iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > News > Security News > Symantec Breaks Down Vista Security
Search:
[ news_security_news ]

Symantec Breaks Down Vista Security



David Utter
Staff Writer
2007-02-28

SecurityProNews: Insider Reports Insider Reports RSS Feed


The security company has been looking into Windows Vista since 2005, and published an assessment of its security implications.

As a caveat, one of Symantec's Vista articles regarding User Account Control (UAC) has been disputed as to its potential impact. Symantec has provided a new set of documents that reflect the research they have performed to determine just how secure Vista may be.

The company separated Vista's security improvements into three categories:

Generic kernel mitigation
Kernel integrity
System integrity and user-mode defenses

The generic kernel methods in place would impact some of the more common vectors used by attackers. Symantec thinks Vista would "successfully inhibit the exploitation of memory corruption and memory manipulation vulnerabilities."

If that is the case, situations like stack buffer and heap overflows would be stopped in Vista, negating what had been a potent vector for many malicious worms.

Maintaining the integrity of the kernel means keeping rootkits from taking hold in Vista. Symantec cited three technologies deployed by Microsoft as investments in improving kernel security; these are only present in the 64-bit versions of Windows Vista:

Driver signing
Code Integrity
PatchGuard

Driver signing and Code Integrity require verification of kernel drivers and core operating system binaries. These methods aim to keep malicious code out of the heart of the OS, and detect any code tampering that may have taken place.

Symantec called PatchGuard "the most controversial" of the group. It prevents key OS structures from being patched or extended in kernel memory. PatchGuard's techniques are used both by security vendors like Symantec, and by rootkit creators.

The possibility for attackers to subvert PatchGuard exist. Symantec feels that PatchGuard "may not provide a meaningful defense" against a determined attacker.

With the system integrity and user-mode defenses, Microsoft wants to achieve the most software functionality with the least privileges needed by the Vista user. Fewer available privileges means an exploit that hits a system would have less impact than one operating otherwise.

Symantec against touched on the UAC issue, which we noted above has been questioned as to its likelihood of being part of a chain leading to an exploit. The greater concern comes from the ability of users to turn off security functions like UAC.

A home user would be much more likely to do this, finding a continual barrage of popups annoying and shutting them off. In an enterprise, administrators can prevent users from doing this.

Symantec also claimed that in its research, legacy malicious code could still cause problems for Vista:

The results showed that 3 percent of backdoors can successfully execute and survive a system restart on Windows Vista without modification. Other categories include keyloggers, of which 4 percent can successfully execute and survive a system restart, mass mailers (4 percent), Trojans (2 percent), spyware (2 percent), and adware (2 percent).

Symantec believes that these percentages would increase dramatically with only minor code changes to make these threats Windows Vista-aware, in turn allowing them to run successfully within the new Windows Vista security model.
The study did note that no kernel-based rootkits were able to install themselves. That was attributed to the reduced privilege set needed to run applications.

But applications pose another concern. As the operating system has become harder to crack, attackers have continued to shift their efforts to the application stack instead, because that is where the vulnerabilities exist.

However, worms that caused widespread infections, like Sasser and Melissa, should have much less impact than they did before Vista. But Symantec does not believe Vista's improvements will stop other types of malicious code that targets the OS, and the user will be to blame:

Symantec continues to see the user as the weakest link, as social engineering attacks become more elaborate in order to undermine the security technologies within Windows Vista. Symantec also predicts that that the greatest exposure to risk will come from third-party software, which is less likely to employ all the security features available - at least in the short to medium term.

---
Tags: , , ,

Add to Del.icio.us | Digg | Reddit | Furl

Get all the SecurityProNews updates:


About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More news_security_news Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds