Windows Vista Security At 90 Days: How's It Doin'? - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Business & Finance

Windows Vista Security At 90 Days: How's It Doin'?

Security firms say it depends on whether you believe Microsoft should be judged on how far it's come or how far it has yet to go.

Three months into a life that could one day see it become the most prevalent operating system used in business, time to assess whether Microsoft has kept its related to Vista's security. The answer depends upon which promises you remember and whether you believe Microsoft should be judged on how far it's come or how far it has yet to go.

The short answer: Windows Vista is a solid improvement over its predecessors. After 90 days and with a relatively small number of deployments upon which to judge Microsoft's success, that's the consensus from security researchers, third-party vendors that rely on (and even compete with) the operating system, and corporate security managers.

This assertion comes with caveats, however. In the three Patch Tuesdays since Vista's launch, there's been one patch, MS07-010, that affects Vista. The patch became available in February to defend users against a critical vulnerability related to the way the Microsoft Malware Protection Engine parses Portable Document Format, or .pdf, files. This vulnerability, while not within Vista itself, could nevertheless allow attackers to remotely execute code on a company's PCs running Vista.

Fewer patches was one of the goals that Microsoft has for Vista, "but let's be clear that there will be vulnerabilities found in Vista, which is why we took the defense-in-depth strategy that we did," says Stephen Toulouse, senior product manager in Microsoft's Trustworthy Computing Group. Early claims aside about just how much Vista would improve a company's security, Microsoft rightly recognizes now that security requires way more than a well-written operating system with some security features. Toulouse makes it clear that Microsoft never promised that Vista would signal the end of the monthly patch cycle. "One of the things that you knew from the outset is that no one can get the software code 100% right," he says.

With Vista, Microsoft touts new security features such as BitLocker full-disk encryption, User Access Control, and the Windows Defender anti-spyware software that ships with every copy of the new Windows operating system. Microsoft has also spoken, at Black Hat security conferences and elsewhere, about new, more secure design and development processes when creating Vista. This included inviting security researchers to speak with Microsoft programmers at its Redmond offices through the Blue Hat program.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
2019 State of DevOps
2019 State of DevOps
DevOps is needed in today's business environment, where improved application security is essential and users demand more applications, services, and features fast. We sought to see where DevOps adoption and deployment stand, this report summarizes our survey findings. Find out what the survey revealed today.
Commentary
Will AI and Machine Learning Break Cloud Architectures?
Lisa Morgan, Freelance Writer,  6/10/2019
Slideshows
9 Steps Toward Ethical AI
Cynthia Harvey, Freelance Journalist, InformationWeek,  5/15/2019
Commentary
Humans' Fascination with Artificial General Intelligence
Guest Commentary, Guest Commentary,  6/6/2019
Register for InformationWeek Newsletters
Video
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll