Symantec: Vista safer than predecessor

While safer than previous versions, Vista may still be open to attack, research finds

Microsoft's much-touted security enhancements in Windows Vista have made it a safer operating system than previous versions of Windows, but it is still open to attack from legacy malicious code.

That's the major finding of a research study by Symantec that dissected security in the new operating system. Symantec released the results of its study Wednesday.

The goal of the effort was to determine whether new security technologies in Vista could protect against risks posed by legacy malicious code, said Ollie Whitehouse, a member of Symantec's advanced threat research team. All of the tests were performed on a Vista system running in a 32-bit environment using samples of existing worms, viruses, Trojan horses, keyloggers and other samples from Symantec's malicious code library.

What the results show is that although the percentage of successful attacks against Vista using existing malicious code is low, "there are threats that can execute and survive within the new Vista security model," he said. Because malicious code writers don't have to make many changes to get their code to run successfully against Vista, "it demonstrates to us that the knowledge to develop malicious code" against the operating system already exists, he said.

Symantec's research is useful and "injects some realism" into Microsoft's claims about Vista security, said Andrew Jaquith, an analyst at Yankee Group Research in Boston. "On the other hand, you've got to acknowledge that there is quite a bit of self-interest involved here in Symantec trying to show their tools are still relevant in the new world. To me this is both enlightening and entertaining."

Symantec's findings are based on a study of various new security enhancements in Vista including generic exploit mitigation technologies to protect against common classes of vulnerabilities such as buffer and heap overflows, kernel protection technologies such as driver signing and PatchGuard, and Microsoft's User Account Control (UAC), which is supposed to reduce risks by forcing users to run in a restricted environment and not as administrators.

Symantec's results showed that even with such technologies, about 3 percent of existing back doors and about 4 percent of existing keyloggers can successfully be installed on a Vista system and survive a reboot without any modifications to the code. In addition, 4 percent of existing mass mailers and 2 percent of Trojan horses and spyware programs tested successfully infected Vista, Whitehouse said.

No kernel-based tool kits however were able to penetrate Vista's defenses -- largely because of the limited privileges that UAC imposes on users by default, Symantec noted. However, the kernel can be penetrated if an attacker were able to elevate the privilege level to that of an administrator, at least in a 32-bit Vista environment, according to Symantec.

"The kernel integrity protection mechanisms that are present on 64-bit Windows Vista can only be described as a bump in the road," Symantec said. "That is, while these technologies may slow down an attacker, they do not provide a meaningful defense against a determined attacker."

"Much has been done with Vista" to improve its security, Whitehouse said. But the efforts are mainly focused on threats to the operating system itself, even as attackers have begun focusing on other things such as e-mail, instant messaging and Web-based attacks, he said.

"I think malware writers are going to take a careful look" at Vista's weaknesses, Jaquith said. For example, the backward compatibility that Microsoft has had to integrate into the operating system, which was offered to consumers starting on Jan. 30, presents a potential soft spot. Similarly, new communications protocols supported by Vista -- and the fact that Microsoft has rewritten the entire TCP/IP stack around the operating system -- are potential targets for malware researchers.

"That said, we have always believed the measures Microsoft has taken in Vista is going to make it much harder for malware writers to create damage," he said.

Russ Humphreys, Microsoft product manager for Vista security, said the company is "evaluating" the information provided by Symantec, particularly issues in the operating system's GS Flag technology and its Address Space Layout Randomization feature.

"It is important to note that none of the security features in Windows Vista, either individually or collectively, are intended as a 'silver bullet' solution to the problem of computer security," Humphreys said in en e-mailed comment. "Instead, our defense-in-depth approach makes Windows Vista far more difficult to attack than any previous version of Windows, thus making it more secure." He said that Vista reflects a "right balance" between usability and security.

"This report does not properly address the fact that many of the Window Vista security technologies have numerous options that allow for a user to make their own judgments as to their need for security balanced against usability," he said.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jaikumar Vijayan

Computerworld
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?