While Microsoft are making much of the enhanced security features offered by Windows Vista, there are concerns that in reality these enhanced features offer little more protection that is currently available. Back in August we saw reports of ‘BluePill’, a malware attack that uses CPU based virtualisation technology to effectively hide from the operating system and any antivirus programs that may be running along side. A second vulnerability was showcased at the same time which allowed attackers to bypass the certificate based driver protection by forcing drivers to be loaded from compromised virtual memory space.
More recently Sophos, the Anti-virus/spam provider has raised further questions as to the security of Windows Vista. Their most recent press release reveals that three of the top ten malware threats can successfully infect a machine running Windows Vista. The three threats—W32/Stratio-Zip (#1), W32/Netsky-P (#2) and W32/MyDoom-O (#6) which are commonly distributed via email were able to infect a machine if running no third party virus protection. While the new Windows Mail client was able to successfully detect and stop these threats from infecting the system, they were able to penetrate the inbuilt defences via third party web mail clients. This creates a huge security risk as it is nigh on impossible to block all third party web mail applications. It may be easy to block the major providers (Yahoo, Gmail and Hotmail) but with hundreds of smaller web sites, ISP’s and organisations offering users free web mail access the only option would be to block access to all websites other than those specifically authorised; a tactic most companies would be reluctant to enforce. Carole Theriault, a security consultant at Sophos commented, "While Microsoft should be commended for the huge security improvements it has made in Vista, running separate security software is still essential to eliminate the risk of infection. On top of this, cyber criminals will already be looking at creating Vista-specific malware.” It’s understandable that an antivirus company would come out with such opinions but far from crying wolf the comments are most defiantly valid.
With corporate editions of Windows Vista already available and retail editions being released in early 2007 it will be interesting to see if the security enhancements have any effect on the deluge of malware that currently hounds users. Will we see any improvement or will we see cyber criminals continue to innovate and find ways to bypass protection?
While reading about the security enhancements in Windows Vista I came across an amusing contradiction:
‘Why it Matters’—IT departments waste many of their resources solving problems caused by malware: slow computer performance, poor reliability, and security compromises. Windows Defender removes malicious software and gives users better control over the software on their computers.
Two paragraphs above this statement there is a note:
Note Windows Defender, is targeted at individual users and does not include enterprise management.
That would lead me to believe that it doesn’t matter to IT Departments…