Windows 7 may be secure, but are Windows users safe?
Windows 7 users got a nice surprise on Tuesday when Microsoft released its first set of security patches since unveiling the new operating system last month. Of the 15 bugs patched, none affected Windows 7.
When Microsoft launched Windows 7, it was billed as the company's most secure release ever -- the culmination of a nine-year "Trustworthy Computing" effort to shore up a product line that had been riddled with major security holes.
But does stress-tested software really matter to Microsoft's customers, seemingly besieged by more online attacks than ever before? Microsoft had years to improve Windows XP, but the Conficker worm, which began spreading last year, is now thought to have infected more than 7 million Windows machines. And for every Windows bug that gets squashed, hackers seem to find new problems in the software that runs on top of Microsoft's operating system -- Flash Player, QuickTime and Java.
"Windows 7 is definitely by far the most secure system they've shipped," said Dave Aitel, chief technology officer with Immunity, a security company that spends a lot of time finding the latest software bugs. "I guess the question that everybody is asking right now is, 'Is this enough?'"
The man behind Microsoft's Trustworthy Computing initiative, Chief Research and Strategy Officer Craig Mundie, says the industry still has work to do. “We’ve made huge progress with respect to security around the core OS technology in the Windows PC," he said in a recent interview. "But as we did that and the 'Net became more prevalent, the bad guys continued to evolve their attacks."
This is Microsoft's conundrum. Windows may be safer, but cyber-criminals still have plenty of other places to attack. And when you can hit hundreds of millions of users with a single attack, why change the game plan? So most of the worst attacks today still target PCs running Windows, whether the OS itself is secure or not.
Take spear-phishing. Attackers are getting so good at sending these highly customized e-mail messages, complete with malicious attachments, that the underlying security of Windows is almost irrelevant.
"The problem with the targeted attacks is that there's so much money that they can actually trump the security," said Alan Paller, director of research for the SANS Institute, a security training company. "The amount of money that governments and large industrial crime groups have to spend is enough to trump any of the defenses we have."
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
Microsoft
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
