Microsoft: Vista's Secure, Not Perfect

Last week's disclosure of a zero-day vulnerability in Windows Vista doesn't put a lie to the claim that it's the safest Microsoft operating system so far, a company security manager has said. "The finding of vulnerabilities in any software is to be expected," said Stephen Toulouse, senior product manager with Microsoft's security technology group, in a blog posting earlier this week. "This is all part of the process of creating complex software today, and no one is immune to it. It's not, as they say, big news to us in the security industry."

Proof-of-concept code for an unpatched bug in all supported versions of Windows, including Vista, went public last week, prompting warnings from security vendors who classified the flaw as a low or medium threat. Microsoft has said it was "closely monitoring" the situation, but has not released any additional information since Dec. 22. Toulouse countered that the exploit doesn't invalidate Microsoft's contention that Vista is more secure than its predecessor, Windows XP. "This product [is] the most secure version of Windows we've produced to date. That doesn't mean 'zero vulnerabilities.' No one can claim that crown," he added.

View: The full story
News source: CRN

Report a problem with article
Previous Story

Apple reveals stock option errors

Next Story

Wireless USB nears last hurdle before launch

17 Comments

Commenting is disabled on this article.

Unfortunately some people need the obvious stated to them. All the anti-MS fanboys out there were hyping the story about the Vista flaw up so much, it needed someone to come out and state the bleeding obvious - no OS is completely secure, no matter what anyone says.

Actually "most secure Windows to date" doesnt mean jack, considering how terribly bad all previous Windows versions were.

Actually it has. If I call this app hosted on php 1.7.2 and pass thousand of As and some code as a parameter name and value the engine will execute arbitrary code atoed in the data.

This should shock no one, it was only a matter of time. I wouldn't have guessed that the first vulnerability would have been found it all previous OSs though.
Anyhow now that it is overwith everyone can move on and start approving those VISTA patches in WSUS that are bound to come out soon.

Quote - xploit1030 said @ #3
This should shock no one, it was only a matter of time.

I think it shocked Jim Allchin.

During a telephone conference with reporters yesterday, outgoing Microsoft co-president Jim Allchin, while touting the new security features of Windows Vista, which was released to manufacturing yesterday, told a reporter that the system's new lockdown features are so capable and thorough that he was comfortable with his own seven-year-old son using Vista without antivirus software installed.

http://www.betanews.com/article/Allchin_Su...irus/1163104965

Quote - toadeater said @ #3.1

I think it shocked Jim Allchin.

During a telephone conference with reporters yesterday, outgoing Microsoft co-president Jim Allchin, while touting the new security features of Windows Vista, which was released to manufacturing yesterday, told a reporter that the system's new lockdown features are so capable and thorough that he was comfortable with his own seven-year-old son using Vista without antivirus software installed.

http://www.betanews.com/article/Allchin_Su...irus/1163104965

Never seen that before. So how does this "lockdown" work? Is this just UAC he's rambling on about?