One animated cursor bug, many animated critics.
Microsoft ’s failure to spot the animated cursor bug in Windows Vista could be a disconcerting sign that Vista’s security-oriented development process slipped up, researchers have suggested.

“Apparently Microsoft still hasn’t learned that counting vendor acknowledged vulnerabilities isn’t a good way to establish the security of an OS. As an analysis of Microsoft’s claims on Full Disclosure shows, we see that the methodology used was badly flawed. A bug in Firefox (not to mention emacs), counts as a flaw for Linux, while IE bugs get ignored on Vista’s chart. Then we see that vulnerabilities aren’t vulnerabilities when they’re security-challenged features such as Vista’s Teredo. Also, there’s far too little consideration given to severity, given that it stoops to counting even extra access restrictions on a file in OSX to have something to show. In short, the original Microsoft analysis was good PR and poor research.”

“A version of Vista that removes security-related functionality has the potential to be an even greater turkey,” it said. “Security is a major concern for the European market and needs to be addressed on multiple different fronts. If the EU is going to ask Microsoft to remove security-related functionality then it needs to be very precise in its request and very clear why it is making the request. It has the potential to cause a major market disruption, with no benefit for the end-consumer whatsoever.”

Tags: Microsoft-security, vista, Windows-security, Windows-Vista