By Tom Espiner, 12 December 2006 09:10
NEWS
Antivirus experts from Kaspersky Labs have predicted 90 per cent of current malware will run on Microsoft's latest operating system, Windows Vista.
Although at the moment Vista appears to be more secure than previous Windows operating systems, Kaspersky researchers warned last week that as Vista becomes more popular, it will increasingly become a target for hackers. Alexander Gostev, principal antivirus researcher for Kaspersky, said: "We're not asking whether vulnerabilities will be found but when."
According to Gostev, one of the first pieces of the operating system to be attacked will be PatchGuard, the code that protects the Vista kernel. "One of the first things to be targeted will be the technology which is meant to make getting access to the kernel more difficult," he said. "Particularly because there are already approaches for evaluating this technology."
PatchGuard, or kernel patch protection, attempts to protect the Vista kernel from unauthorised modification. It will lock down the system if it detects an unauthorised patch of certain kernel data structures or code.
In the summer, rootkit researcher Joanna Rutkowska demonstrated a signed driver requirement bypass at Defcon 2006. Hackers could try to install malware directly to the kernel using this method as drivers run in kernel space, and the signed driver requirement can be disabled fairly simply.
Another target for hackers will be the system of user privileges - User Account Control (UAC), which can be used to restrict users' administrative rights. For example, it could prevent them from downloading executable code. The probable attack vector will be Internet Explorer 7, the web browser bundled with Vista, said Gostev.
He said: "In IE 7 Microsoft fixed old vulnerabilities but new vulnerabilities are being found. Hackers and virus writers will attempt to get around user defences by exploiting the browser." He added that it is already possible to circumvent UAC.
Gostev said: "There are tens of thousands of viruses which are fully functional just under a user account. Nine out of 10 contemporary viruses will function under Vista - overall UAC will not make much difference. Users still have the right to send and receive email - hackers will program email worms."
He predicted UAC would not be popular with users anyway, as they would find it too restrictive. "Users are not going to want to work within a restrictive system. They'll disable anything which says you can't download, you can't install. There's always going to be the human factor - people always get in there and disable stuff they don't like," said Gostev.
Tom Espiner writes for ZDNet UK
Comments
There are 2 comments. Join the discussion
1. Richard Davies
Someone should give the Kaspersky pro's a medal for coming up with the following - 'as Vista becomes more popular, it will increasingly become a target for hackers.'
Is this not common sense? You wouldn't try to cause massive global problems etc. by hacking / writing a virus for an OS that is only found on 1 PC now would you.
Microsoft is massively popular and so of course people will target it!
I did a software engineering course and was taught that it is virtually impossible to test all your code within acceptable time frames and so as vulnerabilities / bugs are inevitable but when discovered they are patched...the real test is how quick patches are and how effective they are.
Stories like this always read like others could do better than Microsoft but if this is the case then why is Microsoft still massively ahead of any competition.
2. Steve Matthews, CONTEXT
Despite recent comments regarding potential security flaws in Vista, we should note that Vista is likely be more secure than former Microsoft operating systems, which is surely a step forward. We should also bear in mind the old chestnut that there is no such thing as 100% security, and I think it would be na? for anyone to expect Vista to be flawless from a security perspective.
I wouldn't be surprised to see an increasing number of comments regarding vulnerabilities in the Vista operating system over the coming weeks and months. As Microsoft is touting the product as secure it will be even more of a target for attackers than Microsoft products usually are. All the more need, therefore, for users to ensure a proactive, holistic approach to security; combining the use of well-configured and maintained security solutions with security best practise and some good old-fashioned common sense.
Steve Matthews, security advisor at Context Information Security.