Vista takes a serious stab at malware

The combination of Windows Vista and Internet Explorer 7 will make existing malware obsolete.
Written by George Ou, Contributor

There has been a lot of news and debate on the topic of Windows Vista and its effectiveness on spyware.  Suzi Turner asked in her blog:  Will Windows Vista make spyware a thing of the past?  I have a problem with this particular question in the way that it's framed because it sets up an impossible goal that will lead to failure before Vista even get's started.  I say this is because nothing will ever completely stop spyware or any type of malicious software in general.  It's like asking if an improved police force will make crime a thing of the past and that's obviously not a very realistic goal since crime has existed before the existence of civilization.  Malware is simply an evolution of crime in to cyberspace and it's here to stay.  The question is will Vista make spyware in its current form a thing of the past and it appears to be headed in that direction.

Now that the use of Firewalls are more common with the proliferation of Windows XP SP2 and all the various types of Broadband sharing devices, it has become more difficult to directly infect computers with remote exploits.  The preferred method is to take advantage of unpatched Web Browser exploits in the ubiquitous Internet Explorer.  With Windows XP and every desktop Windows before it, the problem is compounded by the fact that Windows default user permissions were set as Administrator.  That means that as soon as any malicious software executes, it has all the privileges it needs to embed itself deep in to the operating system and establish a permanent presence.  Contrast this with Linux and Macintosh operating systems where default user permissions are not Root or Administrator and it's easy to see why Windows in its current state is the most exploitable platform regardless of the fact that Microsoft may even be ahead of the Mac or Linux in reducing flaws for its software.  Now add to the fact that there is a high predictability that any computer on the planet will likely have Windows and Internet Explorer running on it, it's easy to see why Windows is the preferred malware platform.

Vista not only seeks to narrow the gap in this glaring weakness, it may even leap ahead in its user permission model with UAP (User Account Protection).  If we look at recent exploits in Mac OS X involving malicious code execution, the code that executes isn't able to affect the system files but has full read and write access to the user's files and it may even attempt to escalate its privileges.  While the corruption of system files and the OS is cause for some major headaches because you may have to reinstall the OS, user files are priceless and can't simply be reinstalled.  Even in the rare case that a user is completely backed up, it still doesn't solve the problem of data theft.  Vista goes a step further and separates Internet Explorer 7 runtime permissions from user permissions so that in the event IE7 is ever compromised, it will have no access to the user files.  Even if a key logger is executed in this scenario, it will not be able to capture keyboard input to the OS or any other application and will be limited to character input to that browser session only.  This means that the combination of Vista and Internet Explorer 7 will for the first time give Windows an advantage over its rivals.

This will have a dramatic affect on the malware industry because all of their existing malware code is obsolete with Windows Vista.  There won't be any more easy drive-by installations of malware and hackers will have to explicitly trick a user in to running their malicious code and grant it administrative privileges.  While there will always be a certain percentage of the population that are susceptible to this form of social engineering, it is a vast improvement to the current situation.  While many consumers may be tricked in to launching malicious code, Vista will at least offer a second chance to stop the exploit when it prompts for the administrator's password.

Editorial standards