Windows Vista Security At 90 Days: How's It Doin'?
Security firms say it depends on whether you believe Microsoft should be judged on how far it's come or how far it has yet to go.
Three months into a life that could one day see it become the most prevalent operating system used in business, time to assess whether Microsoft has kept its related to Vista's security. The answer depends upon which promises you remember and whether you believe Microsoft should be judged on how far it's come or how far it has yet to go.
The short answer: Windows Vista is a solid improvement over its predecessors. After 90 days and with a relatively small number of deployments upon which to judge Microsoft's success, that's the consensus from security researchers, third-party vendors that rely on (and even compete with) the operating system, and corporate security managers.
This assertion comes with caveats, however. In the three Patch Tuesdays since Vista's launch, there's been one patch, MS07-010, that affects Vista. The patch became available in February to defend users against a critical vulnerability related to the way the Microsoft Malware Protection Engine parses Portable Document Format, or .pdf, files. This vulnerability, while not within Vista itself, could nevertheless allow attackers to remotely execute code on a company's PCs running Vista.
Fewer patches was one of the goals that Microsoft has for Vista, "but let's be clear that there will be vulnerabilities found in Vista, which is why we took the defense-in-depth strategy that we did," says Stephen Toulouse, senior product manager in Microsoft's Trustworthy Computing Group. Early claims aside about just how much Vista would improve a company's security, Microsoft rightly recognizes now that security requires way more than a well-written operating system with some security features. Toulouse makes it clear that Microsoft never promised that Vista would signal the end of the monthly patch cycle. "One of the things that you knew from the outset is that no one can get the software code 100% right," he says.
With Vista, Microsoft touts new security features such as BitLocker full-disk encryption, User Access Control, and the Windows Defender anti-spyware software that ships with every copy of the new Windows operating system. Microsoft has also spoken, at Black Hat security conferences and elsewhere, about new, more secure design and development processes when creating Vista. This included inviting security researchers to speak with Microsoft programmers at its Redmond offices through the Blue Hat program.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.