Business & Finance
News
3/7/2007
05:21 PM
Connect Directly
RSS
E-Mail
50%
50%

Windows Vista Security At 90 Days: How's It Doin'?

Security firms say it depends on whether you believe Microsoft should be judged on how far it's come or how far it has yet to go.

Three months into a life that could one day see it become the most prevalent operating system used in business, time to assess whether Microsoft has kept its related to Vista's security. The answer depends upon which promises you remember and whether you believe Microsoft should be judged on how far it's come or how far it has yet to go.

The short answer: Windows Vista is a solid improvement over its predecessors. After 90 days and with a relatively small number of deployments upon which to judge Microsoft's success, that's the consensus from security researchers, third-party vendors that rely on (and even compete with) the operating system, and corporate security managers.

This assertion comes with caveats, however. In the three Patch Tuesdays since Vista's launch, there's been one patch, MS07-010, that affects Vista. The patch became available in February to defend users against a critical vulnerability related to the way the Microsoft Malware Protection Engine parses Portable Document Format, or .pdf, files. This vulnerability, while not within Vista itself, could nevertheless allow attackers to remotely execute code on a company's PCs running Vista.

Fewer patches was one of the goals that Microsoft has for Vista, "but let's be clear that there will be vulnerabilities found in Vista, which is why we took the defense-in-depth strategy that we did," says Stephen Toulouse, senior product manager in Microsoft's Trustworthy Computing Group. Early claims aside about just how much Vista would improve a company's security, Microsoft rightly recognizes now that security requires way more than a well-written operating system with some security features. Toulouse makes it clear that Microsoft never promised that Vista would signal the end of the monthly patch cycle. "One of the things that you knew from the outset is that no one can get the software code 100% right," he says.

With Vista, Microsoft touts new security features such as BitLocker full-disk encryption, User Access Control, and the Windows Defender anti-spyware software that ships with every copy of the new Windows operating system. Microsoft has also spoken, at Black Hat security conferences and elsewhere, about new, more secure design and development processes when creating Vista. This included inviting security researchers to speak with Microsoft programmers at its Redmond offices through the Blue Hat program.

Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 27, 2014
Who wins in cloud price wars? Short answer: not IT. Enterprises don't want bare-bones IaaS. Providers must focus on support, not undercutting rivals.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Howard Marks talks about steps to take in choosing the right cloud storage solutions for your IT problems
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.