Vista security an issue at show
Microsoft Corp. has placed security as one of the top selling points for the Windows Vista OS, due out at the end of next year. But exactly how much more secure Vista will be than its predecessors is a point of concern here at the Microsoft IT Forum 2005 in Barcelona.
Vista will face an increasingly malicious online playing field, where it will be carefully probed by virus writers and hackers, said industry insiders here.
Banks haven't been able to completely stop bank robbers, said Amy Roberts, Microsoft's director of the Security Business and Technology Unit, but many of the new features in Vista will reduce the risk and ability for machines -- and their users -- to fall victim.
"I do think it will offer improved protection," Roberts said Wednesday during an interview at the Microsoft IT Forum 2005 in Barcelona.
And some security experts appear to agree that it has improved. Marcus Murray, senior security advisor for TrueSec AB, said he had seen Vista's security features under a nondisclosure agreement. While he did not elaborate on specifics, he said security was better, but warned that nothing is invulnerable.
A few of those security features have already been incorporated into Windows XP Service Pack 2, including data-execution protection that uses both software and hardware capabilities to deflect damage from buffer-overflow attacks, Roberts said. Antispyware protection under the renamed product Windows Defender will be incorporated into Vista, through Internet Explorer 7.
In addition, a user-account protection feature in Vista allows for greater control of the access a person has to perform certain functions, Robert said.
Murray commented on Vista during a session titled "Why I can hack your Windows network in a day." Earlier in the session, Murray showed how it was possible to perform several hacks by downloading a few free GUI (graphical user interface) tools. One of those he demonstrated was a Trojan horse creation and management tool.
Running on a host computer after delivery via e-mail, the Trojan allows for complete control of the computer and installation of a range of other malicious tools that allow other actions such as keystroke logging, Murray showed. After the Trojan was installed, a window popped up in the lower right-hand corner on Murray's computer that said "A new victim is available."
"Almost anybody today can be a hacker," he said.
When asked if the free hacking tool would work with Windows Vista, he said it is possible it would but in any case "there will be new tools."
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
