Antivirus experts from Kaspersky Labs have predicted that 90 percent of current malware will run on Microsoft's latest operating system, Windows Vista.
Although at the moment Vista appears to be more secure than previous Windows operating systems, Kaspersky researchers warned last week that as Vista becomes more popular, it will increasingly become a target for hackers. "We're not asking whether vulnerabilities will be found, but when," said Alexander Gostev, principal antivirus researcher for Kaspersky.
According to Gostev, one of the first pieces of the operating system to be attacked will be PatchGuard, the code that protects the Vista kernel. "One of the first things to be targeted will be the technology which is meant to make getting access to the kernel more difficult," said Gostev. "Particularly because there are already approaches for evaluating this technology."
PatchGuard, or kernel patch protection, attempts to protect the Vista kernel from unauthorized modification. It will lock down the system if it detects an unauthorized patch of certain kernel data structures or code.
In the summer, rootkit researcher Joanna Rutkowska demonstrated a signed driver requirement bypass at Defcon 2006. Hackers could try to install malware directly to the kernel using this method as drivers run in kernel space, and the signed driver requirement can be programatically disabled fairly simply.
Another target for hackers will be the system of user privileges--User Account Control (UAC), which can be used to restrict users' administrative rights. For example, it could prevent them from downloading executable code. The probable attack vector will be Internet Explorer 7 (IE7), the web browser bundled with Vista, said Gostev.
"In IE7 Microsoft fixed old vulnerabilities, but new vulnerabilities are being found. Hackers and virus writers will attempt to get around user defences by exploiting the browser," said Gostev. He added that it is already possible to circumvent UAC.
"There are tens of thousands of viruses which are fully functional just under a user account. Nine out of 10 contemporary viruses will function under Vista--overall UAC will not make much difference. Users still have the right to send and receive e-mail--hackers will program e-mail worms."
Gostev predicted that UAC would not be popular with users anyway, as they would find it too restrictive. "Users are not going to want to work within a restrictive system. They'll disable anything which says you can't download, you can't install. There's always going to be the human factor--people always get in there and disable stuff they don't like," said Gostev.
Play video
Despite recent comments regarding potential security flaws in Vista, we should note that Vista is likely be more secure than former Microsoft operating systems, which is surely a step forward. We should also bear in mind the old chestnut that there is no such thing as 100% security, and I think it would be naïve for anyone to expect Vista to be flawless from a security perspective.
I wouldn't be surprised to see an increasing number of comments regarding vulnerabilities in the Vista operating system over the coming weeks and months. As Microsoft is touting the product as secure it will be even more of a target for attackers than Microsoft products usually are. All the more need, therefore, for users to ensure a proactive, holistic approach to security; combining the use of well-configured and maintained security solutions with security best practise and some good old-fashioned common sense.
Steve Matthews, security advisor at Context Information Security.
Posted by Steve Matthews, CONTEXT on Monday, December 18 2006 05:13 AM