IoT
News
News
12/28/2006
01:14 PM
50%
50%

Microsoft: Vista's Secure, Not Perfect

Disclosure of a zero-day vulnerability doesn't alter the claim that Vista is the safest Microsoft operating system so far, says company's security manager.

Last week's disclosure of a zero-day vulnerability in Windows Vista doesn't put a lie to the claim that it's the safest Microsoft operating system so far, a company security manager has said.

"The finding of vulnerabilities in any software is to be expected," said Stephen Toulouse, senior product manager with Microsoft's security technology group, in a blog posting earlier this week. "This is all part of the process of creating complex software today, and no one is immune to it. It's not, as they say, big news to us in the security industry."

Proof-of-concept code for an unpatched bug in all supported versions of Windows, including Vista, went public last week, prompting warnings from security vendors who classified the flaw as a low or medium threat. Microsoft has said it was "closely monitoring" the situation, but has not released any additional information since Dec. 22.

Toulouse countered that the exploit doesn't invalidate Microsoft's contention that Vista is more secure than its predecessor, Windows XP. "This product [is] the most secure version of Windows we've produced to date. That doesn't mean 'zero vulnerabilities.' No one can claim that crown," he added.

He also predicted that users would see more vulnerabilities early in Vista's lifespan than in previous versions of Windows. "We're probably going to see a higher initial rate of reported vulnerabilities to us than with previous versions of our products, given the early view researchers have had into Vista," Toulouse said. "This is going to help make the product stronger before many of the threats against it have a chance to emerge."

Other Microsoft executives, including Jim Allchin, the soon-to-retire head of the Windows unit, and chief executive Steve Ballmer, have repeatedly said that Vista will prove to be the most secure Windows yet. Like Toulouse, Allchin also has noted that no software can be considered 100% safe.

Said Toulouse: "No one will ever get the software right 100% out of the gate."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of July 17, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.