Tuesday, 8 August 2006

Microsoft Vista Receives a Security Beating

Microsoft has hired a group of hackers to give Vista a thorough security beating. The company handed over its test versions to 3,000 researchers at the Black Hat conference and asked them to try hacking it. A security researcher Joanna Rutkowska, at the security conference demonstrated several ways to circumvent security features that are built into Microsoft's forthcoming Windows Vista operating system.

Rutkowska showed how it is possible to bypass security measures in Vista that prevents unsigned code from running and explained that the security systems in Vista can be sidestepped by using a piece of malicious software she had created and dubbed as Blue Pill. She also admitted that she had to perform the hack in higher privileged administrator mode rather than the lower privileged user account control.

Reportedly, Vista is the first Microsoft product that the company is sending through its 'Security Development Lifecycle', which aims at getting rid of all security vulnerabilities before shipping. The aim of the endeavor is to find as many vulnerabilities and bugs as possible. Speaking at the Black Hat Briefings, Lambert said that they had already discovered problems such as process handicaps and poorly named files, not to mention several other security problems.

Is the whole process a publicity gimmick? Being able to claim that the operating system has been tested by some of the most well known hackers is a powerful marketing tool for Microsoft. On the other hand, will the implementation of all the lessons learnt at the Black Hat conference delay the release schedule?