Windows Vista Security Testing

Hi, I’m Austin Wilson, Director of Product Management for Windows Vista security.   Our first focus for Windows Vista security is engineering the operating system for security.   Windows Vista is the first Windows client release to be developed end to end using the Security Development Lifecycle (SDL), detailed in this new book by Michael Howard and Steve Lipner . One important part of SDL is doing feature and threat model reviews, penetration testing , and code audits to find potential security issues before we ship.  We’ve had a significant focus on this throughout the product lifecycle using both Microsoft employees and external security researchers to do this testing.    We would like to thank these firms that have helped us do security testing of Windows Vista and acknowledge their assistance in helping us make Windows Vista more secure.  These firms are:



If you’re headed to the BlackHat Conference in Las Vegas next week, be sure to stop by and say hello.  We’ll have five different sessions related to Windows Vista security and we’ll have a booth as well.   Representatives and researchers from many of these security firms will also be attending BlackHat.  We’ll be giving away the latest Windows Vista July EDW DVDs at the booth.  We hope to see you there.

Comments (30)

  1. One again I was scanning the news when this article caught my eye. It discusses the complexity of trying

  2. One again I was scanning the news when this article caught my eye. It discusses the complexity of trying

  3. On many occasions I have mentioned that we enlisted the help of a number of third-party security professionals…

  4. Christian says:

    Ah, that’s the reason why Fefe is in the US right now.

  5. Microsoft are hosting an entire track giving technical insight and encouraging feedback at the Blackhat…

  6. Reader says:

    Thanks for passing out the CD’s. After Defcon I’m actually planning to try it out. How do we obtain product keys for installation?

  7. windowsvistasecurity says:

    The product key is printed on a sticker on the back of the envelope. Thanks for the comments and for trying Windows Vista.

    – Alex

  8. Ross says:

    What do you think of the recent demo at Black Hat 2006 where Joanna Rutkowska showed that it is possible to bypass security measures in Vista and allowing any unsigned device driver to be loaded? The demo was done with the Windows Vista Beta 2 kernel, x64 edition, that should prevent unsigned code from running. Rutkowska also explained how it is possible to use virtualization technology to make malicious code undetectable, in the same way a rootkit does.

  9. Jim Rome says:

    How about doing something really important: Take IE7 out of the OS itself and make it just an application like all others. My system got hosed when IE6 refused to run. I was then unable to install patches. Microsoft’d high-level support could not solve this and I was forced to reinstall from scratch. I should be able to install patches without using Active-X! The integration of IE into the OS itself is the biggest flaw in windows security IMHO. If IE has a vulnerability, it can attack the whole OS.

    And while we are on the IE7 topic, it still does an awful job of handling client certificates. By default, there is NO protection for the user’s private key. It should be set to High by default. The user has to protect his certificate HIGH several times in the import process. Hardly anyone will.

  10. Windows Vista のセキュリティテスト

  11. I was just looking at Jeff Jones’ security blog and noticed this post where he links to a new blog addressing…

  12. Jair Silva says:

    I’m looking for anti-virus for the 64-bit version. Any ideas?

  13. On many occasions I have mentioned that we enlisted the help of a number of third-party security professionals

  14. Bob Royce says:

    With all the improvements in security, why is the account password who adds the computer to the Domain in Unattend.XML file not encrypted. Its a security hole as large as Niagra Falls.

  15. liliuk says:

    ITs Like ME

    [url=]casino bonus[/url]

  16. larry reilly says:

    i think some body is down loading my microsoft programs to his computer threw mine is this possible if so how do i stop it? is my vista register from my computer?

  17. Blog says:

    Very good . You are doing a great job.

  18. jeronimo says:

    very good. you are doing job. thankful.

  19. jeronimo says:

    prefiero windows vista security testing,siempre.

  20. manu says:

    my vista is going has been switching off itself while iam working on it. i don’t have anti virus and i want to update it where can i get it in online download

  21. larry etchison says:

    i would like to know if my pc windows security my email is