Symantec Says Vista Code Not Battle Tested
In a report issued this week, Symantec provided results of its evaluation of three different public, pre-release versions of Vista, which includes a completely rewritten TCP/IP network stack.
The network stack is inherently a very complex component in the OS, and this will likely lead to some security related growing pains for Vista as bugs are identified and fixed, said Oliver Friedrichs, director of emerging technologies in Symantec's Security Response division.
While it's too early to conclude that the Vista network stack will be insecure, Microsoft may find it difficult to flush out all the bugs before Vista's anticipated ship date in January 2007, Friedrichs said.
"Writing a network stack from scratch involves some challenges that will present themselves while the stack matures, before and after Vista is released," he said.
Symantec researchers found a number of areas where the Vista's stack was susceptible to stability issues and vulnerable to malformed data and input, said Friedrichs, adding that he believes Microsoft will find and fix a large number of these prior to releasing Vista.
In examining Vista, the researchers also discovered a number of undocumented protocols that aren't Internet standards, such as the Link Layer Topology Discovery protocol (LLTD), Friedrichs said. "Without indication of what services these protocols represent, they represent a security challenge for locking down the network perimeter," he said.
Vista supports IPv6 as well as new Windows collaboration technologies such as PNRP (Peer Name Resolution Protocol) and PNM (People Near Me), but the code behind these protocols could become a target for attackers because it hasn't been battle tested, according to Friedrichs.
"The challenge of these new protocols is that they represent a number of areas where invasions can occur in a corporate network environment," said Friedrichs. Intrusion detection and prevention systems will have to be equipped to analyze the traffic from these new protocols in order to continue protecting networks, he added.
A Microsoft spokesperson said given that Windows Vista is still in the beta stage of the development, the claims made in Symantec's report are premature and unsubstantiated. "Highlighting issues in early builds of Windows Vista does not accurately represent the quality and depth of the networking features," the spokesperson said.