How much will Windows (Vista) security matter?

Associated Press ^ | December 10, 2006 | Brian Bergstein

[Zakeet]

NEW YORK - Microsoft Corp. took great pains to improve security in its newly released computer operating system, Windows Vista, redesigning it to reduce users' exposure to destructive programs from the Internet. Outside researchers commend the retooled approach — yet they also say the changes won't make online life much safer than it is now.

Why not? Partly because of security progress that Microsoft already had made in its last operating system, Windows XP. Also because a complex product like Vista is bound to have holes yet to be discovered. And mainly because of the rapidly changing nature of online threats.

Sure, Microsoft appears to have fixed the glitches that used to make it easy for viruses, worms and other problems to wreck PCs. But other avenues for attack are always evolving.

"Microsoft has made the core of the operating system more secure, but they've really solved, by and large, yesterday's problems," said Oliver Friedrichs, director of emerging technologies at antivirus vendor Symantec Corp.

That claim would not please Microsoft, which touts Vista's improved security as a big reason why companies and consumers will want to upgrade to the new operating system.

[Zakeet]

Researchers say the changes won't make online life much safer than it is now.

And of course, Microsoft disagrees.

[taxed2death]

.....funny...I just got some PITA virus last week on my last remaining windoze box (all my other ones run MEPIS)...now after about 15 minutes of use the virus takes control of my cursor and zips it all around my screen at warp nine clicking open windows and starting programs until it locks the system up, usually within 30 seconds. I've not been able to trace this latest bugger down.

Anyone heard of this latest gem?

I run McAfee AV suite and have firewalls up and somehow this one slipped by.

[upchuck]

Poll I saw recently on an uber geek forum:

How soon will you begin using Vista?

Probably never          14%

I'm using it now         1%

0-3 months               1%

3-12 months             19%

Not until I'm forced to 65%

There were 3,519 responses.

[dangerdoc]

Poltergeist?

Maybe you need Norton Exorcist version 666.

[advance_copy]

My prediction: security will be a problem for Vista out of the box. Then, by about the middle of 2008, Microsoft will have battened down the hatches and Vista will be pretty solid.

Of course, you could install linux... Ubuntu is supposed to be pretty cool (ROFL - my "you could install linux" comment got some vehement opposition in the last Vista thread).

One FReeper (I think it could have been Rush Limbaugh in disguise) suggested that you buy a daggone Mac and be done with it. But, and I say this with all sincerity, friends don't let friends use Macs.

[Neidermeyer]

I just spent the best part of a day patching an old XP laptop up to current levels (unused for about a year) .. Vista is built on the same modules as XP and 2000 and NT4 , just some fancy graphics and the latest security patches ... anything that can suck up 200 times the ram as the first mainframe I worked on just to load the OS means that there are a TON of holes to exploit ... I would actually pay for a OS from MS if they could fit it onto 1 CD (not DVD) and it was solid and fast I don't want big bulky and flaccid I just need compatibility and support.

[chilepepper]

to give you an idea how "brilliant" Microsoft was in designing Vista, they completely rewrote the TCP/IP stack from the ground up WOW!!! Wow as in "oh no".

if you think rewritting a TCP/IP stack is a good idea, you know *nothing* about security. as an example, the Vista stack became immediately succeptible to the ancient "Land" attack which was fixed in Windows 95!

Microsoft has painfully had to clean up their present stack (which they *STOLE* from openBSD for Window2000) over a period of years. Given that they are revisiting each and every TCP/IP stack weakness from the last 10 or 15 years, things do not bode well for Vista *at all*

[goldstategop]

Microsoft's software partners have a vested interest in selling you third party software. I don't believe the threat's that dire. In five years, I've never had a virus related problem with Windows XP.

"Show me just what Mohammed brought that was new, and there you will find things only evil and inhuman, such as his command to spread by the sword the faith he preached." -Manuel II Paleologus

[RayChuang88]

I've seen many of the technical details for Windows Vista and one thing that Microsoft did is heavily revamp their memory management so the type of buffer overrun issues that can be used to install malware has pretty much been controlled. But this change will break a lot of programs out there, so many software companies are developing new versions of their software to work specifically with Vista.

[goldstategop]

Most programs will still run fine. But you may need upgrade those incompatible with Vista.

"Show me just what Mohammed brought that was new, and there you will find things only evil and inhuman, such as his command to spread by the sword the faith he preached." -Manuel II Paleologus

[Knitebane]

Microsoft's software partners have a vested interest in selling you third party software. I don't believe the threat's that dire. In five years, I've never had a virus related problem with Windows XP.

On the other side of the equation, consider this:

90% of all email running across Earthlink's mail servers is spam. Of the spam, 90% of it comes not from real mail servers (regardless of OS) but from compromised Windows machines.

So, while you may not have had trouble, there are millions out there who have and it costs us all.

[SunStar]

Sounds like a correct regurgitation of a Security Now podcast from earlier this year. Good job!