Vista "no security cure-all" - Symantec

gallery

The company recognised Vista as "a more secure version of Microsoft Windows," to the point at which attackers are more likely to target third-party applications and web services as the easiest route in. It also sees the user as the weakest link, either through a lack of information leading to wrong decisions or as a victim of socially engineered attacks.

Microsoft agreed with much of Symantec's general view, conceding that Vista was never extolled as the Silver Bullet to security problems but insisting Vista remains "the most secure version of Windows to date". It claims Vista's strength is its "defence in depth approach".

"Security is about making choices," said a Microsoft spokesperson. "Make it too restrictive and users will have to interact with the software more to do what they want. Conversely, focus on ease of use by making the default settings less stringent and increase the chance that a system can be attacked. We believe Microsoft has developed the right balance and made the right decisions when evaluating the trade-offs between usability and security. This report does not properly address the fact that many of the Window Vista security technologies have numerous options that allow for a user to make their own judgments as to their need for security balanced against usability," responded Microsoft.

"That said, we are evaluating the information provided by Symantec in these reports that details methods an attacker could potentially use to circumvent security features in Windows Vista, specifically about the "GS Flag" and Address Space Layout Randomization, and will take any action, if needed, to help make these features stronger or more resilient."

Email to a friend

Print this page