Computer hackers are off and running trying to find vulnerabilities in
Microsoft's new Windows Vista operating system, putting to test the software maker's claim that it is the most secure Windows program ever.
The new version of Windows, the computer operating system that runs over 95
percent of the world's computers, became available to consumers on Tuesday
after five years of development and a number of delays to improve security.
A high-profile new product like Windows Vista draws interest from the entire
spectrum of the computer security industry, ranging from hackers trying to
exploit a breach for criminal means to researchers looking to make a name for
themselves as security experts.
Most security experts see Vista as a more secure operating system than its
predecessor, Windows XP, but even Microsoft acknowledges it's not impenetrable
and attackers will undoubtedly look for a way in.
Attackers can use spyware programs to monitor a computer remotely and collect
personal information on a user. They can also control machines remotely to
attack Web sites, send spam e-mail or defraud online advertisers.
Vista's comes with built-in anti-spyware software, and new account controls
curb the ability of users to unintentionally install harmful programs. The
high-end versions come with a feature called BitLocker that encrypts a
computer's hard drive in the case of a lost or stolen machine.
"We know from the outset that we won't get the software code 100 percent right.
No one does in the entire software industry ... but Windows Vista has multiple
layers of defense," said Stephen Toulouse, senior product manager at
Microsoft's trustworthy computing group.
Windows Vista runs over 50 million lines of software code and Redmond,
Washington-based Microsoft invested $6 billion (3 billion-pound) to develop the
first new operating system since it released Windows XP in October 2001.
Microsoft's ability to protect Windows from attackers is seen as a critical
litmus test for a product that generated more than $10 billion in sales last
year, especially to large institutional customers who are extra careful.
Another key element in Microsoft's plan to combat attacks will be automatic
Windows updates sent to Vista users to patch up vulnerabilities and changes to
its anti-spyware products.
In the past, attackers honed in on vulnerabilities in the core Windows
operating system, but those types of attacks are being cast aside for attacks
from e-mail, instant messaging and applications downloaded from the Web.
"In the past with XP, they could attack the operating system itself to infect
you. Today the OS is stronger but threats can still get on your system," said
Oliver Friedrichs, director of emerging technologies at security software maker
Symantec.
Johannes Ullrich, a cyber security expert at the SANS Institute research group,
expects hackers are working furiously to win recognition as the first to find
and publicize a security hole in Vista.
He also cautioned that hackers would still be able to launch attacks by taking
advantage of vulnerabilities in Internet Explorer and Microsoft Office, and
warned that criminals would hold off on exploiting holes until more users adopt
Vista.
"Being the first to write an exploit for Vista is something a lot of people
would like to do," Ullrich said in a telephone interview. "But ultimately any
exploit will be used for financial gain."