"Microsoft has removed a large body of tried and tested code and replaced it with freshly written code, complete with new corner cases and defects," the researchers wrote in the report, scheduled for publication Tuesday, according to CNet. "This may provide for a more stable networking stack in the long term, but stability will suffer in the short term."
Vista, slated to be broadly available in January, will be the first major new version of Windows for PCs since XP, which was released in 2001. Microsoft has put a stronger emphasis on protecting PCs in the new operating system, as security has grown in importance over those five years. Symantec's report draws attention once again to Microsoft's goal of improved security and the hurdles it faces in getting there.
Microsoft said Vista is being developed with the highest attention to security. Highlighting issues in early builds of Windows Vista does not accurately represent the quality and depth of the networking features, the software maker said.
Microsoft also noted that Vista will be the first client-based operating system to go through the company's complete Security Development Lifecycle, a process designed to prevent flaws and vet code before it ships.
Traditionally allies, Microsoft and Symantec are now going head-to-head in the security arena. In late May, Microsoft introduced Windows Live OneCare, a consumer security package, and the software giant is readying an enterprise product. Symantec has also sued Microsoft, alleging misuse of data storage technology it licensed to the company.
Aside from security flaws, features supported by Vista's new networking technology could expose a PC running the operating system, according to Symantec's report.
For example, Vista will be the first Windows version to support IPv6, the next update of the technology standard used to send information over computer networks, by default. To help transition to the new protocol and for peer-to-peer networking features, Microsoft has functionality called IPv6 tunneling in Vista. This functionality could expose PCs that otherwise would be invisible behind a firewall, Symantec said.
The technology that underlies Vista's peer-to-peer collaboration features, much ballyhooed by Microsoft, could also pose a security threat, Symantec said. To provide these features, Microsoft has added support for serverless name-resolution protocols, such as Peer Name Resolution Protocol (PNRP), that allow a Vista PC to operate in a network of Vista machines without a central server.