Microsoft has told business users the security of its
next generation Windows operating system is such a priority that it
will push back the launch date if necessary.
Detlef Eckert, Microsoft's chief security adviser, said Windows
Vista will not be released until it completes testing to ensure the
code is robust and security vulnerabilities have been
identified.
"Unless Vista passes the final security review, it will not
ship," he said. "We are still in early beta testing. The components
will be checked and checked again. If it is not working, it will
not ship."
Vista is the first Windows operating system to be designed from
the ground up using Microsoft's secure design methodology,
introduced in 2002. It will offer security enhancements to make it
compelling for many firms, Eckert told Computer Weekly.
"One thing is clear - Vista has a better security architecture
than XP," he said. "It will need fewer updates and patches, and
will be vulnerable to fewer viruses. And even if there are
vulnerabilities, Vista will mitigate the damage."
A range of improvements designed to make it easier for companies
to control and manage mobile workers could appeal to businesses
that want to replace passwords with smartcards or two-factor
tokens, said Eckert.
Vista will make it easier for firms to use smartcards, such as
building access cards or the government's proposed ID cards, as
secure tokens for logging into corporate systems. It will also make
it easier for them to manage IDs when staff join or leave.
The operating system will also protect corporate networks by
checking that laptops have the latest security updates before they
are allowed access to a corporate network - plugging what Eckert
describes as one of the biggest weakness in corporate security.
"There are hundreds of thousands of people with laptops who
connect to the corporate network. This is one of the most dangerous
issues for companies. They have firewalls and anti-virus, but if
you have an infected laptop connected to your network you bring the
infection inside."
Vista will also support hardware encryption designed to ensure
that data and software will not fall into the wrong hands if a
laptop is lost or stolen, said Eckert.
Other features include an updated version of Internet Explorer
capable of isolating malicious code, plus an improved firewall that
should make it easier for companies to implement corporate security
policies.
Windows Vista security features
- First operating system to be designed using Microsoft's secure
lifecycle. Incorporates "layers of security" designed to block
malicious code
- Makes it easier for companies to use smartcards and two-factor
authentication for single sign-on to IT systems
- Bitlocker technology will encrypt system and data files,
protecting confidential data if laptops are lost or stolen
- Can detect whether key files have been modified by malicious
code or hackers.
- Better support for identity management, allowing companies to
set up and revoke access rights to employees.
- Able to check whether laptops have firewalls and anti-virus
software installed before allowing them to access a corporate
network
- Firewall monitors outbound as well as inbound traffic, which
enables organisations to implement corporate security policies
- Security enhancements to Internet Explorer 7 to limit impact of
malicious code
- Clearer distinction between user and administrator rights to
improve user security
Gartner cautious on promise of better security