At NASA, Windows Vista Isn't Ready For Launch

Space agency among the growing list of federal agencies that have put a temporary hold on Windows Vista rollouts.

The National Aeronautics and Space Administration is the latest federal agency to put a hold on PC upgrades to Windows Vista. NASA has decided against deploying Microsoft's five-month-old temporary bans on Vista.
NASA has set January 2008 as a "target" for beginning the transition from Windows XP to Vista, according to a spokesman for the federal agency, which has approximately 60,000 Windows PCs.
NASA typically waits until a service pack is released for any new operating system to ensure stability, the spokesman says. (Microsoft has not indicated if or when it will release a service pack for Vista.) The interim will also be used to ensure that NASA's applications are compatible with Vista and that its PCs meet the hardware requirements needed to run the operating system.
In a meeting with IT professionals and user-group representatives last week on Microsoft's campus, CEO Steve Ballmer rejected an assertion by a NASA computer scientist that Vista has been banned by most sectors of the federal government.
"Vista has been anything but banned from most parts of the U.S. federal government," Ballmer said, adding that he anticipated near-term adoption in "a number" of government accounts. He stopped short, however, of naming any government agencies that are in the process of deploying Vista or about to do so.


Written by John Foley

Mac vulnerability may also affect Windows

It turns out that the vulnerability isn't in Apple's Safari web browser after all, but in the interaction between QuickTime and Java.That's not an academic issue, as it means that using an alternative browser such as Firefox gives no protection against the exploit. While we are waiting for a fix from Apple, disabling Java in whichever browser you favour seems to be a reasonable precaution. If you need to use a web site that requires Java, decide whether you trust the site before turning it back on, and don't forget to disable it again when you've finished.The other point is that QuickTime is also installed on a lot of Windows PCs. So it seems likely that the bad quys are trying very hard to replicate Dino Dai Zovi's work, and they'll now be looking very closely at QuickTime and Java, especially on Windows.One potential problem is that QuickTime and Java could be working as intended, but Dai Zovi has found a way of using a facility in a way that the designers didn't envisage. Such vulnerabilities can be difficult to patch without breaking legitimate software.Dai Zovi's exploit is an attractive one, as no user interaction is required beyond opening a malicious web page (much like the recent ANI flaw that led Microsoft to release an early patch). Although people are more cautious about clicking on links in emails, it would be easy to plant the URL in blog comments and other places on the web.People who complain that the CanSecWest competition rules were relaxed when participants were unable to gain access without user activity are missing the point. Sure, the fact that Mac OS X withstood network-based probing is a good thing, but following hyperlinks is an everyday action and people simply don't critically evaluate every link before they click.In my book, any vulnerability that can be invisibly exploited via a web page calls for prompt attention. Users shouldn't have to wait for 'in the wild' exploits before the risk is taken seriously by the vendor.

Article Written by: Stephen Withers