14 DAY TRIAL // With the exception of Windows Vista is a phrase that will grow to the level of a status quo for the operating system. And in a sense with the exception of Windows Vista is synonymous with "Non-Affected Software: Windows Vista." Does that sound familiar to you? Well, it should, because if it doesn't, you have not been paying sufficient attention to your Microsoft Security Bulletins.
First off, let me clearly state that "with the exception of Windows Vista" is a personal prediction. And also, the fact that I see the phrase "non-affected software" becoming a core description of Windows Vista's future evolution is also a subjective perspective.
In this context, I want to consider the period of time that Windows Vista has been on the market. The two milestones in this sense are November 30 2006, the business launch and January 30 2007, the commercial availability date. Let's judge the security performances of Windows Vista in the months from November of last year.
You will be able to identify "Non-Affected Software: Windows Vista" across a plethora of security bulletins issued by Microsoft in December, January and February. But not in March, because this month, "Non-Affected Software: Windows Vista" is missing altogether due to the fact that Microsoft did not release any security updates at all.
- Microsoft Security Bulletin MS06-072 - Cumulative Security Update for Internet Explorer (925454) Published: December 12, 2006 | Updated: December 14, 2006
- Microsoft Security Bulletin MS06-074 - Vulnerability in SNMP Could Allow Remote Code Execution (926247) - Published: December 12, 2006
- Microsoft Security Bulletin MS06-075 - Vulnerability in Windows Could Allow Elevation of Privilege (926255) - Published: December 12, 2006
- Microsoft Security Bulletin MS06-076 - Cumulative Security Update for Outlook Express (923694) Published: December 12, 2006 | Updated: December 20, 2006
- Microsoft Security Bulletin MS06-077 - Vulnerability in Remote Installation Service Could Allow Remote Code Execution (926121) - Published: December 12, 2006
- Microsoft Security Bulletin MS06-078 - Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689) - Published: December 12, 2006 | Updated: February 21, 2007
- Microsoft Security Bulletin MS07-006 - Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255) - Published: February 13, 2007 | Updated: February 15, 2007
- Microsoft Security Bulletin MS07-004 - Vulnerability in Vector Markup Language Could Allow Remote Code Execution (929969) - Published: January 9, 2007 | Updated: January 10, 2007
This is where I stop with the examples. All the Microsoft security bulletins above have one thing in common: "Non-Affected Software: Windows Vista." Sure a few months is simply too soon to judge the security performances of Windows Vista. Of any software product for that matter. There have been those that have proposed to wait one year, or even two before quantifying the protection level Vista delivers in comparison with Windows XP and Windows Server 2003. It is too early to give either a positive or a negative conclusion on Vista's security, but it is not too early to identify a trend.
Microsoft has touted Windows Vista as the most secure Windows platform available. And if you take the example of Windows Server 2003 and its predecessor, in terms of security evolution, you should have a fine example of what Vista will bring to the table and to your desktop.
The Redmond Company has stated that it looks to reduce the number of critical vulnerabilities by 30 to 50 percent compared with Windows XP. That is their target, and they have been mocked for it. But if Vista manages to achieve this goal, it will be a real success in terms of added user protection. While in the end we are all statistics, 50 percent less critical vulnerabilities might just translate in 100 percent improved user perception and confidence in Vista.
And just to keep you on your toes, Microsoft did acknowledge that Vista is neither foolproof nor perfect. Apple patched in excess of 40 vulnerabilities across its products in March while Microsoft issued no security updates, and still Mac OS X is perceived as a safer product, just because of a critical lack of exposure and a small OS market share. Vista will bring balance to the equation of the most secure operating system, opposite Linux and Mac OS X. Just because it will not suffer from the get go of the dominant operating system position, a handicap that made Windows XP a prevalent target for attacks.
Will there be "Ouch" moments for Vista, as Microsoft security guru, Michael Howard calls them? Of course! But at the same time UAC, PatchGuard, DEP, Protect Mode, the new protocol stack and the Secure Development LifeCycle, along with the additional enhanced security technologies will ensure that "Non-Affected Software: Windows Vista" will become a status quo for the operating system.