Carole Theriault, senior security consultant at Sophos, talks us through Mircosoft's newest release
Post Date: 10/05/2007
--------------------------------------------------------------------------------
In the years following the release of Windows XP, Microsoft has come under heavy criticism almost every time there has been a major malware (1) outbreak, particularly when it has stemmed from a cyber criminal exploiting a Microsoft flaw. Recognising the need to up its game, Microsoft launched Windows Vista. To reduce vulnerabilities and increase its credibility in the security stakes, Microsoft has introduced a number of new features such as improved monitoring and reporting on security status and improved defences against spyware.
However, convincing the world of Vista‘s resilience was always going to be a big challenge, and unfortunately for Microsoft it was drawn into a flurry of controversy late in 2006 when one of the security features, PatchGuard, incurred the wrath of several key IT security players. Then, on the official Vista launch date, it was uncovered that three of the most prevalent pieces of malware – Stratio-Zip, Netsky-D and MyDoom-O – were actually capable of bypassing the operating system‘s defences and infecting users‘ PCs, without any modification by malware authors. So, given these concerns, how far does Vista really go towards ensuring a truly secure operating environment for businesses?
Several of the security features are essentially expanded versions of those introduced during XP‘s lifespan. Most notable is Windows Security Center (WSC), which runs in the background, monitoring and reporting computer status. WSC has greater integration both with other Vista security features and with third-party security solutions, and now monitors anti-spyware applications as well as automatic updates, internet firewall and anti-virus software. However, in a business environment, the alerts provided by WSC are not sufficient to convey more complex security problems, while some users may find them irritating and choose simply to disable them. Several vendors have also objected that WCS cannot be automatically disabled by installing alternative security solutions – though it should be noted that WCS does not conflict in any way with these products.
The most controversial of the new Vista security features is PatchGuard, Microsoft‘s operating system kernel protection
One of the most important security features in Vista is User Account Control (UAC). It allows standard-user privileges to access a number of low-risk administrative actions, such as changing a time zone or installing a new printer. To perform a specific action considered to be a higher risk, the user is prompted to enter an administrator password and is then prompted to approve any changes prior to the system applying them. Limiting access to sensitive system resources and functions by default, and restricting administrator rights to specific tasks rather than to particular users, the computer is inherently safer from attacks. There have been complaints, however, that the number of password and approval prompts occurs too often and that some of content within the prompts are difficult for non-technical users to understand. Frustrated users even might try to disable UAC, and already there is a number of website with step-by-step instructions on how to do so.
The most controversial of the new Vista security features is PatchGuard, Microsoft‘s operating system kernel protection. PatchGuard has been implemented in 64-bit Vista to prevent rootkits from manipulating the operating system kernel, which can cause serious security breaches and adversely impact on the stability, reliability and performance of the operating system and user applications. Rootkits are often used to hide other potentially unwanted software, such as bots and spyware. PatchGuard prevents rogue drivers from making malicious changes to the kernel, however it has not been added to 32-bit Vista since many programs (including security software) use the kernel space in an undocumented way and Microsoft was concerned about compatibility with the existing application set. This means that 32-bit systems remain vulnerable to rootkit attack. However, a second kernel protection mechanism – mandatory signing of drivers – has been implemented in both 32-bit and 64-bit Vista and can be set to prevent unsigned drivers from loading.
Anti-virus vendors Symantec and McAfee have complained that they are being “locked out” of the Vista 64-bit operating system kernel by PatchGuard, preventing them from continuing to develop pro-active protection against new malware, sometimes referred to as ’host intrusion prevention‘ or ’HIPS‘. This is because they need to be able to make changes inside Microsoft‘s kernel in order to ensure their existing products can support 64-bit versions. Although no software is infallible to hackers or vulnerabilities and vendors will be dependent upon Microsoft to deliver kernel interfaces, the rest of the security industry feels that the additional security offered by a lockdown kernel is a step in the right direction.
Other security improvements include Internet Explorer 7, which offers improved protection against phishing and spoofing attacks (amongst other features), and a new Windows Firewall that adds application-aware outbound filtering and location-based profiles, allowing users to set up different rules based on the network location. On top of this, there‘s improved Wi-Fi security, enhanced encryption and Network Access Protection (NAP), which can be used to prevent rogue or unprotected computers gaining full access to a network (though several of the necessary server components for this are not yet available).
Despite Microsoft's significant investment into its new version of Windows, it is by no means an infallible operating system, proven by the fact that even some existing viruses can still run on it. Microsoft will need to improve its malware expertise and support services, operating system coverage, and central management capabilities in order to meet the needs of business users. That said, Vista does bring a number of positive improvements providing increased security against malware. Vista certainly represents a viable option for companies who want to bolster their level of IT security protection, and in the fight against cybercrime, every little helps.
source link: http://www.newbusiness.co.uk/article/10/05/2007/Sophos_article.html
==========
(1) malware: (勒索軟體 ) is software designed to infiltrate or damage a computer system without the owner's informed consent. It is a portmanteau of the words "malicious" and "software". The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.
ref link: http://en.wikipedia.org/wiki/Malware
