Windows Vista

[Al-khiyal]

SEATTLE/SAN FRANCISCO (Reuters) - Computer hackers are off and running trying to find vulnerabilities in Microsoft Corp.'s new Windows Vista operating system, putting to test the software maker's claim that it is the most secure Windows program ever.

The new version of Windows, the computer operating system that runs over 95 percent of the world's computers, became available to consumers on Tuesday after five years of development and a number of delays to improve security.

A high-profile new product like Windows Vista draws interest from the entire spectrum of the computer security industry, ranging from hackers trying to exploit a breach for criminal means to researchers looking to make a name for themselves as security experts.


"For sure, people are hammering away on it," said Jeff Moss, the organizer of Defcon, the world's largest hacking convention. "If you are a bad guy and you find a problem, you have a way to spread your malware and spyware."

Most security experts see Vista as a more secure operating system than its predecessor, Windows XP, but even Microsoft acknowledges it's not impenetrable and attackers will undoubtedly look for a way in.

Attackers can use spyware programs to monitor a computer remotely and collect personal information on a user. They can also control machines remotely to attack Web sites, send spam e-mail or defraud online advertisers.

Vista's comes with built-in anti-spyware software, and new account controls curb the ability of users to unintentionally install harmful programs. The high-end versions come with a feature called BitLocker that encrypts a computer's hard drive in the case of a lost or stolen machine.

"We know from the outset that we won't get the software code 100 percent right. No one does in the entire software industry ... but Windows Vista has multiple layers of defence," said Stephen Toulouse, senior product manager at Microsoft's trustworthy computing group.

Windows Vista runs over 50 million lines of software code and Redmond, Washington-based Microsoft invested $6 billion (3 billion-pound) to develop the first new operating system since it released Windows XP in October 2001.

Microsoft's ability to protect Windows from attackers is seen as a critical litmus test for a product that generated more than $10 billion in sales last year, especially to large institutional customers who are extra careful.

Another key element in Microsoft's plan to combat attacks will be automatic Windows updates sent to Vista users to patch up vulnerabilities and changes to its anti-spyware products.

In the past, attackers honed in on vulnerabilities in the core Windows operating system, but those types of attacks are being cast aside for attacks from e-mail, instant messaging and applications downloaded from the Web.

"In the past with XP, they could attack the operating system itself to infect you. Today the OS is stronger but threats can still get on your system," said Oliver Friedrichs, director of emerging technologies at security software maker Symantec Corp.

Johannes Ullrich, a cyber security expert at the SANS Institute research group, expects hackers are working furiously to win recognition as the first to find and publicize a security hole in Vista.

He also cautioned that hackers would still be able to launch attacks by taking advantage of vulnerabilities in Internet Explorer and Microsoft Office, and warned that criminals would hold off on exploiting holes until more users adopt Vista.

"Being the first to write an exploit for Vista is something a lot of people would like to do," Ullrich said in a telephone interview. "But ultimately any exploit will be used for financial gain."

Windows Vista's hyped security will be tested

[eyad]

i saw the vista launching a time ago, what i liked is the new develpment done with it though they were late a bit to be done with it !!
Another point i hope to consider is the updatings - which are available from day to the other- cuze in my Xp version (home one) i have at least of about 60 updates that are clustered in my downloaded updates... in short, they could have the ability of merging the updates with the original windows, that we should not c them in the add/remove programs.
last point is the interface which i think is cheerful and pretty nice, it would be great if not taking that much loading in the start-up..

P.S.: no harm of using MAC

[piccolomondo]

With the launch of Windows Vista, many people are wondering if they should upgrade their computers to the new operating system. Use the Windows Vista Upgrade Decision Flowchart to help you decide if an upgrade is right for you.

Download the large (.jpg) or (.pdf) file for printing and posting in your office for easy reference.

[piccolomondo]

CNet (video)

"Even if you could install windows ultimate, even if you paid for it,
you may not be able to use everything that's in there."

[Al-khiyal]

After years of delays and billions in development and marketing efforts, it would seem that Microsoft would want anyone who possibly can to buy its new Windows Vista operating system. Yet Microsoft is making it hard for Mac owners and other potentially influential customers to adopt the software.

Microsoft says the blockade is necessary for security reasons. But that is disputed. Some experts contend that the circumstances simply reflect a business decision Microsoft does not want to explain.

The situation involves a technology known as virtualization. Essentially, it lets one computer mimic multiple machines, even ones that have different operating systems. It does this by running multiple applications at the same time, but in separate realms of the computer.

Virtualization has long been used in corporate data centers as a way to increase server efficiency or to test programs in a walled-off portion of a machine. The technology also has been available for home users, but often at the expense of the computer's performance.

But now that Macintosh computers from Apple use Intel chips, just like Windows-based PCs, virtualization programs let Mac users easily switch back and forth between Apple's Mac OS X operating system and Windows. That could appeal to Mac enthusiasts who want access to programs that only work on Windows, including some games.

Consequently, the introduction of Vista seemed to be a good opportunity for Parallels, a subsidiary of SWsoft that sells virtualization products.

Unlike Apple's free Boot Camp program that lets Windows run on a Mac, an $80 virtualization product for Macs that is offered by Parallels does not require users to have just one operating system running at a time. Parallels runs Windows in a, well, window on the Mac desktop.

Parallels also sells a $50 version for Windows PCs, which would let people run both Vista and its predecessor, Windows XP, so they can keep programs that are not yet Vista-compatible.

The price of the virtualization software does not include a copy of Windows. And to get that copy, buyers must agree to Vista's licensing rules — a legally binding document. Lurking in that 14-page agreement is a ban on using the least expensive versions of Vista — the $199 Home Basic edition and the $239 Home Premium edition — in virtualization engines.

Instead, people wanting to put Vista in a virtualized program have to buy the $299 Business version or the $399 Ultimate package.

The least expensive versions of Vista actually would work in virtualization programs. But Microsoft wants to restrict it because of new security holes spawned by the technology, according to Scott Woodgate, a director in Microsoft's Vista team.

Lately, Intel and its biggest chip- making rival, Advanced Micro Devices, have built virtualization-friendly hooks directly into microprocessors. The goal was to make virtualization work better, but Woodgate argues that the move created a security flaw — essentially that malicious programs can run undetected alongside an operating system.

Indeed, last year a security analyst showed how AMD chips with virtualization support made computers vulnerable to such an attack. (That researcher, Joanna Rutkowska, said she presumed it would work on Intel-based systems as well, but she did not have time to try).

AMD challenged the feasibility of such an attack and said virtualization did not decrease computer security. Intel concurred. Bill Calder, one of its spokesmen, called Rutkowska's claims "overstated."

But Microsoft took notice. Woodgate said Microsoft considered banning virtualizing Vista entirely, on all versions. But ultimately, he said, his team decided that the most technically savvy users, or people in companies with tech support, probably could handle Vista in virtualization programs, while home users should be steered away.

The prohibition applies not only to third-party virtualization products like Parallels, but also to Microsoft's own Virtual PC software, which is available as a free download. (It does not apply to Apple's Boot Camp product, which is not virtualization software.)

"We're balancing security and customer choice," Woodgate said.

However, there does not seem to be much evidence that technically savvy people would not want the less expensive versions of Vista.

Ben Rudolph, Parallels' marketing manager, said virtualization customers often just need the most basic version of Windows possible to let some favored application run.

Plus, even though Microsoft will let virtualization products run the higher- priced versions of Vista, some powerful features in those editions are also forbidden in virtualization.

The license agreement prohibits virtualization programs from using Vista's BitLocker data-encryption service or from playing music, video or other content wrapped in Microsoft's copyright-protection technology.

Microsoft says virtualization's security holes make those features dangerous as well.

Rudolph maintains that many users will be so confused that they avoid Vista altogether.

Of course, that is a decision for Microsoft to make, and it seems logical if you buy the security argument.

But not everyone agrees a virtualization lockdown is justified. In fact, virtualization has been considered a security enhancement. If applications run within their own walls, malicious code can be confined to that zone and not infect the rest of the computer.

"Nobody's complained to us that there's security issues with our products," said Srinivas Krishnamurti, director of product management at VMWare, a maker of virtualization software that plans to release a product for Macs this summer.

Apple would not take a position. Lynn Fox, a spokeswoman, said Mac users who want to run Windows in virtualized programs should ask the virtualization vendors about security.

Michael Cherry, an analyst with Directions on Microsoft, said virtualization might indeed introduce complexities and security challenges.

"But they're not greater than the technical issues surrounding some of the other features" that Microsoft decided to include in Vista, he said. "I don't buy that virtualization is dangerous."

Cherry says that what is really going on is that Microsoft wanted to create more differences between the multiple editions of Vista, presumably giving people more reason to buy the most expensive versions.

But Woodgate of Microsoft insisted that this was not a marketing decision.

"We are absolutely working with our partners to resolve this security issue," he said.

Microsoft puts up roadblocks on Vista for Mac owners

[piccolomondo]

This podcast episode examines Microsoft's Vista operating system, and why system requirements and other factors will likely limit corporate adoption over the next few years.

Computerworld TechCast:

Barriers to Vista Adoption
Podcast duration: 5 minutes

[piccolomondo]

Vista’s vulnerability tested by security engineers at McAfee's Avert Labs:

Vista Can Be Taken Down by an Animated Cursor

In what could be the most embarrassing exploit to impact Windows Vista since its commercial launch in January, security engineers at McAfee's Avert Labs confirmed today - and posted the video to prove - that the operating system can be caused to enter an interminablecrash-restart-crash loop, by means of a buffer overflow triggered by nothing more than a malformed animated cursor file.

[...]

Avert Labs' video of the incident, posted to YouTube, shows a Vista system wherein the test file apparently trying to load the custom animated cursor. When the operating system detects a crash, it first tries to save vital data prior to a restart sequence - one of Vista's newer features. It then informs the user that Windows Explorer has crashed.

But in trying to restart Explorer, the restarting crashes itself, sending Vista into a tailspin from which the only escape appears to be the off button. [...]

[read more]

Windows Vista ANI File Handling DoS