Symantec: Vista fairly secure but still full of holes

Symantec says Microsoft has done a decent job securing Vista, but there are still many holes that could be exploited

Windows Vista delivers on some of the security improvements Microsoft promised for it, but there are still a host of ways attackers can exploit the OS and leave users open to threats, according to findings by Symantec.

The security vendor's Security Response Advanced Threat Research group Wednesday released four reports on the security implications of Vista -- with two more to come next week -- and found that while the underlying OS is more secure, there are still unplugged holes that will allow malicious code to penetrate a user's system, said Oliver Friedrichs, director of Symantec's Security Response Emerging Threats group.

"There are areas where they are to be commended [because] they have eradicated certain types of threats," he said. "But there are areas where Microsoft falls short and continues to create exposure for consumers and enterprises."

Microsoft has done a good job at locking down the core OS against memory-manipulation threats, such as buffer overflows that were used by worms such as Blaster and Sasser to attack Windows, Friedrichs said. This security improvement has spurred attackers into changing their tactics and target third-party applications that run on the OS rather than the OS itself, he said.

It's in protecting applications where Vista falls short, Friedrichs said. "Third-party applications are still exposed," he said.

Third-party application drivers running on the 64-bit version of Vista are especially vulnerable due to the ability to disable the driver-signing feature of the 64-bit kernel, Friedrichs said. Symantec security researchers were able to disable this new feature -- which requires all kernel drivers to be signed digitally by a reputable party in order to load into the kernel -- in just one week.

Other new 64-bit kernel features -- patchguard and code integrity -- also could be disabled in a week, he added. Patchguard protects the kernel from direct threats such as rootkits, and code integrity enables the OS to protect itself and its applications from external manipulation.

Another feature in Vista that was supposed to improve the security of the system actually poses a new security threat, Friedrichs said. User account control, a feature that can be set up so a Vista user has limited privileges to access an application or an administrator function, actually can be bypassed by hackers to allow someone to gain full and unrestricted access to the OS, he said.

"Originally it was considered to be one of the most notable security technologies in Vista," Friedrichs said. "More recently, because of research done both by Microsoft and third parties, we found that the technology is not as effective as originally envisioned."

Friedrichs acknowledged that it may be self-serving for Symantec, which offers add-on security products for Windows, to publish findings that the OS is not secure. But he said that his group conducted its research by a legitimate scientific method. Moreover, the research is intended to provide recommendations to Microsoft for improving Windows security in the future.

In a statement through its public-relations firm, Microsoft defended its position that Vista is the most secure client version of Windows to date. But the company said it will take into consideration research by Symantec and other parties about Vista and make changes if necessary to make the OS even more safe against possible threats.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Elizabeth Montalbano

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?