Vista security an issue at show

Microsoft's Vista OS may not be invulnerable to hacking, but will incorporate several features to front a better defense.

Microsoft has placed security as one of the top selling points for the Windows Vista OS, due out at the end of next year. But exactly how much more secure Vista will be than its predecessors is a point of concern here at the Microsoft IT Forum 2005 in Barcelona.

Vista will face an increasingly malicious online playing field, where it will be carefully probed by virus writers and hackers, said industry insiders here.

Banks haven't been able to completely stop bank robbers, said Amy Roberts, Microsoft's director of the Security Business and Technology Unit, but many of the new features in Vista will reduce the risk and ability for machines -- and their users -- to fall victim.

"I do think it will offer improved protection," Roberts said Wednesday during an interview at the Microsoft IT Forum 2005 in Barcelona.

And some security experts appear to agree that it has improved. Marcus Murray, senior security advisor for TrueSec, said he had seen Vista's security features under a nondisclosure agreement. While he did not elaborate on specifics, he said security was better, but warned that nothing is invulnerable.

A few of those security features have already been incorporated into Windows XP Service Pack 2, including data-execution protection that uses both software and hardware capabilities to deflect damage from buffer-overflow attacks, Roberts said. Antispyware protection under the renamed product Windows Defender will be incorporated into Vista, through Internet Explorer 7.

In addition, a user-account protection feature in Vista allows for greater control of the access a person has to perform certain functions, Robert said.

Murray commented on Vista during a session titled "Why I can hack your Windows network in a day." Earlier in the session, Murray showed how it was possible to perform several hacks by downloading a few free GUI (graphical user interface) tools. One of those he demonstrated was a Trojan horse creation and management tool.

Running on a host computer after delivery via e-mail, the Trojan allows for complete control of the computer and installation of a range of other malicious tools that allow other actions such as keystroke logging, Murray showed. After the Trojan was installed, a window popped up in the lower right-hand corner on Murray's computer that said "A new victim is available."

"Almost anybody today can be a hacker," he said.

When asked if the free hacking tool would work with Windows Vista, he said it is possible it would but in any case "there will be new tools."

One of out of 10 people react to a phishing e-mail, Murray said, and more than 70 percent of computers are running some sort of malware, or harmful software. Phishing is a technique used to trick people into responding to a fraudulent e-mail asking for personal information, such as an e-mail that asks for a user name or password to an online banking site

The problem is that antivirus technology is reactive, and it takes someone to notice a virus or malware for it to be reported and counteracted, Murray said. But many Trojans have small footprints and are hard to detect.

In a recent case where three Dutch men have been accused of illegally controlling 1.5 million computers, those machines were downloading new versions of their malware as antivirus programs caught up with previous ones, he said.

Virus and malware creators are more interested now in financial gain, rather than in the past when the goal of the "bad guys" was to show their intelligence, Roberts said. "That has changed the notion of what we are trying to protect against," she said.

"It's pretty scary," said Jonathan Noble, who runs Windows PC clients as a computing officer for the University of Newcastle at Newcastle upon Tyne in England, of the presentation. "It still means you have an awful lot of potential problems."

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?