Windows Vista Just a False Sense of Security

Microsoft has endowed Vista’s kernel with highly restricted access, in a bid to improve security in its new operating system. This extra security has succeeded in locking out hackers, malware purveyors and has apparently locked out security software as well.

Competing security software manufacturers say Vista’s security system alone is not enough to protect users from threats. Security firm, Webroot Software reported in January that its security testing of Vista revealed significant holes in its security shields. The tests showed Vista to have ineffective blocking capabilities and weak antivirus capabilities in the default anti-spyware and antivirus components within Vista. Webroot also found problems in Microsoft’s Live OneCare security suite.

Webroot said Windows Defender failed to block 84 percent of a testing sample set that included 15 of the most common variations of existing spyware and malware. On top of this, Windows Defender did not perform at the level of many third-party security applications.

Webroot also said that Windows Vista allowed a variety of threats to get through its security shields and remain undetected on its testing environment. These threats included adware, potentially unwanted programs (PUPs), system monitors, key loggers and Trojans. These results come after Windows Live OneCare recently came last in a recent of antivirus applications.

Webroot also stated that Microsoft’s additional charge to Vista users for antivirus protection through a subscription service, is a potential weakness in security, as consumers may be unwilling to make that purchase.

According to Max Secure’s Pradhan, Microsoft’s attempts to block out third-party security vendors raise questions of fairness. However, he believes that strategy will be short-lived.

“Microsoft should have learned that approach is not the best way to go. I see Microsoft changing because consumers will see that they do have a choice,” said Pradhan. “Microsoft is offering a system that is flawed. Consumers will force Microsoft to open up the kernel access when infections and attacks continue.”

On the other hand Marco Peretti, CEO of BeyondTrust, does not see Microsoft’s decision to lock down access to the Vista kernel all that damaging. Peretti believes that Microsoft has made accessing the kernel in the 32-bit version of Vista more difficult than in Windows XP.

“Microsoft is blocking the kernel only on 64-bit, not the 32-bit, platforms. To Microsoft the 64-bit Vista is the future,” Peretti noted, adding that 2007 and 2008 will see the mainstream adoption of the 64-bit Vista operating system.

The problem in Vista 64-bit is caused by the patch-guard which it utilises, according to John Safa, security expert and the chief architect at DriveSentry. This patch-guard prevents programs patching the key system functions, which are also used by hackers to create rootkits.

Safa also claims that these same functions are also patched by security vendors to detect threats, which they are now unable to do. In response to this, Microsoft has stated that it intends to provide access to security vendors of Vista 64-bit by the time it releases Service Pack 1 for Windows Vista. Service Pack 1 is currently scheduled for release in the second half of 2007.

Safa asserts that third-party security vendors are to blame for not developing strategies to dealing with Vista’s 32-bit compatibility issues. He also notes that third-party security vendors are adapting their products to work with the kernel restrictions in the 32-bit version. “There is no real reason why security vendors cannot have their product ready for Vista 32-bit,” he said.

Safa views Microsoft’s claim that it has locked down Vista equivalent to issuing an open invitation to the hacking community to prove it wrong. Safa notes, “There’s real money to be made in this high stakes game, and the rules have completely changed. Today’s malware threat has evolved into a destructive force that outpaces even the best antivirus signatures, leaving consumers’ personal data completely exposed to zero-day attacks.”

Visit Tech Sphere for more articles [http://www.techsphere.org/].