Hackers will feed on Vista in 2008, says McAfee

Now that Vista has a market share, malware authors have the OS in their sights

Microsoft will face more than 40 vulnerabilities in Windows Vista next year, as the operating system climbs past the 10% market-share milestone and malware authors really start to find flaws, a McAfee analyst said.

"Most of the current malware has ignored Vista," said Craig Schmugar, a threat researcher at McAfee's Avert Lab -- but that's not because the operating system has been frustratingly secure against attack. Rather, Schmugar argued, Vista's gotten off easy its first year because hackers didn't think it was a worthwhile target.

"These people make their living writing malware or attacking users," he said. "They're driven by financial motivation, and only when market share has an impact will they really work on Vista."

At some point in 2008, Vista will own a tenth of the desktop operating system market, Schmugar predicted. The milestone should mark the beginning of concerted efforts by attackers to root out vulnerabilities in the newer operating system. "Although the huge market share that XP has means [attackers] will still be profitable there for years to come, Vista at 10% will put it on their radar," he said.

According to data from Web metrics vendor Net Applications, Vista's market share was about 7.9% at the end of October, up from 7.4% the month before.

"In the short term, Microsoft's case that Vista is more secure is supported by the data," conceded Schmugar, who referred to data Microsoft has cited from its Windows Malicious Software Removal Tool. In its most recent report on the tool Microsoft said the program cleaned malware from "60% less Windows Vista-based computers compared to computers running Windows XP SP2."

Schmugar's argument is that while that number is probably accurate, Vista's better performance isn't due only to its security prowess; it also stems from the fact that hackers haven't paid much attention to it.

"You look at the big malware, the most significant threats, and there's nothing specific to Vista in them," Schmugar said. "As Vista gains in adoption, it then impacts malware authors and forces them to focus attention on finding vulnerabilities, or to alter their social engineering techniques to accommodate it."

If that concept sounds familiar -- that market share plays a part in determining the vulnerability profile of an operating system -- it's because Mac OS X users have long relied on it. "There are definitely parallels between Mac OS X and Vista" when it comes to the likelihood of an attack, Schmugar said. "Operating systems aren't bulletproof. You can have an OS that's attacked less, certainly, but a larger part [of the equation] is market share."

This expected increase in attention, as well as past trends, led Avert Labs to project that Vista will be hit with between 40 and 45 vulnerabilities during 2008, more than double the number of flaws disclosed in its first nine months.

"The National Vulnerability Database reports 19 Windows Vista vulnerabilities in the first nine months," stated Avert Labs' just-published top 10 threat predictions. "This compares with 16 Windows XP vulnerabilities during a comparable period. [But] the number of reported Windows XP vulnerabilities more than doubled in the following 12 months." Avert came up with its estimate for 2008 by using that same doubling-plus rate.

"Some of those will come from malware authors digging a little deeper into Vista," said Schmugar, "and others will come from using the research on Vista that's already been done."

Avert Labs' other predictions for next year can be found in the report posted on its Web site.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld
Show Comments

Essentials

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?