogging about Windows since before Vista became a bad word

Secunia Attack 3 Fails on Vista Too

Secunia continues to prove that it's more interested in staying in the news than it is in making sure the world's browsers are secure. Because what's the point in trusting them as a security company if they helped fix the vulnerability before RTM and no one ever knew about it, right? No, it's much better to let the vulnerability get out in the wild and come back and appear to be Microsoft's savior.

But more importantly, what they fail to mention (again) is that this attack fails on Windows Vista. I wonder why they left that information out? Maybe they think that it's not in their best interest for people to think that Windows Vista is secure?

[Thanks Bink]



  • They said Windows XP, should they mention that it fails on Windows 95 as well? This blog is becoming more and more a joke. You lost your objectivity man and please stop kissing Microsoft *ss already. My guess is that you will work for them before x-mas so keep it cool!

    October 30, 2006 3:35 PM
  • Secunia is supposed to be a leading security firm. From their own web site you can read: "It is Secunia's ambition to be the leading vulnerability intelligence provider and distributor in the world - second to none." According to my understanding, "second to one" means that Secunia's editors must provide appropriate informations about which operating platform they are using. So yes, they should mention that their findings are pure garbage on Windows Vista.

    October 30, 2006 3:48 PM
  • secunia have acted in this way for years, so i doubt they're hardly going to change when there's huge interest in both vista, ie7, and other big microsoft product launches. The more hype they can generate the better, rather than the more secure they can make products, which is what they suggest is the case.

    October 31, 2006 7:42 AM
  • Did you guys actually read the report? It was confirmed on a fully patched Windows XP SP2 running IE 7.

    October 31, 2006 4:53 PM
  • wilsone8 said:

    As I did on the previous post, I'll ask how you know Secunia knew about these bugs before IE's RTM?  You're implying that they intentionally held on to information about these bugs, but I don't see anything to actually confirm that accusation.  Does innuendo now count as news on this blog?

    As the previous posters mentioned, the report explicitly says what version of the OS and IE the bug was discovered against.  Mentioning that the bug does not effect BETA software is not something I would expect from a security company.  Then there's the fact that it is fixed in a unreleased future version of the OS is completely uninteresting to everyone on the planet except the small percentage of folks who are willing to run a beta OS.  My mom doesn't care that in 3 months this bug could be fixed by spending $199 and upgrading her OS.  That's a non-starter.

    November 1, 2006 11:48 AM
  • Beta software? Vista RTMs in the next 7-10 days... then it's not beta software anymore. Then it becomes mainstream... and very important.

    And Gabriel, I started kissing Microsoft's ass a hell of a long time ago... you just now started noticing? I never claimed objectivity... but if you thought I had some... then to be honest, I'm flattered. I'm unabashedly pro-Microsoft. But that doesn't mean I'm gonna go work for them. I get more done this way ;).

    November 1, 2006 12:17 PM
  • wilsone8 said:

    <i>Beta software? Vista RTMs in the next 7-10 days... then it's not beta software anymore. Then it becomes mainstream... and very important.</i>

    Mainstream seems like a strong word.  You've still got 3 months before it is released to the general public.  And then you have the 2+ years it will take for Vista to cross the 50% market cap point where we can stop talking about XP.  Until that happens, noting that a security bug exists in the current OS leader using the new version IE is still important news to me.

    November 1, 2006 9:29 PM