19 July 2006, 17:44

Symantec: Windows Vista's Network Stack Less Stable than XP's

Programming from scratch may be a good idea for some software products, but the idea may backfire for Windows Vista. This was at least the finding of a study by security specialists Symantec, following an exhaustive analysis of the new network stack. The code for Windows XP, by contrast, was so mature that it had been cleaned of nearly all flaws, the study indicates.

The company tested the available beta versions of Vista using various hacking tools, revealing numerous flaws that could, among other dangers, undermine the stability of the system. However, they note that no holes large enough to allow an infiltration of the computer were found. Yet once Vista comes onto the market, it's only a matter of time, the specialists write in their study "Windows Vista Network Attack Surface Analysis: A Broad Overview."

Support for IPv6 and peer-to-peer protocols like Peer Name Resolution Protocol (PNRP) that are making their premiere with Vista are likely to become particularly tempting targets for malicious code, the study suggests. Furthermore, protocols like the Link Layer Topology Discovery Protocol (LLTD) or Teredo for IPv6 tunneling across IPv4 have not yet been sufficiently analyzed in terms of security. The Symantec experts used Beta 2 Builds 5231 and 5270 for their investigation.

The vulnerabilities found by Symantec had already been eliminated in the next Beta release, Build 5384, even without Symantec having informed Microsoft about their findings, possibly because Vista is the first desktop operating system to be developed within a Security Development Lifecycle (SDL) framework. Among other things, a threat model is developed as part of the design phase and a static code analysis serves to prevent errors during implementation. The Redmond-based software maker has also introduced code auditing and security tests. At the end of the SDL, the product is tested for vulnerabilities and flaws by a team independent of the developers.