| |
Growing pains for Vista By Sven Appel
dpa German Press Agency
Published:
Saturday March 17, 2007 |
|
By Sven Appel,
Berlin- A modern operating system like Windows Vista
includes millions of lines of code. Thousands of workers toiled for
years to develop Microsoft's newest product - which means all the
more potential for bugs.
Although Vista has already been on the market for a few weeks now,
negative reports have actually been relatively mild. A few hiccups
are clearly audible, however.
"The biggest problem is missing drivers," says Axel Vahldiek from
Hanover-based c't magazine. Without those programmes, generally
provided by hardware makers, peripheral devices either cannot
function properly or will not work at all.
The problem isn't just limited to older or exotic hardware: the
GeForce 8800 graphic chip supports the DirectX 10 graphics interface
used by Vista and is found on fast, high-end graphics cards. Yet
Nvidia still hadn't managed to make a driver available by the end of
February.
The website for the market leader in graphics chips has long
offered a beta, or preliminary, version of the driver. Vahldiek
warns against using such beta drivers, however: "They do not ever
work error-free." Relying on them can lead to data loss, he says.
Another problem with Vista is related to security: In the view of
the German Federal Agency for Security in Information Technology
(BSI) in Bonn, the current discussion surrounding Vista's account
administration function, User Account Control (UAC), is particularly
interesting, says Thomas Caspers, an expert on operating system
security.
The discussion was given a jolt by Polish security expert Joanna
Rutkowska, who publicized a hole in the system.
UAC is designed to require administrator access to install new
software. That means increased security at first. Yet, according to
Rutkowska it also means that games downloaded off the internet are
also granted full rights.
From a technical point of view, this is completely unnecessary.
If malicious code is hidden in the game, then it has a clear path to
the computer.
Passwords are effective only for keeping curious lay users from
accessing the computer. Little more than a bit of determination is
needed to crack the access passwords on Windows Vista. Elcomsoft, a
Russian firm, is for example offering software to perform just that
job - ostensibly for users who have forgotten their password.
Anyone in possession of a Vista version with the BitLocker
encryption programme should use it. The software makes files
encrypted with BitLocker unreadable even if an intruder gains access
to the computer using the Elcomsoft programme.
All in all, however, the problems with Vista more closely resemble
"growing pains" than serious flaws. Vista does not assign standard
rights to many antivirus programmes to access all folders, Vahldiek
explains.
Yet if a virus scanner cannot check through certain parts of the
computer that might potentially contain bugs, it is not performing
its duty. In such cases manual configuration is required.
Still, no major problems have as yet turned up for Vista. Peter
Knaak, computer expert for the German consumer testing organization
Stiftung Warentest in Berlin presumes that some vulnerabilities will
start showing up for Vista in the coming weeks and months.
He therefore recommends waiting until Microsoft releases Service
Pack 1 for Vista before making the switch. Service packs are a
collection of updates to iron out a large group of individual
problems.
No date has been provided as yet for Service Pack 1, says
Microsoft spokeswoman Irene Nadler. What is certain is that Microsoft
will release security-related updates on a regular basis via the
Update function built into Windows.
INFO BOX: Vista's speech recognition as security hole
Experts are reporting on a potential security hole in Windows
Vista: its speech recognition system. It could be used to send
commands to remote computers from over the internet - in theory, at
least. According to Thomas Caspers from the German Federal Agency for
Security in Information Technology (BSI) in Bonn, it remains unclear
whether talking malware will end up being an amusing side note or, in
certain scenarios, a genuine threat. The BSI suspects it will be the
former, and is not yet recommending specific countermeasures.
© 2006 - dpa German Press Agency
Comment Here
|
