Microsoft partner: Vista less secure than XP

By Tom Espiner, ZDNet UK
19 March 2007 06:31 AM

Security company Kaspersky claimed that Vista\'s User Account Control (UAC), the system of user privileges that can be used to restrict users\' administrative rights, will be so annoying that users will disable it.

Natalya Kaspersky, the company\'s chief executive, said that without UAC, Vista will be less secure than Windows XP SP2. \"There\'s a question mark if Vista security has improved, or has really dropped down,\" she said to our sister site ZDNet UK at the CeBIT show in Hanover last week.

Kaspersky provides one of the scanning engines in ForeFront, Microsoft\'s business security product.

Arno Edelmann, business security product manager for Microsoft, said that Kaspersky\'s claims were surprising. \"We have a thriving community of partners, and Kasperky is one of our best partners,\" Edelmann told ZDNet UK. \"I find their statements a little strange because they have one of the best insights into Microsoft security products.\"

After being roundly criticised over its security strategy in the past, Microsoft has done a lot of work to improve its approach and has been touting Vista as its most secure operating system. But Kaspersky confirmed that her analysts had found five ways to bypass Vista\'s UAC, and that malware writers will find more security holes.

Kaspersky also added her voice to Symantec and McAfee complaints that PatchGuard, designed to protect the Vista kernel, is hindering security companies\' work.

\"PatchGuard doesn\'t allow legitimate security vendors to do what we used to do,\" said Kaspersky.

Symantec has claimed that PatchGuard is hurting security vendors more than it was hurting malware writers. Bruce McCorkendale, a chief engineer at Symantec, said: \"There are types of security policies and next-generation security products that can only work through some of the mechanisms that PatchGuard prohibits.\"

Eugene Kaspersky, the company founder, said last Thursday that while vendors had to interact with Vista legitimately, hackers were under no such constraints.

\"Cybercriminals seem not to care about Vista licensing,\" said Eugene Kaspersky. \"They don\'t need to follow regulations or be certified by Microsoft -- antivirus vendors do.\"

Tom Espiner reported for ZDNet UK from London

ZT
http://www.zdnet.com.au/news/software/soa/Microsoft_partner_Vista_less_secure_than_XP/0,130061733,339274261,00.htm

• r u one of those cybercriminals? -嫩頭青- ♂ (0 bytes) () 03/19/2007 postreply 09:01:49

• i would want to be 1 but have no skills,,, -Φ- ♀ (86 bytes) () 03/19/2007 postreply 09:09:34

• 趕緊拜太平洋寨主為師吧 -嫩頭青- ♂ (0 bytes) () 03/19/2007 postreply 09:26:45

• 稀飯啊，別聽他的，那些搗亂的事都是嫩寨主的傑作！ -太平洋- ♂ (0 bytes) () 03/19/2007 postreply 10:33:20

• 2位寨主真會相互推托阿，哼~ -Φ- ♀ (20 bytes) () 03/19/2007 postreply 13:29:46

• 已經拿到正版vista business版，不過想等SP2出來再裝 -德州老外- ♂ (47 bytes) () 03/19/2007 postreply 09:03:28

• yeah, i got 1 desktop installed w/ Vista -Φ- ♀ (36 bytes) () 03/19/2007 postreply 09:10:44

• 同意！先等等，然後再“踏著先烈們的足跡前進”！ -太平洋- ♂ (50 bytes) () 03/19/2007 postreply 10:37:04

• 好主意，不過也許不一定是足跡，是先烈們的“屍體” -中國民航- ♂ (0 bytes) () 03/20/2007 postreply 08:07:41

• 請教各為大大:未來5年,會有不能在XP上跑的程式嗎? -德州女孩- ♀ (0 bytes) () 03/19/2007 postreply 11:56:01

• 肯定會有，不過.... -π- ♂ (246 bytes) () 03/19/2007 postreply 14:14:12

• DirectX 10就不能在XP上跑。 -墨鬥魚- ♀ (0 bytes) () 03/20/2007 postreply 11:21:25

• 隨著DirectX10.0顯卡成為主流，遊戲玩家們很快就會－升級到Vista。 -墨鬥魚- ♀ (0 bytes) () 03/20/2007 postreply 11:43:16