The Windows operating system always has been notorious for its security flaws. This has been partly because its ubiquity makes it the most widespread target for hackers and thieves, but it's also because Microsoft's security efforts have often been clumsy or incomplete.
But with Vista, the much-ballyhooed (and delayed) version of Windows, the company seems to finally be on the right track. Dan Kaminsky, senior researcher at DoxPara Research, says that after eight months of kicking Vista's security tires, he's convinced that Microsoft has learned from its mistakes.
"Vista's security is at a level I didn't think was possible at such a large software development house," he says. "They just get it."
Microsoft enlisted Kaminsky and other "white hat" researchers to help it uncover flaws and vulnerabilities in Vista, which will likely be attacked at least as relentlessly as past versions of Windows from the moment it's released.
The project instilled such confidence in the OS among Microsoft officials that at the Black Hat security conference in Las Vegas last week, the company invited about 3,000 security professionals to try and poke holes in the system.
"Security researchers can offer unique expertise and insight and play an important role in helping Microsoft protect its customers and improve its products," explains a Microsoft security spokesperson. "Black Hat [was] an exceptional opportunity for engaging this community. [Because] Vista is still a product in development, we look forward to any feedback we receive from security researchers and will evaluate how best to incorporate that feedback to protect customers."
That the company agreed to such an unusual unveiling is evidence of its confidence in the new OS, something Kaminsky says he noticed while working with Microsoft's security group.
"When we found a flaw, we immediately got access to whomever we needed to talk about it with," he says, adding that it wasn't simply a matter of Microsoft responding to the researchers. "We dealt with a large number of teams, and they all had lists of known vulnerabilities for us before we started; it was like having Cliffs Notes for a security audit. The teams really understood what their responsibility was in getting good code out the door."
Kaminsky says that while new Vista vulnerabilities will be inevitable, the OS marks Microsoft's best attempt yet at creating an airtight solution.
"It's clearly better than Windows XP/Service Pack 2," he says. "They've taken the opportunity with a major OS release to implement a lot of deep structural changes that will make Windows more secure. I'm not sure you can ever achieve total security, but they've really cleaned up a lot of things."
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Gartner Repeats Vista Delay Prediction
- Microsoft Drops Name IE 7+
- Black Hat Conference: Possible Cisco Firewall Vulnerability Reported
- Worker Abuse Protest Targets Apple, Supplier Foxconn
- Symantec Says Anonymous Behind Extortion Plot
- Microsoft Taps Cisco Exec To Manage Public Sector Business
- Microsoft Sets Feb. 29 For Windows 8 Consumer Preview Release
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
