Apparently, some researchers have discovered a major hole — more of a flaw, really — in Windows Vista. What makes this different than the usual patch-coming-Tuesday security issues is that it is based on a fundamental property of the Vista operating system.

In other words, fixing it could be impossible without a significant rewrite of Vista code.

Neowin.net has some more detail in an article “Vista’s Security Rendered Completely Useless by New Exploit.” Normally that’s hyperbole, but in this case there may be something to it.

Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. have discovered a technique that can be used to bypass all memory protection safeguards that Microsoft built into Windows Vista.

and

While this may seem like any standard security hole, other researchers say that the work is a major breakthrough and there is very little that Microsoft can do to fix the problems. These attacks work differently than other security exploits, as they aren’t based on any new Windows vulnerabilities, but instead take advantage of the way Microsoft chose to guard Vista’s fundamental architecture.

ZDNet wrote this:

Two security researchers have developed a new technique that essentially bypasses all of the memory protection safeguards in the Windows Vista operating system, an advance that many in the security community say will have far-reaching implications not only for Microsoft, but also on how the entire technology industry thinks about attacks.

Perhaps even more interesting (if that’s the right word) is what well-known (and well-regarded) security researcher Dino Dino Dai Zovi said:

[S]ince these techniques do not rely on any one specific vulnerability, Zovi believes that we may suddenly see many similar techniques applied to other platforms or environments.

Dowd and Sotirov presented details of their findings and their exploit at the 2008 Black Hat security conference on Aug. 7, but not much more has come out.

Following on the heels of the major DNS exploit last week, it’s been a busy time for security folks….

Whew. Last night was the last Vista straw for me. I’d been getting a variety of minor errors since I installed Vista (and got past the bigger issues), but nothing that would stop me from working.

Still, getting regular errors every time I view a folder full of thumbnails was annoying, as were things like a very slow CD writer.

Then last night I noticed that my daily backup hadn’t been done. Hmm. I check to make sure that Task Scheduler was running, but it wasn’t.

Or it was. One error message said it wasn’t running, but Task Scheduler itself said it was. When I tried to get a list of what was scheduled, I got an error telling me it couldn’t access that data.

What I had done before with Vista (and any time I had a problem) was type the error message into Google and eventually find a solution to the problem. This time, though, no joy. There was a total of two sites that mentioned the error I got, and neither in the correct context.

Ergo, Task Scheduler wasn’t gonna run.

And that was the last straw. I copied all my data manually to a backup drive, formatted my C: drive, thought for a moment about doing a clean Vista install (the one I had was an upgrade), decided against it, and loaded XP.

The XP disk I had was old, so after installing it had to download a lot of updates, but that was no big deal. And I had already made a list of what needed to be reinstalled (Firefox, Thunderbird, Office, Photoshop, etc.), so even that was relatively painless.

Besides, there’s a distinct pleasure to be had when you wipe out and start from scratch with a clean system. And because I was prepared, all my docs (including my mail, which I briefly lost with Vista) were exactly where they were supposed to be.

And now, for the first time in weeks, I know I can sit at my computer again and have it just work.