RSS

Vista To Force Shift In Attacks

David Utter
Staff Writer
2006-12-04

Insider Reports RSS Feed

Much of the current popular malware that can infest Windows PCs will have a harder time doing so in Vista, and that will have attackers changing the way they attempt to compromise Vista systems.

"..Use the Force..."

Security vendor Symantec took a look at how well Vista's user account control (UAC) would help fight off a host of current day attacks.

They fed a sample set of about 2,000 malicious code samples to a Vista system set up with the default UAC and analyzed how it fared against Vista's defenses.

The company's Orlando Padilla blogged about the results of their testing.

They found that current malicious code largely failed against the new operating system.

Unfortunately the failures could be overcome by diligent attackers. "It will only be a matter of time before attackers become more sophisticated, understand Windows Vista, and adapt to this new platform," he wrote.

Present day practices where attacking code tries to use various tactics to grab a foothold in a system failed at a high rate.

Although about 70 percent of Symantec's sample viruses did execute on the test system, only about six percent managed a full compromise.

After rebooting, only four percent of the sample set managed to survive the system being rebooted.

Much of the resistance can be credited to the UAC, since many attacks can only succeed if the user is running a system with sufficient privileges for the attack to make necessary changes on it.

"Malicious code authors will no longer target the system as a whole, but will be forced to target the user environment to accomplish what they want," Padilla said.

The problem comes as those attackers begin studying Vista and determining how to do that targeting.

Padilla wrote that "relatively minor changes" would allow creators of malware that failed to do anything in the test system to change their programs so they can survive on a Vista machine.

When it comes to the possibilities for altering a virus to attack Vista, a handful of existing threats look like candidates for this.

One of them, W32/Stratio-Zip, has been at the heart of one in three malware instances according to security firm Sophos; it also .

The company also said variants of Netsky and Mydoom could threaten Vista as is today, provided no other third-party security software was running on the targeted system.

If that is the case, it's probably a given that some sophisticated criminal outfit will update those viruses to exploit Vista.

---
Tag: Vista

Add to

Del.icio.us |

Digg |

Reddit |

Furl

Get all the updates -

About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More insider_reports_insider Articles

Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Featured On:

article resources

WebProWorld.com

•	Get in-touch with industry experts and leaders
•	Post your site for review by expert and peers
•	Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com


Titan Quest Forum The #1 Titan Quest forum
Halo 3 Forum The best Halo, Halo 2, Halo 3 forum
Nintendo Wii Nintendo Wii news and views
Mac Software The best in OS X freeware
Graphics Forum Your source for graphic tutorials