Ads by TechWords

See your link here
Receive the latest technology news and information.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Symantec: Vista safer than predecessor, but still susceptible to legacy malware

February 28, 2007 12:00 PM ET

Computerworld - Microsoft Corp.'s much-touted security enhancements in Windows Vista have made it a safer operating system than previous versions of Windows, but it is still open to attack from legacy malicious code.

That's the major finding of a research study by Symantec Corp. that dissected security in the new operating system. Symantec released the results of its study today.

The goal of the effort was to determine whether new security technologies in Vista could protect against risks posed by legacy malicious code, said Ollie Whitehouse, a member of Symantec's advanced threat research team. All of the tests were performed on a Vista system running in a 32-bit environment using samples of existing worms, viruses, Trojan horses, keyloggers and other samples from Symantec's malicious code library.

What the results show is that although the percentage of successful attacks against Vista using existing malicious code is low, "there are threats that can execute and survive within the new Vista security model," he said. Because malicious code writers don't have to make many changes to get their code to run successfully against Vista, "it demonstrates to us that the knowledge to develop malicious code" against the operating system already exists, he said.

Symantec's research is useful and "injects some realism" into Microsoft's claims about Vista security, said Andrew Jaquith, an analyst at Yankee Group Research Inc. in Boston. "On the other hand, you've got to acknowledge that there is quite a bit of self-interest involved here in Symantec trying to show their tools are still relevant in the new world. To me this is both enlightening and entertaining."

Symantec's findings are based on a study of various new security enhancements in Vista including generic exploit mitigation technologies to protect against common classes of vulnerabilities such as buffer and heap overflows, kernel protection technologies such as driver signing and PatchGuard, and Microsoft's User Account Control (UAC), which is supposed to reduce risks by forcing users to run in a restricted environment and not as administrators.

Symantec's results showed that even with such technologies, about 3% of existing back doors and about 4% of existing keyloggers can successfully be installed on a Vista system and survive a reboot without any modifications to the code. In addition, 4% of existing mass mailers and 2% of Trojan horses and spyware programs tested successfully infected Vista, Whitehouse said.

No kernel-based tool kits however were able to penetrate Vista's defenses -- largely because of the limited privileges that UAC imposes on users by default, Symantec noted. However, the kernel can be penetrated if an attacker were able to elevate the privilege level to that of an administrator, at least in a 32-bit Vista environment, according to Symantec.



Jump to comments

Symantec

Additional Resources

WHITE PAPER
Approximately 60 percent of data migration projects overrun time or budget, while some fail completely. Download this white paper, "Enhancing Your Chance for Successful Data Migration," to learn the critical steps you need to take to execute a data migration project with minimum cost and risk to your business.
WHITE PAPER
Read the Gartner research note to learn why the TCO of a server-based computing deployment used to deliver all applications to users is around 50% lower than that of an unmanaged desktop deployment.
WHITE PAPER
Economic downturns have a tendency to accelerate emerging technologies, boost the adoption of effective solutions, and punish solutions that are not cost competitive or that are out of synch with industry trends. This IDC White Paper presents the results of an IDC survey of 330 companies in Western Europe, Asia/Pacific and the Americas that measures the receptiveness to Linux and takes into consideration changing views driven by the disruptive economic environment that businesses face today.

What People Are Saying

White Papers & Webcasts

Share our Strength
Download Now  

Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...

Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.

Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...