Windows Vista: Are Security Projections Too Ambitious?


Perhaps the most interesting aspect of this interview at The Age with Marc Maiffret, the head of eEye Digital Security, is not that he predicts hackers will find new vulnerabilities in Windows Vista.


It's that Maiffret says users simply shouldn't expect that any vendor will ever create a perfectly secure operating system, so get over it.


The article does a nice job of running through the advance of Vista loading different processes randomly at startup -- a change that another security expert says should be a big deterrent to hackers. But Maiffret -- whose company last week reported a remote vulnerability with Office 2007's Publisher software -- remains unconvinced.


An interesting roundup at itWorldCanada essentially asks a group of security researchers what they think about Microsoft's Vista security promises -- more specifically, exec Ben Fathi's stated goal of seeing half as many security bulletins for Vista in its first year as were released for Windows XP in the same time frame.


Most of the experts agreed that Vista will certainly make it tougher on hackers, but they add that the crooks are a resourceful lot. Minoo Hamilton of nCircle Network Security, who predicted perhaps a 20 percent decrease in Vista exploits, said:

"In the case of Vista, owning a box will now require multiple hoops or combining exploits, like a browser vulnerability and a local vulnerability that gives privilege escalation, for example. In any case, I believe this raising the bar will coincide with the trend of increased sophistication of attackers and balance out."

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.