[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Wednesday, 31 January 2007, 12:39 GMT
Vista security claim challenged
By Mark Ward
Technology Correspondent, BBC News website

Security experts have thrown doubt on Bill Gates' claim that Vista is "more secure" than other operating systems.

It may be more secure than other versions of Windows, they said, but there are older operating systems that are still safer.

Others said that its security rested on how people use the new system rather than on any individual technology.

There is also evidence that malicious hackers are refining attacks to cope with the changes Vista makes.

Old iron

Mr Gates made the claim that Vista was "dramatically more secure" during an interview with BBC News. He said the improved security in Vista was a reason all by itself to upgrade from Windows XP.

Microsoft has spent more than five years developing Vista and some of the delays to its launch have occurred as developers struggle to make it more secure.

Malicious hackers are already known to be targeting Vista and carrying out research to expose its weaknesses.

"For sure, people are hammering away on it," Jeff Moss, the organiser of the Defcon hacking convention, told Reuters.

People are the weakest link here
David Emm, Kaspersky Labs

"If you are a bad guy and you find a problem, you have a way to spread your malware and spyware," he said.

Vista exploits and vulnerabilities are starting to turn up on discussion boards where such things are traded and developed. So far most have been only experimental and none seem to have been tried in the wild.

Academics are also publishing papers on weaknesses in the security technologies inside Vista.

Testing times

Vista comes with many built-in security features in a bid to make the system safe from the moment it is switched on. These include anti-spyware software and a system that aims to stop malicious programs installing themselves by stealth.

But whether these changes made it more secure than other operating systems generated debate among security experts.

"It's dramatically more secure than, say, Windows 3.x, Windows 95, Windows NT, Windows 2000 or Windows XP," said Mikko Hypponen, chief research officer at F-Secure.

"However, it's fundamentally not more secure than operating systems like FreeBSD, QNX, AS/400 etc," he said.

"I would claim it's not even as secure as another operating system from Microsoft; namely the operating system inside the Xbox 360."

David Emm, senior technology consultant at Kaspersky Labs, said that with Vista Microsoft was treading a fine line between making the software safe and easy to use.

"The more useable and convenient you make it, especially for non-technical people, the more risk there is that there is a chink in the armour," he said.

"In a sense people are the weakest link here," said Mr Emm.

For instance, he said, the User Account Control system in Vista which aims to stop malicious programs installing themselves invisibly may not prove as effective as Microsoft believes.

This system ask users to give permission for programs, browser extensions and many other things to be installed. The sheer number of times that people are asked may make them click past the warning without realising what they were doing, said Mr Emm.

His fears were echoed by Greg Day, security analyst at McAfee, who said the lack of context in the warnings could lead people to make dangerous choices. "It passes the emphasis on to the user to decide."

"Because it is Microsoft its always going to have a very big target on it," he added.

There is also evidence that the malicious hacking community is starting to change its tactics to cope with the kind of security technologies seen in Vista and which are also starting to be used in older operating systems such as XP.

Surveys of the sorts of malicious software seen in 2006 reveal a significant fall in what is known as "replicating code". These are the familiar viruses that travel by e-mail and which try to trick people into opening an infected attachment so they can find more victims to attack.

Instead more and more attacks are becoming targeted at very small populations of users or groups of PCs via a specific exploit or crafted junk mail campaign.

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific