Vista Aims to Stop Hackers' Social Engineering Ploys
Modernizing Authentication — What It Takes to Transform Secure Access
News Analysis: Microsoft maintains that by addressing the social aspect of IT attacks, the portion that can dupe even the smartest users into launching malware-laden attachments or clicking unknown URLs, Vista will improve PC security significantly
Microsoft says the Windows operating system software is not the weakest link in desktop security, and contends that Windows Vista will help limit the greatest vulnerability of all—users' bad decision-making.
While previous iterations of Microsoft's dominant operating system hit the market with an abundance of security loopholes that left users open to many different forms of attack, Microsoft officials said new features offered in Vista will not only make it harder for malware writers attack the OS, but will also make it more difficult for users to hang themselves out to dry.
Executives pointed to Microsoft's SDL (Security Development Lifecycle) program as an attempt to root out many of the coding flaws that have left gaping security holes in previous versions of Windows during development, and said the primary thrust of the security tools added in Vista has been to help customers help themselves.
From its UAC (User Account Control) feature, which is meant to limit the ability of viruses to gain access to administrator status on desktops, to the anti-phishing filters built into the newly released Internet Explorer 7 browser, Microsoft has attempted to give users the mechanisms they need to do a better job of watching their own backs, said Ben Fathi, the Redmond, Wash., company's vice president for the Windows core operating system.
Microsoft doesn't expect that Vista will be tight enough to evade all forms of malware, despite all the work done to shut holes via the SDL program, Fathi said, but it does believe it has given users the right set of warnings and tools to help better police their own habits.
Read the full story on eWeek.com: Vista Aims to Stop Hackers' Social Engineering Ploys