Microsoft bets big on Vista security

Microsoft bets big on Vista security

Microsoft's Vista developers can't catch a break these days. After years of warnings from security researchers that old code in Windows was creating security risks, the software giant decided to rewrite key parts of the operating system.

The result? Last month, Symantec published a report suggesting all of this new code will introduce new security problems.

"The network stack in Windows Vista was rewritten from the ground up. In deciding to rewrite the stack, Microsoft has removed a large body of tried and tested code and replaced it," Symantec wrote, noting that it found vulnerabilities in the Windows Vista networking software.

"Despite the claims of Microsoft developers, the Windows Vista network stack as it exist today is less stable than the earlier Windows XP stack," it said after examining a beta release of the software.

After years of being blamed for countless security problems, Microsoft may be in a no-win situation.

"You get beaten up if you modify the old code; you get beaten up if you write new code," Cybertrust senior information security analyst, Russ Cooper, said. "The historic complaint against Microsoft has been that its code is bloated with all this legacy stuff. Rewrite it and now, 'this is too new; this is untested'."

The fact that Symantec was able to discover flaws in a beta release should not raise eyebrows, Cooper said.

"There's a reason products are put in to beta, and it isn't because people just want to see the default colours change," he said.

More secure

If customers do not ultimately see Vista as a more secure product than its predecessor, however, it will be a disaster for Microsoft - on an epic scale. Over the past few years, the company has literally reinvented the way it produces software, instituting a new set of software development practices known as the Security Development Lifecycle.

It has retrained developers, built a suite of automated security testing tools, and, most remarkably, invited scores of independent researchers to have unprecedented access to early versions of Vista.

"Vista is really the first release of the operating system to go through our Security Development Lifecycle from beginning to end," corporate vice-president of Microsoft's security technology unit, Ben Fathi, said. "That's fundamentally a different way of looking at building security into the platform."

Microsoft has gone to great lengths to publicise its Security Development Lifecycle, which was used in the development of Windows XP Service Pack 2 and SQL Server 2005.

Company executives claim the strict development guidelines used for XP Service Pack 2 played a big role in eliminating the widespread worm virus outbreaks that seemed so common just three years ago.

The emphasis on security is perhaps best illustrated by an event that Microsoft executives have declined to discuss in detail: the recent slip in Vista's ship date.

Last March, Microsoft grabbed headlines by announcing Vista would not be available in time for the 2006 holiday shopping season, as expected. It never gave specific reasons for the miss, but it was a major setback for a product already five years in the works. Microsoft immediately reorganised the Platforms and Services Division responsible for the delay, putting a new executive, Steve Sinofsky, in charge of Windows development Privately, several sources familiar with Vista's development say security concerns caused the widely publicised slip in the product's ship date.

ARN Survey on MSPs
ARN needs to profile the Managed Service Provider (MSP) in YOU!, so please spare a moment and TAKE THE MSP SURVEY NOW

Follow Us

Join the ARN newsletter!

Error: Please check your email address.



IN PICTURES: Veritas end of year party in Melbourne (+45 photos)

IN PICTURES: Veritas end of year party in Melbourne (+45 photos)

Veritas recently hosted its end-of-year event for its partners and customers at Club 23, Crown Towers in Melbourne. As the company is progressively launching its new company and brand – all things red was the theme for the evening. Veritas' Paul Simos made his thank you speech while guests mingled amongst drinks and food. Here are some pictures from the evening.

IN PICTURES: Veritas end of year party in Melbourne (+45 photos)
IN PICTURES: QNAP enterprise launch VIP event (+37 photos)

IN PICTURES: QNAP enterprise launch VIP event (+37 photos)

QNAP recently held a channel event for its key partners in Melbourne where its vendor partners took the opportunity to showcase their latest technologies. Some of them also took to stage and spoke about some of the current trends in the market. Here are some pictures from the Melbourne event.

IN PICTURES: QNAP enterprise launch VIP event (+37 photos)
IN PICTURES: IBM A/NZ Business Partner Symposium 2015 (+16 images)

IN PICTURES: IBM A/NZ Business Partner Symposium 2015 (+16 images)

​The newly revamped IBM A/NZ, including new channel boss, Rhody Burton, unveiled its One Channel programme as part of its 2015 Business Partner Symposium at Sydney's Luna Park. Photos By Allan Swann

IN PICTURES: IBM A/NZ Business Partner Symposium 2015 (+16 images) is a channel management ecosystem that automates all major aspects of the entire sales, marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Show Comments