A modern operating system like Windows Vista includes millions of lines of code. Thousands of workers toiled for years to develop Microsoft's newest product which means all the more potential for bugs. Although Vista has already been on the market for a few weeks now, negative reports have actually been relatively mild. A few hiccups are clearly audible, however. "The biggest problem is missing drivers," says Axel Vahldiek from Hanover-based c't magazine. Without those programmes, generally provided by hardware makers, peripheral devices either cannot function properly or will not work at all. The problem isn't just limited to older or exotic hardware: the GeForce 8800 graphic chip supports the DirectX 10 graphics interface used by Vista and is found on fast, high-end graphics cards. Yet Nvidia still hadn't managed to make a driver available by the end of February. The website for the market leader in graphics chips has long offered a beta, or preliminary, version of the driver. Vahldiek warns against using such beta drivers, however: "They do not ever work error-free." Relying on them can lead to data loss, he says. Another problem with Vista is related to security: In the view of the German Federal Agency for Security in Information Technology (BSI) in Bonn, the current discussion surrounding Vista's account administration function, User Account Control (UAC), is particularly interesting, says Thomas Caspers, an expert on operating system security. The discussion was given a jolt by Polish security expert Joanna Rutkowska, who publicized a hole in the system. UAC is designed to require administrator access to install new software. That means increased security at first. Yet, according to Rutkowska it also means that games downloaded off the internet are also granted full rights. From a technical point of view, this is completely unnecessary. If malicious code is hidden in the game, then it has a clear path to the computer.
Passwords are effective only for keeping curious lay users from accessing the computer. Little more than a bit of determination is needed to crack the access passwords on Windows Vista. Elcomsoft, a Russian firm, is for example offering software to perform just that job - ostensibly for users who have forgotten their password. Anyone in possession of a Vista version with the BitLocker encryption programme should use it. The software makes files encrypted with BitLocker unreadable even if an intruder gains access to the computer using the Elcomsoft programme.
All in all, however, the problems with Vista more closely resemble "growing pains" than serious flaws. Vista does not assign standard rights to many antivirus programmes to access all folders, Vahldiek explains. Yet if a virus scanner cannot check through certain parts of the computer that might potentially contain bugs, it is not performing its duty. In such cases manual configuration is required. Still, no major problems have as yet turned up for Vista. Peter Knaak, computer expert for the German consumer testing organization Stiftung Warentest in Berlin presumes that some vulnerabilities will start showing up for Vista in the coming weeks and months. He therefore recommends waiting until Microsoft releases Service Pack 1 for Vista before making the switch. Service packs are a collection of updates to iron out a large group of individual problems.
No date has been provided as yet for Service Pack 1, says Microsoft spokeswoman Irene Nadler. What is certain is that Microsoft will release security-related updates on a regular basis via the Update function built into Windows.
Click here to track the original story on www.playfuls.com
Experts are reporting on a potential security hole in Windows Vista: its speech recognition system. It could be used to send commands to remote computers from over the internet - in theory, at least. According to Thomas Caspers from the German Federal Agency for Security in Information Technology (BSI) in Bonn, it remains unclear whether talking malware will end up being an amusing side note or, in certain scenarios, a genuine threat. The BSI suspects it will be the former, and is not yet recommending specific countermeasures.
No comments:
Post a Comment