Symantec pokes at Vista security

Windows chief Jim Allchin has urged people to buy Vista for its security features, saying that it will have better protections against phishing attacks, spyware and other malicious code. It's a savvy move on Microsoft's part, as the company's products have borne the brunt of hackers' attentions.

But this week, Symantec said that it had poked around in the networking stack of the latest Vista beta and found lots of bugs. It concluded that in the short term, the stability and security of the upcoming operating system would lag that of XP.

The Vista beta code survey comes as Symantec faces competition from Microsoft's ever-expanding interest in security software, both integrated into products and standalone titles. To find out what people on the street make of it, we asked our Vista Views panel, made up of ordinary readers, this question: Symantec researchers say that right now, the networking features in Vista are a security cause for concern. Are you worried?

---

Barb Bowman

Symantec is in the business of selling security products, and any press they can get building up to the release of Vista will help them sell their new revisions of products designed to work with Vista.

If Symantec continues to raise concerns, there are two agendas here. As stated, Microsoft continues to find and fix issues. Will Vista be bulletproof? No. But that's what good firewalls are for. And there is a good firewall in Vista. Do we need a new stack and IPv6? My opinion is yes. And my opinion is that the benefits outweigh the (overstated) risks.

Barb Bowman is a product development manager for Comcast high-speed Internet who also writes about technology for the Microsoft Windows XP Expert Zone and the Microsoft Vista community.

---

David Dawson

I won't be concerned about any reports during this beta phase for Vista. Whether or not there is a new security stack, there is an awful lot of new code in Vista. To focus on vulnerabilities in one area right now is premature. If we find that there are concerns during the Release Candidate phase, that would cause serious concern.

David Dawson is an MCSE, CCNA and team leader in research and development at Community IT Innovators (CITI), an organization providing technology support to socially responsible organizations in the Washington, D.C., area.

---

Gary Knigge

It is of concern to everyone if the networking in Vista is not stable. In this case I'm somewhat skeptical, though, because of who the messenger is.

Symantec is very unhappy lately with Microsoft, and it wouldn't surprise me if they were trying to make MS as uncomfortable as possible.

Microsoft's plan to market their own security solution is a direct threat to Symantec's profitability. Microsoft and Symantec are involved in an unrelated copyright lawsuit. And finally, many of Symantec's bugs or holes have to do with earlier betas of Vista, and those problems have already been addressed. So why bring this up now? It seems like Symantec's goal is to slow adoption of Vista and thereby maintain a higher share of security revenue.

But whatever motives Symantec might have, Vista security problems are a great concern. We will be wanting to watch this closely for more information.

Gary Knigge is an IT support person at the University of Wisconsin-River Falls, specializing in Windows desktop support for faculty and staff.

---

Wallace Wang

I'm glad that Symantec has pointed out Vista's security flaws, but since Vista is still a beta, the problem isn't troublesome right now.

Despite Microsoft's assurances and Symantec's research, Vista will likely ship with tons of security flaws, but every operating system ships with tons of security flaws; Windows gets the most attention since it's the most popular operating system. If more people used Mac OS X or Linux, those operating systems would come under closer scrutiny too.

The biggest problem with Vista isn't security flaws but its snail-pace development and resource-hogging system requirements. If people and businesses really want a secure operating system, they should switch to OpenBSD or, for a more mainstream solution, switch to Mac OS X or Linux. To use Vista, you're going to need a new computer and learn new ways of doing things anyway, so the best way to avoid Vista's security flaws altogether is to switch to a better operating system.

Wallace Wang is a freelance computer journalist and author whose books include "Microsoft Office for Dummies" and "Steal This Computer Book."

---

Brian Clarke

Symantec needs to find a better business model than fear-mongering and profiting off of insecure operating systems from Microsoft. Symantec should be worried that a more secure operating system means less sales of their less-than-stellar software.

Brian Clarke, a student at Shippensburg University, says he has reinstalled Windows more time than he cares to remember.

---

Kevin Faaborg

I'm about as worried as I was before with XP.

Microsoft releasing another product without fixing all the holes is not a big surprise. They need to make sure it is locked tight before just setting it loose on the world. Maybe learn from OS X, if you have to...restart from the ground up and redo the entire OS to make sure it works right with the best available security, THEN think about compatibility with older software. Stop basing all of the software on the previous OS and then expanding.

Kevin Faaborg works in basic hardware and software guidance for a large financial corporation, but he has experience in more computer sales-based jobs.

---

Brian Lambert

Microsoft should be doing everything to ensure Vista will be the most secure operating system around, without crippling performance.

However, I, personally, will not depend solely on Microsoft's efforts. I think it's essential to install third-party security software. Also, when security vulnerabilities are discovered, Windows must be updated and patched.

Users must not solely rely on Windows to meet their security needs, they need to actively secure thier own computer. Needless to say, Microsoft should still strive for the best security around, and Vista should be a step forward in security.

Brian Lambert is a law student at Southern Illinois University.

---

Jason Klomps

Symantec needs to understand that Vista is still in beta form and is being fine-tuned. Granted, if Vista is released without any additional updating to the networking interface, then I would agree with them. Maybe revisit this after Vista is RTM (released to manufacturing).

Jason Klomps of Tucson, Ariz., works in IT support for a call center.

---

Jesse Hathaway

Networking and related functions have always been a route through which computers can be compromised, so I don't see this as anything new. Relying on one single company or software regimen for your security needs is a bad strategy, regardless of whether we're talking Macs, Linux or Windows.

Fair competition between add-on security software companies (such as Symantec) and companies which build some security features into the OS (such as Microsoft) can only lead to more secure companies. Symantec finds possible exploits and oversights in Microsoft's framework, Microsoft responds by filling in the cracks and coming up with better security, and the educated user wins by having a more secure Internet experience.

Finally, there is an inverse relationship between the amount of security a computer can have, and the amount of usability it has. The trick for Microsoft, Apple and Linux (and Symantec, Grisoft, et al.) is to cooperate through the economics of competition to find the best balance of usability and security for their respective consumer markets.

Jesse Hathaway is a student in Athens, Ohio, who is a contributor to Helponthe.Net's Tech Support Guy computer help forums.

---

John Kneeland

What? Windows is insecure? Whoa, this changes everything!

John Kneeland is an undergraduate at the University of Pennsylvania, where he is majoring in international relations and East Asian studies.

---

Robert McLaws

Come on, how is this news? Reports on unfixed vulnerabilities in current builds are definitely news, and something we should all be worried about. Reports on vulnerabilities in four-month-old builds that have already been fixed are most certainly not. Shame on the reporter and his editor for making something out of nothing.

Symantec is just spreading FUD to stay relevant. Why are they concerned about the network stack just because it's new? They can't use the argument that "because it's new, it's insecure," when that's exactly the reasoning Firefox uses to say that it is secure. The industry can't have it both ways...except of course, if the "enemy" is Microsoft.

At the end of the day, this is nothing but FUD designed to drum up support for future Symantec security products for Windows Vista. The problem is, there are a number of security features that will make it much more difficult to exploit Windows Vista for malicious purposes. That's a major problem for the future of Symantec. And if Symantec is screaming this loud about problems that don't exist, they must be in real trouble.
Robert McLaws is an IT consultant, community leader and Vista enthusiast. He has been running Vista enthusiast site Longhornblogs.com since 2002.