The networking technology underpinning Windows Vista may be less stable on release that that behind Windows XP, according to an analysis by security firm Symantec.

Microsoft has re-written its networking stack for Windows Vista in order to allow for "easier maintenance, improved performance, and improved stability". But an analysis by security researchers at Symantec found a variety of security flaws with early builds of the OS.

In a white paper based on this research, Windows Vista Network Attack Surface Analysis: A Broad Overview (PDF (http://www.symantec.com/avcenter/reference/ATR-VistaAttackSurface.pdf)), the researchers conclude that Vista may be less stable, at least for the immediate future, than Windows XP. They reached this conclusion after looking at the stability of Vista, searching for undocumented or unexpected behavior and probing for the effect of adding support for new protocols, such as native support for IPv6. Researchers also looked for the susceptibility of Windows Vista to well known attacks, fixed in previous versions of Windows.

The Symantec team are careful to note that their tests were conducted on beta code, designed for testing purposes. Bugs are constantly getting identified and fixed with each build. Symantec reckons that the complete rewrite of Windows network stack - along with the introduction of new protocols such as LLTD, IPv6, Teredo, SMB2, and encapsulation - will prove a far bigger security headache for Microsoft and its customers.

"A number of the issues we had identified in the earlier Vista builds have already been fixed in later ones. We fully expect that trend to continue up until Vista’s final release. [But] network stacks can take several years of real-world scrutiny before they are battle hardened. It will be interesting to observe to what degree the Windows Vista network stack accomplishes this in such a compressed time frame," Symantec concludes in a posting about its paper on its security blog here (http://www.symantec.com/enterprise/security_response/weblog/2006/07/post.html). ®

Related stories

Symantec: Microsoft conflict of interest is damaging internet (7 February 2007)
http://www.theregister.co.uk/2007/02/07/symantec_thompson_microsoft/
IE ripe for attack, despite Microsoft claims (1 February 2007)
http://www.theregister.co.uk/2007/02/01/windows_vista_security/
Worms own Symantec users (17 January 2007)
http://www.theregister.co.uk/2007/01/17/symantec_worm/
MS sees out year with another Vista attack (28 December 2006)
http://www.theregister.co.uk/2006/12/28/ms_investigates_vista_attack/
It's the information, stupid (11 October 2006)
http://www.theregister.co.uk/2006/10/11/symantec_security_strategy/
Symantec, Accenture couple on outsourcing (11 October 2006)
http://www.channelregister.co.uk/2006/10/11/symantec_accenture/
Microsoft Vista final beta released (9 October 2006)
http://www.theregister.co.uk/2006/10/09/vista_final_beta/
Share the Vista vision, Microsoft tells security rivals (3 October 2006)
http://www.theregister.co.uk/2006/10/03/mcafee_windows_vista_security_risk/
Hackers target home users for cash (25 September 2006)
http://www.theregister.co.uk/2006/09/25/symantec_threat_report/
Just how buggy is Firefox? (8 September 2006)
http://www.theregister.co.uk/2006/09/08/firefox_bug_analysis/
Vista joins MS patch treadmill (18 August 2006)
http://www.theregister.co.uk/2006/08/18/vista_security_update/
Stealth attack undermines Vista defences (7 August 2006)
http://www.theregister.co.uk/2006/08/07/vista_black_hat_attack/
Symantec highlights Windows Vista user vulnerabilities (2 August 2006)
http://www.theregister.co.uk/2006/08/02/symantec_windows_vista_security/
Developers cry foul over Windows kernel security (28 July 2006)
http://www.theregister.co.uk/2006/07/28/ms_kernel_security_controversy/
Gates 'glad' to delay Vista some more (12 July 2006)
http://www.theregister.co.uk/2006/07/12/windows_vista_gates_delay/
Windows genuine disadvantage (7 July 2006)
http://www.theregister.co.uk/2006/07/07/wga_disadvantage/
MS demos Vista, Office 2007... on a Mac (3 July 2006)
http://www.reghardware.co.uk/2006/07/03/ms_demos_vista_on_mac/
MS re-spins WinFS (28 June 2006)
http://www.theregister.co.uk/2006/06/28/windows_vista_winfs/
Microsoft's future file system dies, again (26 June 2006)
http://www.theregister.co.uk/2006/06/26/winfs_axed/
The truth about Windows Vista hardware (15 June 2006)
http://www.reghardware.co.uk/2006/06/15/windows_vista_hardware/
Vista Beta ready at last (8 June 2006)
http://www.theregister.co.uk/2006/06/08/vista_beta_lives/
Getting on the right side of IE 7 security (6 June 2006)
http://www.theregister.co.uk/2006/06/06/getting_ie7_right/
Windows Vista - not so clear after all (9 May 2006)
http://www.theregister.co.uk/2006/05/09/windows_vista_clarity/