Vista joins the hacked club at Black Hat

Stan Beer
Monday, 07 August 2006 15:33

Business IT - Security

The word is that after throwing its new software creation Windows Vista at the mercy of some of the foremost security experts in the world, Microsoft witnessed its newborn baby get hacked. However, at a conference like Black Hat, where vulnerabilities are demonstrated in virtually everything from Mac OS X to Linksys routers, there should be no shame for the folks at Redmond.

In fact the Polish security researcher who demonstrated how to perform the dastardly deed on Vista admitted that she had to perform the hack in higher privileged administrator mode rather than the lower privileged user account control. However, she did also seem to indicate that the pop-up security boxes could simply entice some users to elevate their privileges in order to perform certain tasks and thus open themselves to a hack attack.

Windows watchers have pointed to the myriad of security pop-up boxes in Vista that threaten to assail users who wish obtain the necessary privileges to make changes to their configurations as a weakness in system. Some have hinted that pop-up box fatigue may tempt users to simply click accept without questioning what they're actually doing in order to elevate their privileges.

Being hacked aside, the fact that Microsoft has been prepared to openly put Vista to the test at Black Hat shows a level of confidence in the security of its product that was missing from all previous versions of Windows. The reaction has been mixed but certainly not all bad.

The question that remains, however, is whether Microsoft will take away the lessons learned from Black Hat and further refine the product. If so, what does this do to the release schedule?