Symantec: Vista safer than predecessor, but still susceptible to legacy malware
Computerworld - Microsoft Corp.'s much-touted security enhancements in Windows Vista have made it a safer operating system than previous versions of Windows, but it is still open to attack from legacy malicious code.
That's the major finding of a research study by Symantec Corp. that dissected security in the new operating system. Symantec released the results of its study today.
The goal of the effort was to determine whether new security technologies in Vista could protect against risks posed by legacy malicious code, said Ollie Whitehouse, a member of Symantec's advanced threat research team. All of the tests were performed on a Vista system running in a 32-bit environment using samples of existing worms, viruses, Trojan horses, keyloggers and other samples from Symantec's malicious code library.
What the results show is that although the percentage of successful attacks against Vista using existing malicious code is low, "there are threats that can execute and survive within the new Vista security model," he said. Because malicious code writers don't have to make many changes to get their code to run successfully against Vista, "it demonstrates to us that the knowledge to develop malicious code" against the operating system already exists, he said.
Symantec's research is useful and "injects some realism" into Microsoft's claims about Vista security, said Andrew Jaquith, an analyst at Yankee Group Research Inc. in Boston. "On the other hand, you've got to acknowledge that there is quite a bit of self-interest involved here in Symantec trying to show their tools are still relevant in the new world. To me this is both enlightening and entertaining."
Symantec's findings are based on a study of various new security enhancements in Vista including generic exploit mitigation technologies to protect against common classes of vulnerabilities such as buffer and heap overflows, kernel protection technologies such as driver signing and PatchGuard, and Microsoft's User Account Control (UAC), which is supposed to reduce risks by forcing users to run in a restricted environment and not as administrators.
Symantec's results showed that even with such technologies, about 3% of existing back doors and about 4% of existing keyloggers can successfully be installed on a Vista system and survive a reboot without any modifications to the code. In addition, 4% of existing mass mailers and 2% of Trojan horses and spyware programs tested successfully infected Vista, Whitehouse said.
No kernel-based tool kits however were able to penetrate Vista's defenses -- largely because of the limited privileges that UAC imposes on users by default, Symantec noted. However, the kernel can be penetrated if an attacker were able to elevate the privilege level to that of an administrator, at least in a 32-bit Vista environment, according to Symantec.
Symantec
Additional Resources



White Papers & Webcasts
Death to PST Files
Download Now
The Tangled Web: Silent Threats & Invisible Enemies
Download Now
Tape Killed the IT Guy
Watch Now
Forrester Consulting Mobility Study: Taking Control of Enterprise Mobile Device Diversity
Download Now
BRM: What You Can Do To Reduce Risk In Challenging Times
Watch this webcast now!
What IT Must Do to Support Employee-Owned BlackBerry, iPhone and Android Mobile Devices
Download Now
Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".
eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...

