Hackers will feed on Vista in 2008, says McAfee

Now that Vista has a market share, malware authors have the OS in their sights

Microsoft will face more than 40 vulnerabilities in Windows Vista next year, as the operating system climbs past the 10% market-share milestone and malware authors really start to find flaws, a McAfee analyst said.

"Most of the current malware has ignored Vista," said Craig Schmugar, a threat researcher at McAfee's Avert Lab -- but that's not because the operating system has been frustratingly secure against attack. Rather, Schmugar argued, Vista's gotten off easy its first year because hackers didn't think it was a worthwhile target.

"These people make their living writing malware or attacking users," he said. "They're driven by financial motivation, and only when market share has an impact will they really work on Vista."

At some point in 2008, Vista will own a tenth of the desktop operating system market, Schmugar predicted. The milestone should mark the beginning of concerted efforts by attackers to root out vulnerabilities in the newer operating system. "Although the huge market share that XP has means [attackers] will still be profitable there for years to come, Vista at 10% will put it on their radar," he said.

According to data from Web metrics vendor Net Applications, Vista's market share was about 7.9% at the end of October, up from 7.4% the month before.

"In the short term, Microsoft's case that Vista is more secure is supported by the data," conceded Schmugar, who referred to data Microsoft has cited from its Windows Malicious Software Removal Tool. In its most recent report on the tool Microsoft said the program cleaned malware from "60% less Windows Vista-based computers compared to computers running Windows XP SP2."

Schmugar's argument is that while that number is probably accurate, Vista's better performance isn't due only to its security prowess; it also stems from the fact that hackers haven't paid much attention to it.

"You look at the big malware, the most significant threats, and there's nothing specific to Vista in them," Schmugar said. "As Vista gains in adoption, it then impacts malware authors and forces them to focus attention on finding vulnerabilities, or to alter their social engineering techniques to accommodate it."

If that concept sounds familiar -- that market share plays a part in determining the vulnerability profile of an operating system -- it's because Mac OS X users have long relied on it. "There are definitely parallels between Mac OS X and Vista" when it comes to the likelihood of an attack, Schmugar said. "Operating systems aren't bulletproof. You can have an OS that's attacked less, certainly, but a larger part [of the equation] is market share."

This expected increase in attention, as well as past trends, led Avert Labs to project that Vista will be hit with between 40 and 45 vulnerabilities during 2008, more than double the number of flaws disclosed in its first nine months.

"The National Vulnerability Database reports 19 Windows Vista vulnerabilities in the first nine months," stated Avert Labs' just-published top 10 threat predictions. "This compares with 16 Windows XP vulnerabilities during a comparable period. [But] the number of reported Windows XP vulnerabilities more than doubled in the following 12 months." Avert came up with its estimate for 2008 by using that same doubling-plus rate.

"Some of those will come from malware authors digging a little deeper into Vista," said Schmugar, "and others will come from using the research on Vista that's already been done."

Avert Labs' other predictions for next year can be found in the report posted on its Web site.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?