14 DAY TRIAL // Windows Vista, Microsoft's touted most secure Windows platform to date, fails to live up to its own standards. Vista's failure in terms of security is translated into the fact that the latest operating system from Redmond manages to bring to the table only "marginal security advantages" when contrasted with its predecessor, Windows XP. This is the harsh conclusion put forward by the CRN Test Center after a week long benchmark of the security performances of both operating systems.
Windows Vista's architecture represents an evolution when compared to that of XP. Microsoft based Vista on the Windows Server 2003 core, and has integrated a collection of enhancements designed with the sole purpose of adding protection. The User Account Control, Internet Explorer 7, Windows Defender, Address space layout randomization (ASLR), /GS Stack buffer overrun detection, /SafeSEH exception handling protection, No eXecute (NX) / Data Execution Prevention (DEP) / eXecute Disable (XD), Heap and Stack randomization, Heap corruption detection and the methodology inherent with the Secure Development Lifecycle have produced an operating system that is just as insecure as Windows XP.
The CRN Test Center claims that both Windows Vista and Windows XP are equally vulnerable to malware, "RDS exploits, script exploits, image exploits, VML exploits, malformed Web pages and known malicious URLs." But is there any truth to the CRN Test Center's claims?
Well, the CRN Test Center fails to reveal which edition and version of Windows Vista and Windows XP have been tested, and only puts forward the information that the two operating systems were in their default configurations. Additional data is scarce and this is an example "Mal/EncPK-F virus and the W32/SillyFD-AB worm penetrated both OSes without detection." OK, the two instances of malicious code "penetrated" the platforms. But penetrated is an ambiguous term; did the malware actually compromise Vista and XP. And if it did, did it manage to survive a reboot?
Apparently, Vista performed excellent when confronted with spyware and adware although such results "surprised" the CRN Test Center. Why were they surprised, did they expect Vista to fail? So much for objective benchmarking, if you ask me. But the part about Trojan horses is down right hilarious. "Vista produced the usual warning message that running the file might cause problems. XP also gave similar warnings and allowed the engineer to run both trojans," claims the CRN Test Center.
Well, to put it simple, both Windows Vista and Windows XP - and I am just guessing that the UAC was involved in some manner here - WARNED about potential malicious applications. In such a case, if the user still approves the installation, the reason why Vista is insecure is actually standing in front of the desktop, and has nothing to do with the operating system. The test results go on and on, but are not conclusive, and the results of the testing seem focused on random occurrences; read it, but take it with a grain of salt.