That's the major finding of a research study by Symantec Corp. that dissected security in the new operating system. Symantec released the results of its study Wednesday.
The goal of the effort was to determine whether new security technologies in Vista could protect against risks posed by legacy malicious code, said Ollie Whitehouse, a member of Symantec's advanced threat research team. All of the tests were performed on a Vista system running in a 32-bit environment using samples of existing worms, viruses, Trojan horses, keyloggers and other samples from Symantec's malicious code library.
What the results show is that although the percentage of successful attacks against Vista using existing malicious code is low, "there are threats that can execute and survive within the new Vista security model," he said. Because malicious code writers don't have to make many changes to get their code to run successfully against Vista, "it demonstrates to us that the knowledge to develop malicious code" against the operating system already exists, he said.
Symantec's research is useful and "injects some realism" into Microsoft's claims about Vista security, said Andrew Jaquith, an analyst at Yankee Group Research Inc. in Boston. "On the other hand, you've got to acknowledge that there is quite a bit of self-interest involved here in Symantec trying to show their tools are still relevant in the new world. To me this is both enlightening and entertaining."
Symantec's findings are based on a study of various new security enhancements in Vista including generic exploit mitigation technologies to protect against common classes of vulnerabilities such as buffer and heap overflows, kernel protection technologies such as driver signing and PatchGuard, and Microsoft's User Account Control (UAC), which is supposed to reduce risks by forcing users to run in a restricted environment and not as administrators.