K
kirk jim
http://tinyurl.com/2a95n7
Vista: A False Sense of Security?
section: windows, for your questions: IT forum, 19.3.2007
Aiming to improve security in its new operating system, Microsoft has
endowed Vista's kernel with highly restricted access, locking out hackers
and malware purveyors.
It may have locked out other security software as well. That's not good, say
competing manufacturers, who say Vista's security system alone is not
enough. Weakness Found Computer security firm Webroot Software reported on
Jan. 25 that its testing revealed significant holes in Vista's security
shields. According to Webroot, its tests on Vista's security showed it to
have ineffective blocking capabilities and weak antivirus capabilities in
the default anti-spyware and antivirus components within the new operating
system. Problems were also found in Microsoft's Live OneCare security suite.
For instance, Webroot said Windows Defender failed to block 84 percent of a
testing sample set that included 15 of the most common variations of
existing spyware and malware. Also, Windows Defender did not perform at the
level of many third-party security applications.
Webroot said that Microsoft Vista permitted a variety of threats, including
adware, potentially unwanted programs (PUPs), system monitors, key loggers
and Trojans, to reside on the testing environment undetected.
Microsoft's additional charge to Vista users for antivirus protection
through a subscription, is a potential weakness in security. Consumers may
be unwilling to make that purchase.
Blocking Strategy
Microsoft's attempts to block out third-party vendors raises fairness
questions, according to Max Secure's Pradhan. However, he believes that
strategy will be short-lived.
"Microsoft should have learned that approach is not the best way to go. I
see Microsoft changing because consumers will see that they do have a
choice," he said. "Microsoft is offering a system that is flawed. Consumers
will force Microsoft to open up the kernel access when infections and
attacks continue."
Marco Peretti, CEO of BeyondTrust, does not see Microsoft's decision to lock
down access to the Vista kernel all that detrimental. He said Microsoft has
made accessing the the kernel in the 32-bit version of Vista more difficult
than in Windows XP.
"Microsoft is blocking the kernel only on 64-bit, not the 32-bit, platforms.
To Microsoft the 64-bit Vista is the future," Peretti noted, adding that
2007 and 2008 will see the mainstream adoption of the 64-bit Vista operating
system.
Lockdown Issue
The problem comes with Vista 64-bit, which utilizes patch-guard, according
to John Safa, security expert and the chief architect at DriveSentry. This
prevents programs patching the key system functions, which are used by
hackers to create rootkits.
These same functions are also patched by security vendors to detect threats,
which they are now unable to do, Safa claimed. Microsoft has said that it
intends to provide access to security vendors of Vista 64-bit by the time it
releases Service Pack 1 for Vista. This could be some time away.
The fault for not developing strategies for dealing with Vista's 32-bit
compatibility issues lies with third-party vendors, Safa contended.
Still, third-party security vendors are adapting their products to work with
the kernel restrictions in the 32-bit OS version.
"There is no real reason why security vendors cannot have their product
ready for Vista 32-bit," he said.
Hacker Challenge
Safa views Microsoft's claim that it has locked down Vista as tantamount to
issuing an open invitation to the hacking community to prove it wrong.
"There's real money to be made in this high stakes game, and the rules have
completely changed," Safa noted. "Today's malware threat has evolved into a
destructive force that outpaces even the best antivirus signatures, leaving
consumers' personal data completely exposed to zero-day attacks."
View: KezNews Discussion - Vista: A False Sense of Security?
source: technewsworld.com
Vista: A False Sense of Security?
section: windows, for your questions: IT forum, 19.3.2007
Aiming to improve security in its new operating system, Microsoft has
endowed Vista's kernel with highly restricted access, locking out hackers
and malware purveyors.
It may have locked out other security software as well. That's not good, say
competing manufacturers, who say Vista's security system alone is not
enough. Weakness Found Computer security firm Webroot Software reported on
Jan. 25 that its testing revealed significant holes in Vista's security
shields. According to Webroot, its tests on Vista's security showed it to
have ineffective blocking capabilities and weak antivirus capabilities in
the default anti-spyware and antivirus components within the new operating
system. Problems were also found in Microsoft's Live OneCare security suite.
For instance, Webroot said Windows Defender failed to block 84 percent of a
testing sample set that included 15 of the most common variations of
existing spyware and malware. Also, Windows Defender did not perform at the
level of many third-party security applications.
Webroot said that Microsoft Vista permitted a variety of threats, including
adware, potentially unwanted programs (PUPs), system monitors, key loggers
and Trojans, to reside on the testing environment undetected.
Microsoft's additional charge to Vista users for antivirus protection
through a subscription, is a potential weakness in security. Consumers may
be unwilling to make that purchase.
Blocking Strategy
Microsoft's attempts to block out third-party vendors raises fairness
questions, according to Max Secure's Pradhan. However, he believes that
strategy will be short-lived.
"Microsoft should have learned that approach is not the best way to go. I
see Microsoft changing because consumers will see that they do have a
choice," he said. "Microsoft is offering a system that is flawed. Consumers
will force Microsoft to open up the kernel access when infections and
attacks continue."
Marco Peretti, CEO of BeyondTrust, does not see Microsoft's decision to lock
down access to the Vista kernel all that detrimental. He said Microsoft has
made accessing the the kernel in the 32-bit version of Vista more difficult
than in Windows XP.
"Microsoft is blocking the kernel only on 64-bit, not the 32-bit, platforms.
To Microsoft the 64-bit Vista is the future," Peretti noted, adding that
2007 and 2008 will see the mainstream adoption of the 64-bit Vista operating
system.
Lockdown Issue
The problem comes with Vista 64-bit, which utilizes patch-guard, according
to John Safa, security expert and the chief architect at DriveSentry. This
prevents programs patching the key system functions, which are used by
hackers to create rootkits.
These same functions are also patched by security vendors to detect threats,
which they are now unable to do, Safa claimed. Microsoft has said that it
intends to provide access to security vendors of Vista 64-bit by the time it
releases Service Pack 1 for Vista. This could be some time away.
The fault for not developing strategies for dealing with Vista's 32-bit
compatibility issues lies with third-party vendors, Safa contended.
Still, third-party security vendors are adapting their products to work with
the kernel restrictions in the 32-bit OS version.
"There is no real reason why security vendors cannot have their product
ready for Vista 32-bit," he said.
Hacker Challenge
Safa views Microsoft's claim that it has locked down Vista as tantamount to
issuing an open invitation to the hacking community to prove it wrong.
"There's real money to be made in this high stakes game, and the rules have
completely changed," Safa noted. "Today's malware threat has evolved into a
destructive force that outpaces even the best antivirus signatures, leaving
consumers' personal data completely exposed to zero-day attacks."
View: KezNews Discussion - Vista: A False Sense of Security?
source: technewsworld.com