All the latest UK technology news, reviews and analysis
|
|
|
16 Oct 2006
Microsoft has tweaked the security settings of its forthcoming Windows Vista operating system, vnunet.com has learned.
Some security features in the latest Windows Vista Release Candidate 2 have been disabled, while others that were previously switched off have been activated, Marc Maiffret, chief technology officer at security vendor eEye, told vnunet.com.
The security features are designed to prevent buffer overflow attacks triggered when an attacker attempts to store data beyond the boundaries of a fixed length buffer.
This can result in an application crash or, in some cases, allow an attacker to take control of a system.
Security settings that are too stringent, however, can prevent existing applications from functioning normally.
Microsoft has designed numerous security technologies for Windows Vista. Activating different combinations allows the software giant to strike a balance between application compatibility and optimal levels of security.
"Even the final version of Windows Vista will have variations [from the current RC2]," said Maiffret. "Microsoft will change how it is configured by default and how the different layers are going to be enabled by default."
Stringent buffer overflow protections affect applications that use memory in non-standard ways. Some games, for instance, are designed to execute video buffering to achieve better graphics performance.
The changes are noticeable because Microsoft does not typically make any large adjustments to its software after Release Candidate 1. Changes to the software can lead to compatibility issues with third-party applications and hardware devices.
Windows Vista will be made available to PC manufacturers and large enterprises in November. The consumer launch is scheduled for January 2007.
A spokesman for Microsoft stressed that the changes do not affect end users. The company did not follow up on a promise to provide further information on the security changes in RC2.
Latest stories from Operating Systems
Related articles
Related jobs
Poll
What will be the biggest change to corporate technology in the future?
TFL director of Games transport Mark Evers discusses how the public transport network is preparing for this summer's event
Connect with V3.co.uk
The wrong printers, for the wrong tasks on the wrong contracts
Who leads the BI pack and who should we be watching out for?
PHP developer - CSS, HTML, Javascript, MySQL, Linux...
Senior BPM Developer (Java, J2EE, Agile, Spring, Struts...
As a Business Analyst you will play a key role in understanding...
C#/ASP.NET Team - Gloucester - My client has an urgent...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Generalizations From The Clueless
The so called Chief Hacking Officer of the failing security vendor eEye has zero clue what he is talking about. As usual we have him talking to reporters not on things that he knows about personally but on things that his lackies in the research department tell him. He, nor is anyone at eEye a credible source. When did they have time to look at Vista between dropping zero day to create risk and pirating IDA Pro There are only so many hours in a day to churn out poorly written software with easily bypassable protection technologies. Maybe Mr. CHO can take some time off of his musings at regret.org and release another worm or attack more competitor products or like he did in the past release a worm that attacks competitor products. Vnunet should be ashamed of themselves for giving an unethical, former script kiddy who defaced web sites, want to be businessman a forum to grow his own ego.
Posted by: George Bush 16 Oct 2006