Vista Reaches 100 Days

Published by Omkar Joshi | Filed under Microsoft, Windows, Vista, WinHEC

Windows Vista has now been available to consumers for 100 days, finally reaching its first significant milestone, but has Vista been a success?

In March, Microsoft announced that Vista sales had broken all previous sales records, with more than 20 million licenses sold in its first 30 days, doubling the rate of its predecessor, Windows XP. This announcement was followed in April with Microsoft crediting its better-than-expected Vista sales for the company’s record quarterly revenue of US$14.4 billion.

Nevertheless Vista continues to be shrouded by controversy. Numerous high-profile technology bloggers have written many articles about switching back to XP or even migrating to OS X, as a result of Vista’s problems. On the internet, there are also many stories about Vista’s lack of software and hardware compatibility, with some even suggesting that Vista be renamed Windows Me 2, after the abysmal release of Windows from 2000. Some desperate bloggers have gone so far, that they’ve even attempted to break down Microsoft’s earnings in a desperate bid to prove that Vista isn’t really selling as well as Microsoft claims.

Microsoft Withdraws Vista Security Claims

Published by Omkar Joshi | Filed under Microsoft, Windows, Security, Vista, UAC, CanSecWest

Microsoft recently made a high-profile announcement, backing down on its security claims in an effort to lower consumer expectations about the security mechanisms built into Windows Vista, particularly User Account Control (UAC).

At last week’s CanSecWest security conference, Mark Russinovich, technical fellow in Microsoft’s Platform and Services Division, informed professionals that even with UAC, Vista will still be susceptible to malware. In his talk Russinovich told of how it would “end up thriving in the standard user environment, setting up botnets, and grabbing your keystrokes”.

Russinovich’s talk was supposed to give professionals an idea of how to work with UAC in order to avoid excessive pop-up warnings and avoiding breaking the UAC model. Russinovich also made clear that UAC was never intended as a “security boundary”, since there are a number of ways to bypass it.

In his talk, Russinovich also predicted that malware would find ways of elevating its privileges, through social engineering or by compromising applications that run with higher privileges.

However, this isn’t the first time Russinovich has thrown cold water on Vista’s security mechanisms, which were initially made out by Microsoft to be one of the key improvements in Windows Vista over Windows XP. In early February, soon after Vista’s consumer launch, Russinovich made the startling declaration that UAC was not really a security feature.