Vista "no silver bullet" says Symantec

Stephen Withers
Thursday, 01 March 2007 02:47

Your IT - Home IT

Another concern is that not only are the kernel integrity technologies limited to 64-bit versions of Vista as opposed to the much more commonly used 32-bit versions, they can be permanently disabled: "A potential victim need make only one mistake to become infected by a threat that [permanently disables and removes them]."

Despite the security changes in Vista, Symantec has found that a small percentage of "legacy" malware - backdoors, keyloggers, Trojans, spyware and adware - can successfully execute and survive a system restart under Vista. The figures vary from two to four percent, depending on the category.

"Symantec believes that these percentages would increase dramatically with only minor code changes to make these threats Windows Vista–aware." the company warns, though the good news is that "no kernel-based rootkits were able to successfully install themselves."

So what's ahead?

"Attackers follow security vulnerabilities," notes Symantec, and they are already moving up the stack from operating systems to web applications "where over 78 percent of all new security vulnerabilities reside today."

Similarly, improved protection against traditional network worms has already been in a shift in propagation towards email, peer-to-peer applications and CIFS.

But whatever security technologies are added, a major problem remains between the chair and keyboard: "Symantec continues to see the user as the weakest link link, as social engineering attacks become more elaborate", so presumably education and training will remain an important part of our defences.