[ insider_reports_insider ]
Allchin Disputes Sophos Vista Claims
David Utter
Staff Writer
2006-12-20
 Insider Reports RSS Feed
After the Sophos security firm claimed three of the top ten pieces of malware in the wild in November 2006 could affect the new Vista operating system, Microsoft executive Jim Allchin had his engineers investigate the claim.
 | | Allchin Disputes Sophos Vista Claims |  |
Even though the trio of current threats have been aimed at the existing Windows XP/2000 OS, some investigating by Sophos determined they could also be an issue for Vista.
"There has been much speculation about whether Vista would render existing malware extinct, and the news is now in - it won't," Sophos' Carole Theriault said in their report. With default settings and no third-party software in place, they found that W32/Stratio-Zip and two other viruses could infect a Vista PC.
Allchin's team at Microsoft followed this up with some tests and came up with a different result.
"What we found was that if you are using only the software in Windows Vista (e.g., Windows Mail and no add-on security software), then you are immune to all ten of the malware threats that Sophos cited," Allchin wrote.
Allchin and Sophos agree on the effectiveness of Windows Mail, the new client arriving with Vista. Both Microsoft and Sophos found that Windows Mail would thwart all ten pieces of malware on the Sophos list.
That was without any third-party security software in place, so Windows Mail gets good marks for its use of new technologies Microsoft developed like Attachment Manager, which debuted in Windows XP SP 2 as Allchin noted.
Here is how he summarized the threats from the malware list used by Sophos:
If you are using Microsoft Outlook or a third-party email client that blocks execution of known executable formats, then a user running Windows Vista is not vulnerable to eight of the ten malware threats. In the case of the ninth piece of malware, Bagle-Zip, the malware is able to run because it uses the .ZIP file format which some mail programs do not block.
In the case of the tenth piece of malware, Mydoom-O, the malware is sometimes able to run because it randomly chooses the file type to which to distribute its payload and sometimes that file type is an executable inside a .ZIP file, which some mail programs do not block. In both cases, this is a function of the e-mail software, not Windows Vista.
That said, even when a user receives a mail infected with Bagle-Zip or Mydoom-O in the .ZIP file format, in order for the malware to affect the system, the user must first explicitly open the .ZIP file and then explicitly run the executable file that's contained inside the .ZIP file -- there is no way for this to happen without two steps of user action. If you happen (to) run a third-party email client that does not block known executable formats, then you may also be vulnerable to Netsky-D.
Sophos noted that the attack vector where Vista is vulnerable comes from the use of web-based email clients. People stuck in the office all day use them to check personal messages, a practice that has caused some companies to ban access to them to cut down on malware threats that could come to those inboxes.
In either case, an antivirus product kept up to date with current signatures and engines will help mitigate these threats. Allchin magnanimously recommends Sophos, along with his company's Windows Live OneCare service.
---
Tag: Vista
Add to  Del.icio.us |  Digg |  Reddit |  Furl
Get all the updates - 
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
