02:44 PM
Connect Directly

Symantec Finds Flaws In Vista's Network Stack

Researchers with Symantec's advanced threat team said some of the flaws have been fixed, but they also claim that the rewrite of the networking code could cause problems.

Researchers with Symantec's advanced threat team poked through Vista's new network stack in several recent builds of the still-under-construction operating system, and found several bugs -- some of which have been fixed, including a few in Monday's release -- as well as broader evidence that the rewrite of the networking code could easily lead to problems.

"New code, whether it's been rewritten or added, needs to go through an aging process," said Oliver Friedrichs, the senior director of Symantec's security response group. "Virgin code is likely to contain more bugs and flaws. And that's particularly true in a network stack, which is one of the most complex pieces of code in an operating system."

In a just-released paper, two of Friedrich's researchers, Tim Newsham and Jim Hoagland, detailed research that began with a September 2005 build of Vista and wrapped up with May's public Beta 2.

Among Newsham's and Hoagland's conclusions: "The amount of new code present in Windows Vista provides many opportunities for new defects."

"It's true that some of the things we found were 'low-hanging fruit,' and that some are getting fixed in later builds," said Friedrichs. "But that begs the question of what else is in there?"

Vista, the first across-the-board Windows upgrade since the 2001 debut of XP, is touted by Microsoft as its most-secure operating system ever. And the stack is one of the OS's most important security components.

"It's the single point of exposure of the network," explained Friedrichs. "It's the first point of entry that an attacker takes. They have to pass through the stack to get to the core of the operating system."

Vista's stack adds support for IPv6, the next-generation IP protocol, for instance, and includes IPv6 tunneling to transition from the now-in-use technologies to IPv6. Dubbed "Teredo," the tunneling technology is enabled by default, and could, said Symantec, serve as a welcome mat to attackers.

"If it's not deployed or configured correctly, [Toredo] may actually provide an entry method for attackers through this tunneling," said Friedrichs.

1 of 2
Comment  | 
Print  | 
More Insights
IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.