From that article it looks like all some hacker has to do is program an installer for his attack and trick someone into installing it.

I have seen some people arguing this, the basis of their argument being UAC and Random Memory Management to make buffer overflow attacks more difficult or impossible.

However, it seems to me that the sheer size and complexity of Windows is now working against it. They may have patched some of the previous holes, but that does not mean that new holes won’t be found.

Let’s discuss this a year from now.

Hacker, Microsoft duke it out over Vista design flaw (ZDnet Zero Day blog)
http://blogs.zdnet.com/security/?p=29

Apple Darwin Streaming Server Denial of Service
Apple iTunes Arbitrary Code Execution
Apple QuickTime for Windows Denial of Service Vulnerability
Apple ‘quicktime.qts’ Error in Parsing ‘qtif’ Images Remote Denial of Service

US-CERT’s list is bogus, since it includes many non-Microsoft products that simply RUN on Windows. If you apply this logic, then you have to accept that every MOAB finding was an OS X vulnerability.

Personally, I find XP to be reasonably secure when using Firefox, so I would imagine that Vista + Sandboxed IE7 is probably good enough for most people. Other stuff, like moving some drivers to user-space, and not running as an admin in the default install, probably help too. There will be vulnerabilities, and there will be exploits, but hopefully they’ll be minor and easily-patched. I am an eternal optimist.

That said, saying stuff like “Vista users now have a system that is ’secure by design’ to a greater degree than Mac OSX.” is idiotic.

I am pretty clueless when it comes to Vista. Can you explain that further? Provide citations?

Didn’t they say that about XP, comparing it to the security of earlier Windows versions?

“Secure by design” is only as good as: 1) the design, 2) the implementation, 3) the way people use it. If users end up turning off the security features, then it doesn’t matter one bit that it’s secure by design. The human element is the hardest to control for.

Microsoft’s software is the biggest ssecurity threat on an Apple computer, either in the form of Office for Mac or the potential disaster of installing the dreaded XP or Vista on an Intel Mac.