Vista vulnerable to malware from 2004

Some of the first security flaws in the full release of Vista have been reported by antivirus vendor Sophos
Written by Tom Espiner, Contributor

Microsoft's Vista may be vulnerable to at least three pieces of widespread malware, two of which date back to 2004 , according to security vendor Sophos.

At least three well-known internet worms — labelled Stratio-Zip, Netsky-D and MyDoom-O by Sophos — are able to execute on the OS, according Sophos.

These worms comprise 39.7 percent of all malware currently in circulation, according to the security vendor. The MyDoom and Netsky variants were first detected back in 2004.

Systems running Vista are vulnerable to the malware when running third-party email clients, according to Sophos. Windows Mail Client — the Vista replacement to Outlook — will block the worms, but businesses running third-party email clients such as Lotus Notes, or that permit web-based mail such as Yahoo or Gmail, could be vulnerable.

Sophos decided to test Vista for resistance to common strains of malware after Microsoft co-president Jim Allchin made a comment that he would be happy for his seven-year-old son to use a locked-down version without antivirus.

"The comment about his seven-year-old spurred our idea — let's see if malware runs on Vista," said Carole Theriault, senior security consultant at Sophos. "It does."

"I'm certainly not going to run Vista without antivirus," Theriault added. "And I wouldn't take the risk with my business. Who knows how many more pieces of malware run on it?"

Windows Mail Client will block these mass-mailers, as it detects double extensions. Some mass mailers try to hide their executable payloads behind another extension — for example a text file. Mail Client will notice both the executable and the text file, and prevent the executable from running, in its default setting. However, Mail Client security features do not apply to third-party email clients, which may not block malware adequately.

Although Sophos is recommending that businesses running XP eventually shift to Vista, as XP is less secure, Theriault said that for the time being businesses considering running Vista will still need to take security precautions.

"Vista is excellent, but it hasn't really changed the security landscape," said Theriault. "You still need antivirus, firewalls and patches at least."

Theriault said it was too early to predict the speed and scale of Vista uptake.

"People will listen to what's going on, and make a decision depending on what suits their environment best. It's too early to say," said Theriault.

These are among the first flaws found in the finalised version of Vista. The Vista kernel was hacked by a Polish security researcher at the Black Hat security conference this year, using virtualisation technologies. Security company Symantec also reported flaws in the Vista kernel in August.

Microsoft was approached for comment on this story but no spokesperson was available.

Editorial standards