By Jennifer LeClaire TechNewsWorld Part of the ECT News Network
12/27/06 12:02 PM PT
Microsoft's claim of superior security in its new Vista Vista OS already faces challenges, with a set of vulnerabilities reported Tuesday that affect IE and Firefox Web browsers, as well as the Exchange Server. Though a hacker could exploit these flaws to commandeer a Vista-based computer, the software giant insists the problems are minor.
Are you making the most of your CRM tool? Download the complimentary Angel.com white paper "Five Ways to Put Your CRM to Work for You and Your Customers" to learn how a voice-enabled CRM solution will help you take advantage of the telephone as a sales, marketing, service and support channel.
For all the talk about safety and
security as a foundational promise of Windows Vista, Microsoft's (Nasdaq: MSFT) new operating system, released to business users in late November, has already been found to contain several potentially serious vulnerabilities.
A programming flaw, thought to be the first identified in the new OS, could let hackers take full control of a computer running the software. It was recently disclosed on a Russian Web site.
Another flaw, which can be executed via Internet Explorer and Firefox Web browsers, can corrupt memory during handling of certain types of requests.
Yet another flaw has been identified in Microsoft Exchange. It allows anyone to shut down the Exchange server by sending a malformed e-mail . Though this flaw does not allow a remote attacker to take over the system, it does cause the mail server to crash.
Microsoft's Spin
Microsoft has seen its share of security flaws in its earlier operating systems, browsers and other products; however, the Vista flaw is a black eye on a new product that Microsoft spent years developing and has touted for its robust security features.
Microsoft said it is investigating the threat and so far has found that a hacker must already have access to a vulnerable computer in order to launch an attack.
"Currently, we have not observed any public exploitation or attack activity regarding this issue. While I know this is a vulnerability that impacts Windows Vista, I still have every confidence that Windows Vista is our most secure platform to date," said Mike Reavey, operations manager of the Microsoft security response center.
The Real Story
The relative impact on Vista users is small, according to most security researchers. The breaches don't seem to be critical, and the software is not widely deployed. Most corporations that are running Vista are in trial mode, and consumers won't have a chance to upgrade or buy new computers with Vista until January 30.
That means Microsoft still has time to make corrections before the product hits store shelves. Vista and other current-generation software offer the ability to self-update and apply any security patches during the installation process. The time to find issues with the program, however, is growing short.
News of a Vista flaw could hinder public perception, according to Enderle Group Principal Analyst Rob Enderle, and that's good news for antivirus software companies.
"It doesn't really matter if Vista is invulnerable or not. No product is invulnerable. If the buying public views the product as good enough -- much like Apple (Nasdaq: AAPL) users don't feel they need antivirus products -- then they won't buy antivirus products for Vista," Enderle told TechNewsWorld.
Security Firms' Stake
Security software firms, including
McAfee and
Symantec (Nasdaq: SYMC) , do not want to see that happen.
"No company, from McAfee all the way to Kaspersky, can maintain revenue if folks who deploy Vista stop buying their products. Security firms are having a major coronary over that possibility," Enderle claimed. "The firms have been working pretty hard to try to find holes and create a viable threat."
new operating system, released to business users in late November, has already been found to contain several potentially serious vulnerabilities.
Talkback: 
