Microsoft’s efforts to enhance security is a positive step towards protecting against malicious threats, but it is unclear whether the current security functions implemented in Vista can remove the need for security software.
Windows Vista is unlikely to deliver long-term robust security protection, according to an article published by Kaspersky Lab: Vista vs. Viruses, written by Alisa Shevchenko, virus analyst at Kaspersky. The article examines several key security aspects of Vista, including User Account Control, PatchGuard and Internet Explorer 7 security features.
The User Account Control function ensures that any user, including the Administrator, has minimal rights and any ‘suspicious’ activity results in either a request for confirmation or a request to enter a password.
However, according to Shevchenko, a large number of harmless actions can be classed ‘suspicious’, even if they turn out not to be malicious. Alerting the user to each of these is likely to cause such a high volume of alerts that the user will either disable the security feature or enter the Administrator password. Shevchenko also claims that “any type of protection can be evaded, and because of this, the advantages provided by this new layer of defence are conditional, and as practice shows, temporary.”
The PatchGuard function monitors modifications to the core system. As with the User Account Control function, it can be evaded or disabled. Kaspersky also questions PatchGuard’s protection against rootkits as it only offers protection against certain types of rootkit, not all. This means that virus writers, rather than tackling PatchGuard head on, can simply use a rootkit to disable it. It’s also important to note that Patchguard applies only to 64-bit systems; and it will take some time before such systems become widespread.
The Internet Explorer 7 Security Features are designed to protect PCs against Internet threats which execute malicious code or install Trojans on to the system.
In Protected Mode, browser code is launched with the lowest level of privileges such as limited access to the file system, for example. It can be enabled or disabled by the user for each separate zone.
ActiveX Opt-in is a function which blocks all ActiveX management tools apart from those that are explicitly allowed by the users. It can also be disabled by the user (this has always been the case in Internet Explorer).
Cross-Domain Scripting Attack Prevention is designed to prevent scripts working with each other across domains and, in doing so, to protect against phishing attacks. However, it is important to note that phishing attacks which use cross-domain scripting comprise only a small percentage of attacks.
The article concludes that “Vista is undoubtedly more secure than previous operating systems from Microsoft. And, a system which is configured in such a way that everything is blocked except for access to designated sites could be regarded as being absolutely secure. However, the majority of users will find the significant restrictions on actions which effectively sterilise the system unacceptable, just as the constant requests to confirm or enter a password for an action which the system defines as being ‘potentially dangerous’. And, it is at this point that the ‘almost totally secure’ system is transformed in to a ‘more vulnerable’ system. ”
|
You are here: hacking technology
> the virus to be related
> Content
Category: Home
> the virus to be related