Home | Business News | Browse by Publication | [0-9] | eWeek

Vista Security Check: This Time Microsoft Means Business.

Article Excerpt
It's true Microsoft says it every time, but the software maker paid particular attention to security in Windows Vista. The company took more advice and more risks than ever before, deprioritizing many other concerns that were heretofore paramount. We're still only in beta, but does it look like Microsoft has delivered?

Luckily the company just published a document titled "Microsoft Windows Vista Security Advancements," so we have a list of its own claims to evaluate. And just last week we heard of a significant advance in Vista that didn't make the PR document.

The Security Development Lifecycle. Three years ago Microsoft created a security group to be involved with development at all stages, but Vista is the first product to be designed from the ground up with such consideration. (Actually, it sounds remarkable that such a development is so recent, but at least Microsoft finally did it.)

Has this made a difference? The jury's still out. But it's encouraging to hear some of the measures used. All buffers in the code are marked up to assist automated analysis tools. Fuzz testing is used extensively throughout development. Microsoft says it is pursuing Common Criteria certification.

Restricted Services. This is an excellent example of how Vista takes the "least-privileged" philosophy seriously. Windows services are programs that run prior to user log-on. Many parts of Windows itself, such as the plug-and-play manager, run as services, as do many third-party programs such as anti-virus programs.

Do your machines meet Vista's requirements?

Click here [link omitted] to read more.

The previous approach has been to log on services with a special account called the LocalSystem account, which is a relatively privileged account, often...

View this article FREE - Now for a Limited Time, try Goliath Business News
Free for 3 Days!