Security drives Vista adoption
STUDY INDICATES USERS SEE THE OS AS MORE SECURE THAN OTHER WINDOWS VERSIONS
By Lisa Vaas make use of higher user Response, in Cupertino, is designed to make it
Users are coming privileges. Calif., said the percep- harder for an attacker to
over to Microsoft’s Officials at Microsoft tion of UAC as a security figure out addresses of crit-
Windows Vista oper- touted UAC as a signifi- boundary persists. “That ical functions and, hence,
atingsystem for secu- cant security improvement perception has become harder to get exploits run-
rity, according to a that signified the company fairly well-ingrained, even ning correctly; safe struc-
reportonenterprisesecurity had gotten serious about given the fact that Micro- ture exception handlers;
issues. securing Windows. How- soft has come out and and a new heap manager
The Fourth Annual ever, researchers such as said UAC isn’t a security that is more secure, from
Enterprise Security a dynamic memory
Survey was commis- Top of mind for IT security allocation perspec-
sioned by secure- tive, with its newly
file-transfer software The security concerns rated No. 1 by 300 IT workers in a survey include: hardened resistance
maker VanDyke Soft- to certain types of
ware and conducted by Securing remote access heap usage attacks.
independent research Vista’s attack expo-
company Amplitude Keeping updated anti-virus definitions sure remains essen-
Research. According tially in third-party
to the report, released Monitoring intrusions applications, Web
May 16, 52. 3 percent Patching systems applications and other
of security-motivated areas where attackers
Vista adopters are User awareness are largely focusing
specifically interested their efforts, Fried-
in the improved fire- Secure file transfer richs said.
wall and anti-spyware Password management 2006 2007 But despite these
functions in Micro- improvements, Vista
soft’s latest operating 0 5 10 15 20 25 is not devoid of flaws.
system. Source: Amplitude Percentage of respondents The .ANI vulnerabil-
And, in spite of the ity, which Microsoft
bad rap Microsoft’s UAC Joanna Rutkowska and boundary,” he said. patched in April, occurred
(User Account Control) Symantec research scien- If future Vista users con- due to the way Windows—
has received from security tist Ollie Whitehouse found tinue to use the operating including Vista—handled
researchers, another 14. 3 that users can be tricked system asearly adoptersare cursor, animated cursor
percent of Vista adopters into allowing inappropriate doing, there will be no addi- and icon formats. That
cite limited user accounts rights escalation. tional exposure to system vulnerability was so criti-
as their biggest reason for After Rutkowska’s blog compromise, Friedrichs cal that it caused one of
migrating. post on the subject and a said. However, overconfi- only three instances where
UAC is based on the paper from Whitehouse dence in Vista’s security Microsofthaspatchedout-
concept of least user privi- regarding the issue, Micro- technology may put users side of its Patch Tuesday
lege, which limits PC users’ soft confirmed that UAC is at risk, he said. cycle.
account privileges during vulnerable to social engi- Overall, Vista is a more Vista users surveyed for
normal use. User rights neering attacks because it secure operating system, the report said other rea-
are elevated only when is not a hardened security Friedrichs said. He pointed sons for adopting the oper-
necessary to perform cer- boundary such as a firewall to core technologies that atingsystem wereimproved
tain administrative tasks. but is more of a security are responsible for the usability, given by 22.1 per-
These limitations are “function.” security boost, including cent of respondents, and
intended to reduce Vista’s Oliver Friedrichs, adirec- ASLR (address space lay- “other,” given by 11.1 per-
vulnerability to attacks that tor at Symantec Security out randomization), which cent. ´
