Security firms, and almost everyone else it seems, are falling over each other to attack Microsoft over the security of the latest edition of its Windows operating system, Vista. IT Weekly looks at what has been said and whether the criticism is justified
While the consumer launch of Vista - the latest version of its Microsoft operating system - was accompanied by glitzy events around the globe, perhaps the biggest fireworks were reserved for elsewhere. Microsoft chairman Bill Gates' widely-reported remarks that Vista is "dramatically more secure than any other operating system released" seems to have provoked a backlash from security firms who have been queuing up to warn of weaknesses in the OS.
For instance, vendor Webroot Software said last week that the Windows Defender program failed to block 84% of viruses it tested on it - including 15 of the most common pieces of malicious code.
And numerous other firms and individuals are also looking to find flaws in Vista - whether to find ways to protect against them or to exploit them. In an indication of just how prized the discovery of vulnerabilities in the OS are, Security firm iDefense Labs has offered a US$6,000 bounty to researchers who find holes in Vista, with a further US$4,000 to those who find exploits for them.
Microsoft says it is happy to work with companies that try to find vulnerabilities in Vista, but the sheer number of firms that seem to be targeting the software giant is being seen as a concern by some.
"If other people identify flaws or other challenges in the software then we are going to be open to identifying these," Bharat Kumar, business and marketing director for Microsoft Gulf, told IT Weekly.
Gates' claim about Microsoft's latest operating system rests on a number of features built into Vista, which are aimed at making the OS safer, especially for users who do not have a great deal of technical experience. However, the actual usefulness of several of these features has been called in to question.
In another report issued last week, Kaspersky Lab said that the User Account Control and PatchGuard features, which monitor ‘suspicious' activity, will generate so many alerts that users would be more likely to turn the features off.
"A system which is configured in such a way that everything is blocked except for access to designated sites could be regarded as being absolutely secure," said Alisa Shevchenko of Kaspersky Lab, in an article on the firm's web site, adding however that "the majority of users will find the significant restrictions on actions, which effectively sterilise the system, unacceptable", and hence in practice the features would prove ineffective.
Another gripe concerning Vista's security is that some features the vendor has marketed as key to the system's security will not be available to all.
One major component in safeguarding Vista - the Bitlocker user access control - is only available to customers who use Microsoft's Software Assurance programme, aimed at corporate users, or the high-end Vista Ultimate version, Kumar admitted.
Despite the attacks on Vista's security, the majority of firms in the sector do acknowledge that it is the most secure Windows version to date, just not the most secure OS ever.
"It is Microsoft's most secure OS, without a shadow of a doubt," said Justin Doo, managing director of Trend Micro Middle East. "It comes down to the question of is it good enough?
"The big market for Vista right now is the consumer and SoHo (small office home office) market," added Doo.
"The average PC user doesn't really want to get involved with security hassles, they just want something that can be set up easily. Whether Vista is sufficiently robust enough to do the job, only time will tell," he went on to say.
The real security challenges for Vista, Doo believes, starts when it becomes widely adopted in the marketplace and hence becomes a bigger target.
As more users start to adopt Vista, they will need to make some hard choices as to just how secure they believe it to be.