Security Evaluation of Vista by security vendors

Over the past few years, security software vendors have made a fortune by making Microsoft's mistakes. Security Vulnerabilities-and fear of Security Vulnerabilities-make a lot of money for many software developers. Therefore, is Symantec really worried about the security of vista?

Symantec recently released a research report "security risks of vista operating system", which lists some new security features of the operating system.

Even Microsoft has made concessions. They now realize that uac (User Account Control)-vista's most significant security feature-is vulnerable to subversion attacks, especially through social engineering strategies.

Microsoft's concession is one thing, while Symantec's assessment is another thing. If Microsoft improves security-whether in the operating system or the technology it releases-other software developers are potentially threatened. In this case, any information posted by Symantec about vista security will be in conflict with its own interests.

"Symantec has done a good job of research reports on vista, and they are not uncertain or speculative," said andrew jaquith, Security Research Project Manager at the yankee Group.

However, Symantec will also try to persuade users. jaquith stressed that "the main purpose is to make users think that their products are equally helpful to the security of vista systems ."

My colleague jim rapoza properly described the relationship between software providers and Microsoft as "Lions and mice ".

"Microsoft needs the little mouse around it to tame it and take care of it. The mouse lives on the food the lions get, "jim explained. But the troublesome little mouse "is always worried that it will be eaten by lions, or that Microsoft will enter the security software supply market without relying on their products ."

The mouse worries are not unreasonable, because Microsoft not only improves the security of windows. With the forefront and windows live onecare products, Microsoft is now a real competitor in the consumer and business-level security market.

Microsoft, as a competitor to security software, is also in conflict. Of course, Microsoft also hopes to have the best prospects in the security field.

"Symantec's research is very beneficial to consumers because it is a powerful correction to Microsoft's information," jaquith said. Although vista is more secure than windows xp, "it is also necessary for people to identify weaknesses from outside of Microsoft ."

Honesty is almost cruel

Although Symantec's research praised vista for its security, the reports were so clear and predictable that its criticism of vista was almost cruel:

"Many of the technologies Microsoft uses to improve the security of vista are not new. In fact, many of these technologies are originally from open source operating systems, such as linux and openbsd, the pax and stackguard projects, and some are the results of many academic papers. A large part of these technologies are first available in windows xp sp2 (sp2. When Microsoft launched windows xp sp2, Microsoft also called it the safest windows operating system ."

The report believes that earlier security advances have a positive impact on the security of windows systems, especially in favor of its shortcomings.

"Symantec has found that more and more attacks are starting to target applications running on operating systems, such as office suites and web browsers. Although Microsoft has invested a lot in protecting the core of the operating system, however, the attack has already moved."

Threats at the application layer and network layer are currently the most popular security issues. The honeypot Project reported in February 7 that "understanding your enemy: Web application threats are the most basic content ."

The emergence of activex and zero day vulnerabilities shows a trend. As more and more attacks are concentrated on attack applications, Microsoft will need to shift its security focus.

Similarly, Symantec located the crux of the vista security issue, such as legal programs, new network features, and uac. Even those improvements are accompanied by attacks.

"Vista has reduced the threat of malware by 95% compared to the XP system," jaquith said. "Despite this, the malware around windows will not automatically disappear. Just as in a football match, contestants will try their best to find their flaws in order to score, and professional malware writers will do their best to find vista's weaknesses ."

In any case, security software developers like Symantec can still make a lot of money from Microsoft's fingers.

Today, Microsoft's Advanced Security Products-whether operating systems or competing software-do not conflict with Symantec's assessment of vista.

On the contrary, jaquith said, "Symantec's research widely proves our point of view ."