|
| Top
Security News |
FTC Tags DirectRevenue For $1.5 Million
A settlement with DirectRevenue and four of its principals will bar the company from offering future downloads without the express consent of users, and a straightforward way to uninstall it. The Federal...
When Social Engineering Gets Physical
Criminals may be a superstitious, cowardly lot in Batman's world, but an evildoer in the real world may be ready to fight as one security company learned. Steve Stasiukonis wrote a tale of how his Secure...
Russians Aided Turkish Bank Hackers
Computers instead of handguns were the weapons of choice of Turkish hackers who stole $300,000 from online banking customers, with the help of three Russians who sold them login data. Police...
Clicking A Link Gets More Dangerous
The developers who built a proof of concept they call Drive-By Pharming said that by simply viewing the malicious web page would trigger major changes in...
Internet Explorer Open To New Flaw
An issue with the WinInet module (wininet.dll), used in Internet Explorer and other applications, has a vulnerability in its handling of FTP sessions. Microsoft has posted updates to address the problem.
Solaris Admins, Your Telnet Is In Danger
A zero-day exploit affecting Telnet in Solaris 10 and 11 has emerged, which makes us wonder just who in the world is running Telnet as a public service these days. The eEye zero-day tracker delivered another...
Bot Battlers Bruised By Botnets
The scary part of bot infestations running on millions of PCs connected to the Internet comes from the revelation that sometimes the bot herders work cooperatively rather than competitively.
|
|
|
|
The security company has been looking into Windows Vista since 2005, and published an assessment of its security implications.
As a caveat, one of Symantec's Vista articles regarding User Account Control (UAC) has been disputed as to its potential impact. Symantec has provided a new set of documents that reflect the research they have performed to determine just how secure Vista may be.
The company separated Vista's security improvements into three categories:
Generic kernel mitigation
Kernel integrity
System integrity and user-mode defenses
The generic kernel methods in place would impact some of the more common vectors used by attackers. Symantec thinks Vista would "successfully inhibit the exploitation of memory corruption and memory manipulation vulnerabilities."
If that is the case, situations like stack buffer and heap overflows would be stopped in Vista, negating what had been a potent vector for many malicious worms.
Maintaining the integrity of the kernel means keeping rootkits from taking hold in Vista. Symantec cited three technologies deployed by Microsoft as investments in improving kernel security; these are only present in the 64-bit versions of Windows Vista:
Driver signing
Code Integrity
PatchGuard
Driver signing and Code Integrity require verification of kernel drivers and core operating system binaries. These methods aim to keep malicious code out of the heart of the OS, and detect any code tampering that may have taken place.
Symantec called PatchGuard "the most controversial" of the group. It prevents key OS structures from being patched or extended in kernel memory. PatchGuard's techniques are used both by security vendors like Symantec, and by rootkit creators.
The possibility for attackers to subvert PatchGuard exist. Symantec feels that PatchGuard "may not provide a meaningful defense" against a determined attacker.
With the system integrity and user-mode defenses, Microsoft wants to achieve the most software functionality with the least privileges needed by the Vista user. Fewer available privileges means an exploit that hits a system would have less impact than one operating otherwise.
Symantec against touched on the UAC issue, which we noted above has been questioned as to its likelihood of being part of a chain leading to an exploit. The greater concern comes from the ability of users to turn off security functions like UAC.
Continue reading this article.
About
the Author:
David Utter is a technology writer for SecurityProNews, WebProNews, and InternetFinancialNews.
|
|
,
Inc. 2549 Richmond Rd. Lexington KY, 40509
