There has been a lot of talk in tech circles about a potential security loophole in Microsoft’s new operating system Windows Vista’s voice command feature. A new powerful feature, it lets you issue commands to your computer by voice instead of using keyboard or mouse. For example you could say “delete abc.txt” to delete abc.txt file in current folder instead of pressing delete button. Or you could say “shut down PC” to shut down your computer.
However Microsoft has not built any authentication on whether the voice being used to issue commands is that of the logged in user (!). So it means if you have turned on this feature (luckily it is disabled by default on new Vista installations), a colleague passing by could issue commands to your PC. Or worse still, if your speakers were on, an audio file being played on a website or sent in email could issue commands to your PC and do nasty things like delete files etc.
Microsoft may add a pass phrase authentication to this feature in upcoming service pack so that a spoken pass phrase is associated with each other account. However its absence in initial release highlights how security has always been an after-thought at Microsoft. How come no one thought about this security hole during > 5 years of Vista development?
Till Microsoft issues a patch/service pack, it is best to keep your microphone off when voice dictation is on and not being used. 
