Windows Vista and the coming criminal diaspora

Robert Vamosi CNET

Published: 04 Dec 2006

• 
• 
• 
• 
• 

Last week, Microsoft finally released Windows Vista to its business customers (retail consumers will have to wait until January 30, 2007). Security experts seem to agree that Windows Vista will be more secure than Windows XP. Further, the release of Windows Vista has shaped many security vendors' predictions of what lies ahead for 2007 and beyond. Basically, if you've become used to criminals hitting Windows XP, hold on to your seats -- it's going to be wild ride as the bad guys leave Windows and move on to other applications.

Security skirmish
In anticipation of the release, Jim Allchin, co-President of the Platform Products and Services Group, made an aside during one press interview — a single comment that has received far more attention than anything else said in the interview. Allchin said that his seven-year-old was running a locked-down version of Microsoft Windows Vista without antivirus software. That's a pretty bold statement from a company that only recently starting selling its own antivirus protection.

As you can imagine, any comment suggesting that third-party antivirus software might be unnecessary with Windows Vista prompted considerable noise from the antivirus community, with some security vendors already incensed by Windows Vista's PatchGuard kernel protections. But one security vendor, Sophos, actually took Allchin to task.

Vista is both secure and vulnerable
Researchers at Sophos discovered that four Internet viruses and worms — Stratio.zip, Netsky.d, and MyDoom.o — were able to execute on the Windows Vista system when an email client other than the one native in Windows Vista was used. The viruses date back to 2004, but collectively they comprise 39.7 percent of all malware still circulating on the Internet today. The researchers found that Windows Mail Client, which replaces Outlook Express within Windows Vista, was very effective in stopping these viruses and worms, in part because the client is smart enough to recognise and stop double extensions, a trick used by these particular mass mailers.

However, when the researchers used third-party clients, such as Lotus Notes and Web-mail applications, the malware samples were able to take root in the unprotected Windows Vista environment. Sophos recommends that businesses upgrade from Windows XP to Windows Vista because Windows Vista is more secure, but upgraders and early adopters should do so in recognition that Vista systems will still need antivirus, firewall and other security protection, as Windows Vista is not foolproof.

Et tu, Mac OS?
Oliver Friedrichs, director of emerging technologies at Symantec Security Response, predicts that new defences within Windows Vista against buffer overflows should shut down some current methods of attacks. Echoing Symantec's views, McAfee and other vendors are predicting that criminal hackers will turn away from operating system flaws and return to more traditional (and lately neglected) targets. Consider the recent attacks against Microsoft Office. But also we've seen fresh attacks against RealNetworks streaming video and Adobe Web products (Flash, Reader and Shockwave).

When criminal hackers look beyond Windows, they'll also start focusing seriously on Macs. Symantec recently published a report detailing vulnerabilities within Mac OS X. In The Mac OS X Threat Landscape: An Overview, which is available to members of Symantec's DeepSight subscription service, Symantec suggests that increased hacker scrutiny of Mac OS X will yield results. Mac OS X is based on FreeBSD, with an underlying kernel known as Darwin, a Mach-based kernel. Mac OS X integrates functionality from BSD and Mach and inherits many of the same security — and therefore, security flaws — as Unix-based operating systems. Vulnerabilities so far discovered within Mac OS X have included privilege escalation, client-side code execution and remote code execution.

And games, too
Recently, the online game Second Life suffered a worm. Security experts I've spoken with weren't surprised; wherever there's money, the criminals will follow. Currently, there's a lot of money (both real and virtual) in the online gaming community.

I think Windows Vista plays only a small part in this new criminal diaspora. There was a lull in malware during the year after Windows XP came out. I've always thought that criminals were just getting used to the new OS. But computer criminals have become far more sophisticated, well beyond our image of a lone hacker sitting in his parents' basement, and I think we won't see such a lull in 2007. With criminals dedicated to looking at flaws within different operating systems and within specific applications, I think I'm going to be busy in the coming months.

Related articles

• 
• 
• 
•