According to a news story at IT Pro, malware writers are doing a better job of making their code Vista compatible than the developers of the security software meant to protect users of the soon to be released operating system. Rene Millman reports that Tim Eades, a senior vice-president at security company Sana Security, reckons no less than 38% of malware is Vista friendly, if that’s the right word.
The fact that Microsoft has changed core pieces of the Windows architecture for Vista has meant that the security industry has found itself having to reengineer code rather than simply tweak it as usual. The result a longer than expected delay in getting product ready to ship, and a nice window (excuse the pun) in which crimeware coders can use the Windows Hardware Quality Labs lists to ensure that their much simpler code does work. It’s a catch 22 situation, and it’s the end user, early adopter of Vista that is likely to get caught.
So, will I be one of those early adopters? Will the laptop I am currently researching as a replacement for my Sony sub-notebook with the thumb pad I have completely worn away and the keys that are not far behind it in the component graveyard, be loaded with Vista? No, sorry, not me. I have a test machine with Vista running, and have had since the early Betas (all legit, technical review copy supplied by Microsoft to keep journos such as myself up to speed with developments) but will not be letting a ‘live’ machine, a mission critical one, a machine that’s not sandboxed off the network anywhere near it for a while yet.
How long? Well at least until Fiji, also known as Windows Vista Service Pack 1, arrives in the summer. The very fact that work is underway, based upon the test data from the extensive enterprise adoption of Vista, on a service pack before the consumer launch of Vista even takes place does not do a great deal for instilling me with confidence that it would be a good choice just now.
You know something else that does not fill me with good cheer on the Vista security front, and call me a paranoid hippy if you like, but the fact that the National Security Agency helped to develop some of the security functionality is not a great selling point here. According to reports in the Washington Post the NSA provided a Red Team of hackers for penetration testing and a Blue Team of security experts for configuration advice.
Sorry, but as soon as the No Such Agency gets involved with an operating system that is predicted by certain analysts to have 600 million users by 2010, then I start to worry. As someone with a long memory when it comes to US security agencies chasing down advocates and developers of privacy technology, anyone remember Phil Zimmerman, I am not exactly enamored by the thought of the Grand Master of Secret Squirrel organization, the NSA, being allowed to dig deep into the Vista OS on the pretence of making us more secure.
I could be wrong, I hope I am. But maybe I am not, and maybe it is just one more reason to start thinking outside of the Windows box. Literally.