KEY POINTS:
Computer hackers are off and running trying to find vulnerabilities in Microsoft's new Windows Vista operating system, putting to test the software maker's claim that it is the most secure Windows programme ever.
The new version of Windows, the computer operating system that runs over 95 per cent of the world's computers, became available to consumers yesterday after five years of development and a number of delays to improve security.
A high-profile new product like Windows Vista draws interest from the entire spectrum of the computer security industry, ranging from hackers trying to exploit a breach for criminal means to researchers looking to make a name for themselves as security experts.
"For sure, people are hammering away on it," said Jeff Moss, the organiser of Defcon, the world's largest hacking convention. "If you are a bad guy and you find a problem, you have a way to spread your malware and spyware."
Most security experts see Vista as a more secure operating system than its predecessor, Windows XP, but even Microsoft acknowledges it's not impenetrable and attackers will undoubtedly look for a way in.
Attackers can use spyware programmes to monitor a computer remotely and collect personal information on a user. They can also control machines remotely to attack websites, send spam email or defraud online advertisers.
Vista's comes with built-in anti-spyware software, and new account controls curb the ability of users to unintentionally install harmful programmes. The high-end versions come with a feature called BitLocker that encrypts a computer's hard drive in the case of a lost or stolen machine.
"We know from the outset that we won't get the software code 100 per cent right. No one does in the entire software industry ... but Windows Vista has multiple layers of defence," said Stephen Toulouse, senior product manager at Microsoft's trustworthy computing group.
Windows Vista runs over 50 million lines of software code and Redmond, Washington-based Microsoft invested US$6 ($8.81) billion to develop the first new operating system since it released Windows XP in October 2001.
Microsoft's ability to protect Windows from attackers is seen as a critical litmus test for a product that generated more than $10 billion in sales last year, especially to large institutional customers who are extra careful.
Another key element in Microsoft's plan to combat attacks will be automatic Windows updates sent to Vista users to patch up vulnerabilities and changes to its anti-spyware products.
In the past, attackers honed in on vulnerabilities in the core Windows operating system, but those types of attacks are being cast aside for attacks from email, instant messaging and applications downloaded from the Web.
"In the past with XP, they could attack the operating system itself to infect you. Today the OS is stronger but threats can still get on your system," said Oliver Friedrichs, director of emerging technologies at security software maker Symantec Corp.
Johannes Ullrich, a cyber security expert at the SANS Institute research group, expects hackers are working furiously to win recognition as the first to find and publicise a security hole in Vista.
He also cautioned that hackers would still be able to launch attacks by taking advantage of vulnerabilities in Internet Explorer and Microsoft Office, and warned that criminals would hold off on exploiting holes until more users adopt Vista.
"Being the first to write an exploit for Vista is something a lot of people would like to do," Ullrich said in a telephone interview. "But ultimately any exploit will be used for financial gain."
- REUTERS