Windows Vista - Safe and Sound

Windows Vista is no stranger to security scrutiny. In this respect, Symantec welcomed the operating system even from 2006 with a series of white papers detailing its analysis on the operating system. The new Windows Vista network stack, user-mode security defenses, kernel-mode security technologies, and the Teredo protocol have all come under Symantec's microscope the past year. The issue with those papers is that they addressed an unfinished operating system. As such, the Cupertino-based security company continued its evaluation of Vista after the operating system was made commercially available.

As far, Symantec has managed to evaluate GS, Address Space Layout Randomization (ASLR) and Vista's vulnerability to legacy threats. "The intent of this paper is not to detract from the improvements that Microsoft has made, but rather to provide an objective and balanced view of how Windows Vista will affect the overall threat landscape. Symantec started researching Windows Vista in 2005 and has monitored its development carefully. The goal of this research has been to understand the technology improvements being made by Microsoft and also to understand the threats facing the new operating system and, in turn, Symantec's customers," stated Symantec in the Security Implications of Microsoft Windows Vista white paper.

According to Ollie Whitehouse, a researcher with Symantec's Security Response team, the two technologies enumerated above and included in Windows Vista are susceptible to attacks. Additionally, a small volume of the malware currently in existence does execute and survive a reboot on Vista, compromising the operating system.

However, while presenting the shortcomings of Vista's anti-buffer overflow system (GS) and the address space layout randomization (ASLR) feature, Whitehouse revealed at the Black Hat DC 2007 conference, that Windows Vista has managed to exceed his expectations in terms of added security. And while it still requires third-party security solutions, Vista is currently the most secure Windows operating system available. And judging by the performances delivered by Windows 2003, Vista will also stand the test of time.