Kaspersky predicts Vista security holes

Kaspersky predicts Vista security holes

Summary: Windows Vista kernel will be the main target for hackers, and the user privileges system will be undermined by the users themselves, forecasts Kaspersky

SHARE:
TOPICS: Security
2

Antivirus experts from Kaspersky Labs have predicted that 90 percent of current malware will run on Microsoft's latest operating system, Windows Vista.

Although at the moment Vista appears to be more secure than previous Windows operating systems, Kaspersky researchers warned last week that as Vista becomes more popular, it will increasingly become a target for hackers. "We're not asking whether vulnerabilities will be found, but when," said Alexander Gostev, principal antivirus researcher for Kaspersky.

According to Gostev, one of the first pieces of the operating system to be attacked will be PatchGuard, the code that protects the Vista kernel. "One of the first things to be targeted will be the technology which is meant to make getting access to the kernel more difficult," said Gostev. "Particularly because there are already approaches for evaluating this technology."

PatchGuard, or kernel patch protection, attempts to protect the Vista kernel from unauthorised modification. It will lock down the system if it detects an unauthorised patch of certain kernel data structures or code.

In the summer, rootkit researcher Joanna Rutkowska demonstrated a signed driver requirement bypass at Defcon 2006. Hackers could try to install malware directly to the kernel using this method as drivers run in kernel space, and the signed driver requirement can be programatically disabled fairly simply.

Another target for hackers will be the system of user privileges — User Account Control (UAC), which can be used to restrict users' administrative rights. For example, it could prevent them from downloading executable code. The probable attack vector will be Internet Explorer 7 (IE7), the web browser bundled with Vista, said Gostev.

"In IE7 Microsoft fixed old vulnerabilities, but new vulnerabilities are being found. Hackers and virus writers will attempt to get around user defences by exploiting the browser," said Gostev. He added that it is already possible to circumvent UAC.

"There are tens of thousands of viruses which are fully functional just under a user account. Nine out of 10 contemporary viruses will function under Vista — overall UAC will not make much difference. Users still have the right to send and receive email — hackers will program email worms."

Gostev predicted that UAC would not be popular with users anyway, as they would find it too restrictive. "Users are not going to want to work within a restrictive system. They'll disable anything which says you can't download, you can't install. There's always going to be the human factor — people always get in there and disable stuff they don't like," said Gostev.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Vista security claims make it prime target

    Despite recent comments regarding potential security flaws in Vista, we should note that Vista is likely be more secure than former Microsoft operating systems, which is surely a step forward. We should also bear in mind the old chestnut that there is no such thing as 100% security, and I think it would be na
    ContextIS
  • Vista security claims make it prime target

    Despite recent comments regarding potential security flaws in Vista, we should note that Vista is likely be more secure than former Microsoft operating systems, which is surely a step forward. We should also bear in mind the old chestnut that there is no such thing as 100% security, and I think it would be na
    ContextIS