Decades ago, when I first became involved with computer
technology, I must admit that part of the appeal was the fact that technology
was “cool.” And, while glowing letters and numbers on a cathode ray
tube have given way to graphical user interfaces on LCD monitors, computers
themselves really haven’t changed much.
But these days, it seems that most technology companies focus
more on appearance than reliability. I like to call this type of marketing the
“decorative but not functional” selling tactic. Companies have used
it effectively for years, and many otherwise intelligent companies and
individuals have made decisions on computer products and services based on this
form of emotional rationalization. But emotional rationalization can also scare
For example, in late July, Microsoft released the beta
version of its next major release of the Windows operating system—originally
dubbed Longhorn and now christened Vista. I’m not involved with the Vista
beta test, so I have limited information. But what I do know is that within a
matter of hours, the Windows Vista beta made its way onto the Internet’s P2P
About a week later, a wily hacker decided to release a couple
of scripts—some news releases incorrectly identified these as “viruses”—that
targeted a component of Windows Vista, the new command-line shell code-named Monad. (The next day, Microsoft
announced that the targeted component would no longer be a
part of Vista.)
More than a few people were almost gleeful in their observations
that someone had already “broken” Windows Vista and that the OS
itself is insecure. In discussion posts and blog entries across the Web, users
discussed the potential, theorizing that, now that hackers had their hands on
the Vista beta, it was only a matter of time before they released a worm. While
that may be true, no real Windows Vista exploits have surfaced yet.
However entertaining it may be to speculate about Vista’s
security or lack thereof, let’s be honest: Are potential exploits in Windows
Vista really something to worry about? Personally, Vista exploits are at the
bottom of my list of concerns at the moment.
First of all, Microsoft has yet to set a firm shipping date for
the final product; the Windows Vista page on Microsoft’s Web site only says
“arriving 2006.” In addition, the first beta hasn’t been around long
enough for beta testers to really use.
More important, the majority of corporations and existing
Windows users won’t bother upgrading until they have a compelling reason to do
so. It’s important to remember that the majority of Windows users are not early
adopters; many continue using an older version of Windows until forced to make
I could list several more reasons why I don’t think
potential Vista exploits are cause for concern yet, but they’re too speculative
to be useful. But I can say without any doubt that hackers will target Vista, as they have with all other Windows versions.
In my opinion, what’s more important to be concerned about
with Vista is whether it will offer sufficient technology advancements to
convince corporations to use it. And, at that point, potential vulnerabilities
become more of a concern.
Maybe hackers will wait until Microsoft Vista ships and then
release a combination worm such as Code Red or Nimda. On the other hand, maybe
they’ll continue to focus on exploits in existing Windows versions, such as the
worm that surfaced last month.
(Speaking of Windows 2000, remember that Windows 2000 is now
on extended support; Microsoft ended mainstream product support on June 30,
2005. So don’t expect Microsoft to release anything other than security fixes for
When it comes down to it, Windows Vista isn’t something to
worry about just yet—most corporations have much more pressing security
concerns to address. Rather than worrying about Windows versions that haven’t
even shipped, companies need to worry about the versions they’re currently
using. Plenty of security concerns already exist for these OSes.
And, by all means, try to make rational, educated decisions
about technology deployment. From what I can tell, Windows Vista looks like a
mere facelift with a number of features that 99 percent of users probably won’t
even use anyway. Despite the marketing hype, Vista appears to be more
decorative than functional at this point—and far from being a security risk to
concern yourself with.
Miss an issue?
Check out the Internet Security Focus
Archive, and catch up on the most recent editions of Jonathan Yarden’s
Want more advice for
locking down your network? Stay on top of the latest security issues and
industry trends by automatically
signing up for our free Internet Security Focus newsletter, delivered each
Jonathan Yarden is the
senior UNIX system administrator, network security manager, and senior software
architect for a regional ISP.