In association with heise online

06 December 2007, 14:30

Blue Hat Conference: Windows locked, applications open

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Recently, the SANS Institute concluded that the number of security vulnerabilities in Windows is dropping, while the number in applications is rising. Now, the US media report that Microsoft has confirmed this trend at its own invitation-only Blue Hat Conference for hackers. The word is that "applications are dangerous". Attackers increasingly exploit holes in applications to get inside and gain control of systems.

Thomas Dullien, a participant at Blue Hat and reverse-engineering specialist better known under his pseudonym Halvar Flake, says that Microsoft has in a way become a victim of its own success in making Vista and XP safer. He says that Vista is the hardest mainstream operating system to crack that he has ever seen – so hard, in fact, that criminals simply look for other alternatives. Dullien says that if he were on the "dark side", he would hope that Vista fails as an operating system. At the moment, he says it is too soon to tell whether the greater security that Vista offers will convince users to switch quickly because security is hard for users to measure, and hence hard to sell.

Dullien says that Microsoft spent more than 1 billion dollars tightening the hatches on Vista, far more than any other vendor of an operating system. Although Microsoft has not published any exact figures, he says the figure must be enormous.

Serving as chairman of the conference, Bill Gates remarked at a side event that a number of security problems are the result of the internet's simple design. He pointed out that the internet is primarily designed for high reliability, not for security, which was not an issue in the beginning when the internet was mainly used by universities. But now, he says an additional security layer needs to be added.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit