Late on Christmas Eve, the New York Time’s John Markoff popped down the chimney at Redmond and filled Microsoft’s stocking with coal:
Microsoft is facing an early crisis of confidence in the quality of its Windows Vista operating system as computer security researchers and hackers have begun to find potentially serious flaws in the system that was released to corporate customers late last month.
Despite Microsoft assertions about the improved reliability of Vista, many in the industry are taking a wait-and-see approach. Microsoft’s previous operating system, Windows XP, required two “service packs” issued over a number of years to substantially improve security, and new flaws are still routinely discovered by outside researchers.
Markoff notes the first admitted Vista exploit discovered last week and five more discovered by security firm Determina including a drive-by exploit in Internet Explorer 7.
Frankly, there seems to be less there for Vista than meets the eye due to the special properties of IE7 running on Vista, but the point is that with Vista, Microsoft not only has to continually defend the operating system from security threats; they also have set themselves up to continually defend against the mere perception of security threats. That’s because enhanced security is Vista’s primary claim to novelty and improved functionality aside from the fancy new graphical user interface on the pricier versions. If Vista descends into a continual litany of exploits and rushed Patch Tuesday fixes like Windows XP, they’ve failed, if not disastrously, at least embarrassingly.
Microsoft has spent millions branding the Vista operating system as the most secure product it has produced. and it is counting on Vista to help turn the tide against a wave of software attacks now plaguing Windows-based computers.
Vista is critical to Microsoft’s reputation.
Although Vista, which will be available on consumer PCs early next year, has been extensively tested, it is only now being exposed to the challenges of the open Internet.
I guess we’ll all soon see how well they did, but the latest bug reports hardly seem to be a “crisis of confidence”. How about “a cause for continued wary observation”?