Business & Finance
News
3/7/2007
05:21 PM
Connect Directly
RSS
E-Mail
50%
50%

Windows Vista Security At 90 Days: How's It Doin'?

Security firms say it depends on whether you believe Microsoft should be judged on how far it's come or how far it has yet to go.

Three months into a life that could one day see it become the most prevalent operating system used in business, time to assess whether Microsoft has kept its related to Vista's security. The answer depends upon which promises you remember and whether you believe Microsoft should be judged on how far it's come or how far it has yet to go.

The short answer: Windows Vista is a solid improvement over its predecessors. After 90 days and with a relatively small number of deployments upon which to judge Microsoft's success, that's the consensus from security researchers, third-party vendors that rely on (and even compete with) the operating system, and corporate security managers.

This assertion comes with caveats, however. In the three Patch Tuesdays since Vista's launch, there's been one patch, MS07-010, that affects Vista. The patch became available in February to defend users against a critical vulnerability related to the way the Microsoft Malware Protection Engine parses Portable Document Format, or .pdf, files. This vulnerability, while not within Vista itself, could nevertheless allow attackers to remotely execute code on a company's PCs running Vista.

Fewer patches was one of the goals that Microsoft has for Vista, "but let's be clear that there will be vulnerabilities found in Vista, which is why we took the defense-in-depth strategy that we did," says Stephen Toulouse, senior product manager in Microsoft's Trustworthy Computing Group. Early claims aside about just how much Vista would improve a company's security, Microsoft rightly recognizes now that security requires way more than a well-written operating system with some security features. Toulouse makes it clear that Microsoft never promised that Vista would signal the end of the monthly patch cycle. "One of the things that you knew from the outset is that no one can get the software code 100% right," he says.

With Vista, Microsoft touts new security features such as BitLocker full-disk encryption, User Access Control, and the Windows Defender anti-spyware software that ships with every copy of the new Windows operating system. Microsoft has also spoken, at Black Hat security conferences and elsewhere, about new, more secure design and development processes when creating Vista. This included inviting security researchers to speak with Microsoft programmers at its Redmond offices through the Blue Hat program.

Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.