In an analysis of a network of Trojan-infested PCs used for sending spam, security researcher Joe Stewart at SecureWorks in Atlanta found last month that 99.95 percent of the "bot-net" machines were running Windows, nearly half of which were Windows XP with Service Pack 2. This service pack was released in 2004 to address security issues but appears to have failed. All eyes are now on Windows Vista, which introduces another round of security-focused features. Will it prove more effective than XP with SP2?
Antivirus vendor Sophos appeared to answer that with a press release declaring that "Sophos experts note that on the launch date of Microsoft's Windows Vista operating system, three of the top 10 [malware threats] are capable of bypassing the operating system's security defences and infecting users' PCs."
Depressing stuff, but I was intrigued. How were these viruses bypassing Vista's UAC (User Account Control), which means that users run by default with limited permissions rather than as local administrators? I asked Vanja Svajcer, the Sophos researcher who carried out the tests, how the machines had been infected. "That wasn't actually part of the test," he told me.
The focus was on how the malware behaved after it had been run on the user's PC. What Svajcer discovered was that there are common viruses which once installed will perform and replicate without requiring administrative privileges. It's a fair point, though I'm not sure that it counts as "bypassing the operating system's security defences".
I was surprised to discover that Svajcer is impressed by Vista's security measures. I asked him whether Vista is as secure as Mac OS X or Linux. "It's certainly as good," he said. "It's not that Windows is less secure, but being the most widespread operating system makes it such a target for malware."
SecureWorks researcher Joe Stewart is also upbeat about Vista. "Vista brings a new level of defence to the game," he wrote in his blog. "It is going to limit spammers mostly to social-engineering attacks ('double-click this executable attachment, please')."
If that is what the experts say, then Vista may really be more secure than its predecessors, though malware writers will adapt.
The other disturbing factor is that the centrepiece of Vista's security, UAC, can easily be disabled. Turning it off removes annoying dialogs and improves application compatibility. That said, most of those dialogs will disappear once application developers learn to write software that performs correctly when run by standard users.
Give Vista a chance and do not disable UAC.
reader comments