Microsoft can't seem to catch a break when it comes to operating system security. The classic complaint has been that their operating systems are bloated with legacy code that have been passed down from one version of Windows to another, all in the name of backwards compatibility. Microsoft is finally doing something about it by completely rewriting key parts of Windows Vista from the ground up, including the network stack. They hope the new code will make Vista more secure and harder to exploit than previous Windows operating systems, at the cost of binary compatibility with legacy code. Despite their efforts, Microsoft is now under fire from Symantec who published a report last week suggesting that the new network stack is unstable. Symantec also noted new vulnerabilities in the Windows Vista networking software.
It is worthy of note that Symantec's report was based on an early beta of Windows Vista. Stephen Toulouse, a security program manager with Microsoft's security response center, claimed that the issues that were discovered in the report have been fixed in subsequent versions.
InfoWorld speculates that Microsoft may be in a no-win situation.
""You get beaten up if you modify the old code; you get beaten up if you write new code," said Russ Cooper, a senior information security analyst at Cybertrust. "The historic complaint against Microsoft has been that their code is bloated with all this legacy stuff. Rewrite it and now, 'this is too new; this is untested.'""