According to Computerworld, Microsoft confirmed today that hackers are exploiting an unpatched bug in DirectX via Internet Explorer versions 6 and 7. A Microsoft representative quoted in the article says that “A user needs to be lured to navigate to a malicious web site or a compromised legitimate web site to be affected” but no further action is needed.
However, only users on Windows XP and Windows Server 2003 are vulnerable. Windows Vista and Windows Server 2008 are immune. Users running Internet Explorer 8 are also not vulnerable.
If you read many of the Windows and Internet Explorer security bulletins Microsoft has published since the release of Windows Vista, you’ll see that a lot of those vulnerabilities do not apply to Windows Vista and Windows Server 2008 (which incorporate the same security model). It should be clear from this that while Microsoft Windows is by no means immune to attack, great strides have been made in Windows security since the XP days.
Microsoft worked with security experts to improve the Windows security model for Vista. The result of this work is a reduced level of vulnerability to exploits like the one described above. While Vista security (and by extension, Windows 7) is by no means hacker-proof or invulnerable, it does seem to be more resilient than Windows XP to attack. Microsoft continues to take a proverbial beating in the media because the majority of Windows desktops are still running Windows XP (or earlier). Combine the number of XP systems with its weaker security, and you have a perfect recipe to make Microsoft products as a whole seem to “still” be insecure.
It will be interesting to see what happens in the Windows security space if Microsoft is successful in convincing most customers to upgrade to Windows 7 when it’s released. While I would not be so stupid as to suggest that Windows 7 will be a panacea and eliminate all the security problems in the Windows space, I do believe it will make the kinds of attacks that are commonplace in Windows XP far more difficult to pull off… and hopefully far less numerous.
Since this is a site that discusses multiple desktop operating systems, it might appear to be implied that I’m suggesting Windows 7 and Windows Vista are “more secure” than other desktop operating systems such as Linux or Mac OS X. That is not the case. The point I am attempting to make is merely that Microsoft has improved security in Vista and 7 relative to earlier Windows releases. Whether this security is “better” than that of OS X or Linux (or not) is not the point.
Apple’s television ads portraying the “PC” as