Symantec: Vista fairly secure but still full of holes

Symantec says Microsoft has done a decent job securing Vista, but there are still many holes that could be exploited

Windows Vista delivers on some of the security improvements Microsoft promised for it, but there are still a host of ways attackers can exploit the OS and leave users open to threats, according to findings by Symantec.

The security vendor's Security Response Advanced Threat Research group Wednesday released four reports on the security implications of Vista -- with two more to come next week -- and found that while the underlying OS is more secure, there are still unplugged holes that will allow malicious code to penetrate a user's system, said Oliver Friedrichs, director of Symantec's Security Response Emerging Threats group.

"There are areas where they are to be commended [because] they have eradicated certain types of threats," he said. "But there are areas where Microsoft falls short and continues to create exposure for consumers and enterprises."

Microsoft has done a good job at locking down the core OS against memory-manipulation threats, such as buffer overflows that were used by worms such as Blaster and Sasser to attack Windows, Friedrichs said. This security improvement has spurred attackers into changing their tactics and target third-party applications that run on the OS rather than the OS itself, he said.

It's in protecting applications where Vista falls short, Friedrichs said. "Third-party applications are still exposed," he said.

Third-party application drivers running on the 64-bit version of Vista are especially vulnerable due to the ability to disable the driver-signing feature of the 64-bit kernel, Friedrichs said. Symantec security researchers were able to disable this new feature -- which requires all kernel drivers to be signed digitally by a reputable party in order to load into the kernel -- in just one week.

Other new 64-bit kernel features -- patchguard and code integrity -- also could be disabled in a week, he added. Patchguard protects the kernel from direct threats such as rootkits, and code integrity enables the OS to protect itself and its applications from external manipulation.

Another feature in Vista that was supposed to improve the security of the system actually poses a new security threat, Friedrichs said. User account control, a feature that can be set up so a Vista user has limited privileges to access an application or an administrator function, actually can be bypassed by hackers to allow someone to gain full and unrestricted access to the OS, he said.

"Originally it was considered to be one of the most notable security technologies in Vista," Friedrichs said. "More recently, because of research done both by Microsoft and third parties, we found that the technology is not as effective as originally envisioned."

Friedrichs acknowledged that it may be self-serving for Symantec, which offers add-on security products for Windows, to publish findings that the OS is not secure. But he said that his group conducted its research by a legitimate scientific method. Moreover, the research is intended to provide recommendations to Microsoft for improving Windows security in the future.

In a statement through its public-relations firm, Microsoft defended its position that Vista is the most secure client version of Windows to date. But the company said it will take into consideration research by Symantec and other parties about Vista and make changes if necessary to make the OS even more safe against possible threats.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Elizabeth Montalbano

IDG News Service

Comments

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?