This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Disclosure of a zero-day vulnerability doesn't alter the claim that Vista is the safest Microsoft operating system so far, says company's security manager.
Last week's disclosure of a zero-day vulnerability in Windows Vista doesn't put a lie to the claim that it's the safest Microsoft operating system so far, a company security manager has said.
"The finding of vulnerabilities in any software is to be expected," said Stephen Toulouse, senior product manager with Microsoft's security technology group, in a blog posting earlier this week. "This is all part of the process of creating complex software today, and no one is immune to it. It's not, as they say, big news to us in the security industry."
Proof-of-concept code for an unpatched bug in all supported versions of Windows, including Vista, went public last week, prompting warnings from security vendors who classified the flaw as a low or medium threat. Microsoft has said it was "closely monitoring" the situation, but has not released any additional information since Dec. 22.
Toulouse countered that the exploit doesn't invalidate Microsoft's contention that Vista is more secure than its predecessor, Windows XP. "This product [is] the most secure version of Windows we've produced to date. That doesn't mean 'zero vulnerabilities.' No one can claim that crown," he added.
He also predicted that users would see more vulnerabilities early in Vista's lifespan than in previous versions of Windows. "We're probably going to see a higher initial rate of reported vulnerabilities to us than with previous versions of our products, given the early view researchers have had into Vista," Toulouse said. "This is going to help make the product stronger before many of the threats against it have a chance to emerge."
Other Microsoft executives, including Jim Allchin, the soon-to-retire head of the Windows unit, and chief executive Steve Ballmer, have repeatedly said that Vista will prove to be the most secure Windows yet. Like Toulouse, Allchin also has noted that no software can be considered 100% safe.
Said Toulouse: "No one will ever get the software right 100% out of the gate."
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
2021 State of ITOps and SecOps ReportThis new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!