Last March, Microsoft grabbed headlines by announcing that Vista would not be available in time for the 2006 Christmas shopping season as expected. The firm never gave specific reasons for the miss, but it was a major setback for a product that had already been five years in the works. Microsoft immediately reorganised the platforms and services division responsible for the delay, putting a new executive, Steve Sinofsky, in charge of Windows development.
Privately, several sources familiar with Vista's development say that concerns over Vista's security caused the widely publicised slip in the product's ship date.
In fact, T-shirts reading 'I caused Vista to slip' soon became a common sight at Microsoft's Building 27, home to the Secure Windows Initiative group, to the chagrin of management. The group is responsible for securing Microsoft's software. "The shirt became very popular on campus," said one source who asked not to be identified.
Spend, spend, spend
Ben Fathi, corporate vice-president of Microsoft's security technology unit, isn't saying how much money the company has spent on making Vista secure, but judging by the contract work available for penetration testers – hacking professionals who specialise in poking and prodding systems to unearth vulnerabilities – it hasn't come cheap.
Although Microsoft will be sponsoring a Vista track at this year's Black Hat USA hacker conference, many of the most prominent Windows security experts are now under nondisclosure agreements, according to Jeff Moss, the show's director. "They've hired pretty much all of the bright people," he said. "So the number of speakers who can actually go out and publicly talk about Windows Vista security has rapidly dwindled."
For Fathi, this is a good thing.
"We believe that we have the largest group of penetration testers ever assembled," Fathi said. "It's costing me a lot of money. It's worth every penny, of course."
Microsoft's design choices will have a big effect on Vista's security as well.
Developers have changed the way Vista runs applications, scaling back the types of things that users can do by default, in order to limit the damage that malware can wreak on a system. And they have also changed the way Vista works with the computer's memory – by fencing off parts of memory and shuffling around the location of Windows functions – in order to make it harder for hackers to trick the PC into running malicious software.
"When you put all that stuff together, you end up making it a lot harder to write exploits," said Alex Stamos, a researcher who has worked with Microsoft in the past and is a founding partner of Information Security Partners.
This will make life harder for hackers, but it will also present challenges to users and legitimate software developers as well, who may suddenly have problems running their Windows XP code on Vista.
"They're basically breaking binary compatibility with a lot of things," Stamos said. "[This] really does mark a watershed change in thinking, from 'binary compatibility over all' to security being the most important thing."
As for Symantec's paper, Microsoft downplayed its importance last week. "The issues they discovered were all addressed in Beta 2.0," said Stephen Toulouse, a security program manager in Microsoft's security response centre.
But it appears that other important parts of Windows are being rewritten. Microsoft plans to talk further about some of the changes to "legacy functionality" at the Black Hat conference, which kicks off next week in Las Vegas, Toulouse said.
He declined to say what, exactly, would be discussed, however. "I'm not going to spoil the content so close to presenting," he said.
For part one of this story click here.