14 DAY TRIAL // Microsoft's perspective on the security of Windows Vista is that the operating system is the most secure Windows platform on the market. But Vista will have to prove itself not in testing sessions but on desktops around the world. Microsoft security guru Michael Howard has provided an answer to when should Vista security be quantified. According to Howard, at least two years are necessary for the operating system to deliver on Microsoft's promise of enhanced security.
Security bugs are inherent to Windows Vista, and to any software product for that matter. No operating system makes exception to this rule. But this is not to say that they will impact the overall quality of Vista's security. "'Prodding and poking' started many, many months ago, in part because we asked people to take a look at the product at BlackHat 2006, but we also know there is a great deal of underground research happening too. Is Windows Vista perfect and utterly security bug free? Of course not! No software is bug free. Not even Macs or Linux," Howard stated.
Also, Windows Vista will have to be judged in comparison with its predecessor operating systems, Windows XP and Windows Server 2003. Howard predicted that there will be critical security vulnerabilities in Windows Vista, but also that their volume will be reasonably small. But no amount of bugs should constitute a criteria for judging Vista's security, in Howard's opinion. However, in two years time, looking back and comparing the performance of Vista to those of XP and Windows Server 2003, users will be able to see a dramatic reduction of the quantity of security vulnerabilities and their severity.
"So here's my prediction. We will see significantly less critical vulnerabilities in the operating system over the next 2 years, as compared to Windows XP, perhaps by a factor of as much as 50%, and a 30% reduction of important vulnerabilities. If we achieve this, I will be happy, because it means customers are more protected," Howard added.