Feeds

Security watchers lambast Vista

Malware blocking credentials questioned

Intelligent flash storage arrays

Windows Vista has only just left the starting blocks but security watchers have wasted no time in challenging claims that it provides improved security defences.

Virus Bulletin, the independent security certification body, has revealed that Microsoft's own anti-virus product, Live OneCare, is among four anti-virus testing products that failed to reach the standard required for approval. McAfee's VirusScan anti-virus software also failed the tough VB100 certification process. Eleven of the 15 products submitted passed the tests.

Virus Bulletin's VB100 tests pit each anti-virus package against a test-set from the WildList database of viruses that are known to be circulating on computers around the world. To earn VB100 certification, products must be able to detect all of these viruses without generating any false alarms when scanning a set of clean files.

Security vendors have had plenty of time to develop Vista products, so there's little excuse for the failure rates unearthed by the test, Virus Bulletin argues.

"With the number of delays that we've seen in Vista's release, there's no excuse for security vendors not to have got their products right by now," said John Hawes, technical consultant at Virus Bulletin. "Security companies voluntarily send in their products for testing and certifying, and I had my head in hands when I saw how poorly tailored some of the products were".

While Vista contains a number of security improvements, notably better anti-spyware defences, additional protection is required. "Although many improvements have been made, Vista cannot fend off today's malware without help from security products," Hawes added.

Unlike other certification schemes, Virus Bulletin tests all products free of charge and does not permit re-testing. Vendors have to get it right first time. The results of the VB100 certification of anti-virus products for Vista can be seen here (free registration required).

The ones that got away

As well as testing firms, Microsoft's rivals have also (more predictably) questioned the security credentials of Vista. Anti-spyware vendor Webroot, for example, criticises "ineffective blocking capabilities" in Windows Defender, a product which competes against Webroot's Spy Sweeper line of anti-spyware products. Webroot also warns of slow (weekly) definition updates, and weak anti-virus capabilities in the default anti-spyware and anti-virus components of Microsoft's Windows Vista and Live OneCare consumer security suite.

In tests conducted by Webroot researchers Windows Defender failed to block 84 per cent of a testing sample-set that included 15 of the most common variations of existing spyware and malware. Threats of various types - including adware, system monitors, keyloggers and trojans - were able to reside on the testing environment undetected by Windows Vista, Webroot reports.

Kaspersky Lab, meanwhile, praises Microsoft's efforts to enhance security as a positive step towards protecting against malicious threats while questioning whether the current security functions implemented in Vista can remove the need for third-party security software.

Kaspersky finds several key security aspects of Vista - including User Account Control, PatchGuard and Internet Explorer 7 security features - full of shortcomings. The User Account Control means that any user has minimal rights and any "suspicious" activity results in either a request for confirmation or a request to enter a password.

But Alisa Shevchenko, virus analyst at Kaspersky. warns that a large number of harmless actions can be classed 'suspicious', even if they turn out not to be malicious. The feature is likely to generate so many alerts that a users will either disable the security feature or enter the Administrator password, according to Kaspersky.

The PatchGuard function monitors modifications to the core system. But as with the User Account Control function, it might be evaded or disabled. Kaspersky Lab says that PatchGuard's protection against rootkits is incomplete, even ignoring the fact that the technology only applies to 64 bit systems.

Kaspersky also describes Internet Explorer 7 security features (such as protected mode, ActiveX Opt-in and Cross-Domain Scripting Attack Prevention) as an improvement but an incomplete defence against malware. ®

Intelligent flash storage arrays

More from The Register

next story
Euro Parliament VOTES to BREAK UP GOOGLE. Er, OK then
It CANNA do it, captain.They DON'T have the POWER!
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
Post-Microsoft, post-PC programming: The portable REVOLUTION
Code jockeys: count up and grab your fabulous tablets
Twitter App Graph exposes smartphone spyware feature
You don't want everyone to compile app lists from your fondleware? BAD LUCK
Microsoft adds video offering to Office 365. Oh NOES, you'll need Adobe Flash
Lovely presentations... but not on your Flash-hating mobe
prev story

Whitepapers

Free virtual appliance for wire data analytics
The ExtraHop Discovery Edition is a free virtual appliance will help you to discover the performance of your applications across the network, web, VDI, database, and storage tiers.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
The total economic impact of Druva inSync
Examining the ROI enterprises may realize by implementing inSync, as they look to improve backup and recovery of endpoint data in a cost-effective manner.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.