Microsoft has tweaked the security settings of its forthcoming Windows Vista operating system, vnunet.com has learnt.
The software vendor in the latest Release Candidate 2 version of the operating system has disabled some security features while others that were previously switched off have been activated, Marc Maiffret, chief technology officer for security vendor eEye told vnunet.com.
The security features are designed to prevent buffer overflow attacks.
A buffer overflow is triggered when an attacker attempts to store data beyond the boundaries of a fixed length buffer. It can result in an application crash or, in some cases, allow an attacker to take control of a system.
Security settings that are too stringent, however, can prevent existing applications from functioning. Microsoft has designed numerous technologies that are all put in Windows Vista. Activating different combinations allows the software developer to strike a balance between the optimal level of security and application compatibility.
"Even in final version they will have variations [from the current RC2 version]," said Maiffret. "They will change how it's configured by default and how the different layers are going to be enabled by default."
Stringent buffer overflow protections impact applications that use memory in non-standard ways. Some games for instance are designed to execute video buffering to get better graphics performance.
The changes are noticeable because Microsoft typically does not make any large adjustments to its software after the Release Candidate 1. Changes to the software can lead to compatibility issues with third-party applications and hardware devices.
Windows Vista will be made available to PC manufacturers and large enterprises this November. The software's consumer launch is scheduled for January 2007.
A spokesperson for Microsoft stressed that the changes do not impact end users. The company did not follow up on a promise to provide further information on the security changes in RC2.
Microsoft tweaks Windows Vista security
By Tom Sanders on Oct 16, 2006 5:42PM