Month: October 2006

The BBC reports that a senior Microsoft executive has promised that its new operating system will be more secure than ever.

Jean-Philippe Courtois, president of Microsoft International, said that beefing-up security was one reason behind delays to Windows Vista.

I think Microsoft should be applauded for their relatively recent commitment to the subject of security in their products particularly given their laissez-faire attitude to it up until a few years ago. But Microsoft promised the same thing about their previous Operating System release and Windows XP proved to be their least secure system ever until they beefed up the security with the Service Pack 2.

The thing about software security though is that it’s effectiveness can only be judged in retrospect because modern software is now so complicated particularly operating systems that the process used to create it inevitably introduces bugs and security holes.

So the Microsoft engineers may well have patched all the security flaws that had been exposed through previous releases and the testing of this release of Windows Vista, but there will no doubt be new holes that have been inadvertantly created that no one has even conceived of yet.

One such newly introduced security hole has been discovered by researcher Joanna Rutkowska and it’s a biggie. She describes it a blue pill a reference to the movie The Matrix and would allow a malicious hacker to completely compromise a system and the user would have no indication at all that their syetm had been compromised.

Rutkowska’s Vista kernel attack did not rely on any known bugs in Vista, which is still in beta testing. She stressed that her demonstration did not rely on any implementation bug nor any undocumented Windows Vista functionality. She characterized her approaches as “legal,” using documented SDK features.

As she says it did not rely on any known bug within Windows Vista so who knows what other security problems might have been engineered into the operating system that haven’t yet been uncovered by Microsoft’s own testers or by third party researchers.

Internet crime eclipses burglary in survey of perceived risks

Fear of internet crime is now more prevalent than concerns about more conventional crimes such as burglary, mugging and car theft, according to a report published today. And criminals are increasingly targeting cyberspace as more and more people shop online and use internet banking services.

The study was conducted by Get Safe Online, a UK internet security awareness campaign launched last year by the government, the Serious Organised Crime Agency and big online companies.

More than a fifth of internet users (21%) feel more vulnerable to electronic crime than any other type of criminal activity. It is second only to bank card fraud (27%) as the type of crime to which survey respondents felt most exposed. Internet crime has overtaken burglary (16%) as one of the crimes people feel most at risk of.

Of course like many things that people fear the perception differs hugely with the actual reality of the situation. That’s not to say that there isn’t a risk of becoming a victim of crime on the internet but that there are simple and easy precautions that people can take to minimize their exposure.

The problem is that the internet is still largely an unfamiliar environment for most people even if they do shop and bank online. There is generally an awareness amongst people of the crime rate in their area and so they can gauge to what extent they are of at risk of being burglarised. But the internet exists as a single place in the minds of many people and so every story they hear of crimes carried out online further increases their anxiety about it.