Vista and Vigilance

Halvar Flake, Sabre Security 


I have been told that I can write a blog entry for the BlueHat blog, with little or no editing, and now I sit here and have to make up something interesting to write about. I have a bit of a writers block today, caused by being tired, jetlagged, and already halfways on my way to the airport for my flight back. Also, the first draft of my blog post tried to be witty, and failed spectacularly at that.


Bluehat is an interesting event – it’s quite enlightening to talk to the people here. MS usually has problems to solve that are larger (and by extension more interesting) than most other companies.


One has to admit that Vista is arguably the most secure closed-source OS available on the market. Microsoft did do a good job at addressing the issues of previous Windows versions. Progress on all fronts has been achieved, and MS is probably better than any other closed-source software vendor when it comes to the security of their products.


This makes it difficult for attackers. The cost of developing an exploit for Vista is significantly higher than for any previous versions.


As a result, I think that most of the security researchers will move on to greener pastures for a while. Why try to chase a difficult overflow out of Vista when you have Acrobat Reader installed, some Antivirus software with shoddy file parsing, and the latest ITunes ?


I expect only a small number of remotely exploitable vulnerabilities in Vista. We will see everybody else getting hammered though. But, for a while, there will be (relative) quiet and calm in Redmond.


It is important to keep in mind though that everybody is just waiting for Microsoft to become complacent again. Secretly, all attackers are hoping that Vista will be a failure, security spending will be scaled back and nobody will attempt to build a secure mainstream OS again.


Let’s wait and see where this goes. It was fun being here, and I hope that I will be back at some point in the future.