Symantec: Vista safer than predecessor

28.02.2007

Symantec's results showed that even with such technologies, about 3 percent of existing back doors and about 4 percent of existing keyloggers can successfully be installed on a Vista system and survive a reboot without any modifications to the code. In addition, 4 percent of existing mass mailers and 2 percent of Trojan horses and spyware programs tested successfully infected Vista, Whitehouse said.

No kernel-based tool kits however were able to penetrate Vista's defenses -- largely because of the limited privileges that UAC imposes on users by default, Symantec noted. However, the kernel can be penetrated if an attacker were able to elevate the privilege level to that of an administrator, at least in a 32-bit Vista environment, according to Symantec.

"The kernel integrity protection mechanisms that are present on 64-bit Windows Vista can only be described as a bump in the road," Symantec said. "That is, while these technologies may slow down an attacker, they do not provide a meaningful defense against a determined attacker."

"Much has been done with Vista" to improve its security, Whitehouse said. But the efforts are mainly focused on threats to the operating system itself, even as attackers have begun focusing on other things such as e-mail, instant messaging and Web-based attacks, he said.

"I think malware writers are going to take a careful look" at Vista's weaknesses, Jaquith said. For example, the backward compatibility that Microsoft has had to integrate into the operating system, which was offered to consumers starting on Jan. 30, presents a potential soft spot. Similarly, new communications protocols supported by Vista -- and the fact that Microsoft has rewritten the entire TCP/IP stack around the operating system -- are potential targets for malware researchers.