An issue of availability

Dec 27, 2006 08:38 GMT  ·  By

Windows Vista is the most prized item of pray from all Microsoft's current products. And although the operating system is not yet "out the door," not until January 29, 2007, reports of vulnerabilities affecting Vista have began emerging. Let me make this clear. Although Microsoft has touted the high level of security delivered by the Vista platform, the Redmond Company claimed in no way that the operating system was bulletproof. In fact, Jim Allchin, Microsoft Co-President, Platform and Services Division, described Windows Vista as "neither foolproof nor perfect." The security flaws discovered across Vista are a viable argument to Allchin's affirmation.

With 50 million lines of code and in the context of an anticipation that has been building up for five years, Windows Vista is a trophy. Identifying Vista vulnerabilities, publishing Proof-of-Concept code and attempting to exploit security flaws are inherent to software products, more so with Windows Vista as the operating system in the spotlight.

Microsoft knows this. That is why the Redmond Company has built a comprehensive infrastructure for the delivery of updates, all the way from the client end version of the product to Microsoft. This infrastructure enables Microsoft to resolve vulnerabilities while limiting attack windows to about a month. In this context, Microsoft has prepared for the worst, delivering a guarantee that the situation centered on Windows XP Service Pack 1 will not be repeated with Vista.

But could Microsoft have done a better job in controlling the Vista Vulnerabilities? By this I mean, could the Redmond Company have postponed the vulnerability reports until after the operating system was available for the general public?

The true issue here is availability. And the Windows Vista operating system is widely available via a plethora of locations. Windows Vista Home Basic, Home Premium, Business, Ultimate and even the Enterprise edition can be downloaded effortlessly and at no cost.

One way in which Microsoft could have avoided the crisis management and the loss in Vista quality consumer perception was to have handled the operating system accessibility. The fact that Windows Vista has been widely available the minute it was shipped to RTM is a catalyst for the vulnerability hunt. You have to think in terms of testing. The end-consumers are only the last piece in a testing puzzle for Vista.