Feeds

Security watchers lambast Vista

Malware blocking credentials questioned

Internet Security Threat Report 2014

Windows Vista has only just left the starting blocks but security watchers have wasted no time in challenging claims that it provides improved security defences.

Virus Bulletin, the independent security certification body, has revealed that Microsoft's own anti-virus product, Live OneCare, is among four anti-virus testing products that failed to reach the standard required for approval. McAfee's VirusScan anti-virus software also failed the tough VB100 certification process. Eleven of the 15 products submitted passed the tests.

Virus Bulletin's VB100 tests pit each anti-virus package against a test-set from the WildList database of viruses that are known to be circulating on computers around the world. To earn VB100 certification, products must be able to detect all of these viruses without generating any false alarms when scanning a set of clean files.

Security vendors have had plenty of time to develop Vista products, so there's little excuse for the failure rates unearthed by the test, Virus Bulletin argues.

"With the number of delays that we've seen in Vista's release, there's no excuse for security vendors not to have got their products right by now," said John Hawes, technical consultant at Virus Bulletin. "Security companies voluntarily send in their products for testing and certifying, and I had my head in hands when I saw how poorly tailored some of the products were".

While Vista contains a number of security improvements, notably better anti-spyware defences, additional protection is required. "Although many improvements have been made, Vista cannot fend off today's malware without help from security products," Hawes added.

Unlike other certification schemes, Virus Bulletin tests all products free of charge and does not permit re-testing. Vendors have to get it right first time. The results of the VB100 certification of anti-virus products for Vista can be seen here (free registration required).

The ones that got away

As well as testing firms, Microsoft's rivals have also (more predictably) questioned the security credentials of Vista. Anti-spyware vendor Webroot, for example, criticises "ineffective blocking capabilities" in Windows Defender, a product which competes against Webroot's Spy Sweeper line of anti-spyware products. Webroot also warns of slow (weekly) definition updates, and weak anti-virus capabilities in the default anti-spyware and anti-virus components of Microsoft's Windows Vista and Live OneCare consumer security suite.

In tests conducted by Webroot researchers Windows Defender failed to block 84 per cent of a testing sample-set that included 15 of the most common variations of existing spyware and malware. Threats of various types - including adware, system monitors, keyloggers and trojans - were able to reside on the testing environment undetected by Windows Vista, Webroot reports.

Kaspersky Lab, meanwhile, praises Microsoft's efforts to enhance security as a positive step towards protecting against malicious threats while questioning whether the current security functions implemented in Vista can remove the need for third-party security software.

Kaspersky finds several key security aspects of Vista - including User Account Control, PatchGuard and Internet Explorer 7 security features - full of shortcomings. The User Account Control means that any user has minimal rights and any "suspicious" activity results in either a request for confirmation or a request to enter a password.

But Alisa Shevchenko, virus analyst at Kaspersky. warns that a large number of harmless actions can be classed 'suspicious', even if they turn out not to be malicious. The feature is likely to generate so many alerts that a users will either disable the security feature or enter the Administrator password, according to Kaspersky.

The PatchGuard function monitors modifications to the core system. But as with the User Account Control function, it might be evaded or disabled. Kaspersky Lab says that PatchGuard's protection against rootkits is incomplete, even ignoring the fact that the technology only applies to 64 bit systems.

Kaspersky also describes Internet Explorer 7 security features (such as protected mode, ActiveX Opt-in and Cross-Domain Scripting Attack Prevention) as an improvement but an incomplete defence against malware. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
Google+ goes TITSUP. But WHO knew? How long? Anyone ... Hello ...
Wobbly Gmail, Contacts, Calendar on the other hand ...
Preview redux: Microsoft ships new Windows 10 build with 7,000 changes
Latest bleeding-edge bits borrow Action Center from Windows Phone
Microsoft promises Windows 10 will mean two-factor auth for all
Sneak peek at security features Redmond's baking into new OS
Google opens Inbox – email for people too thick to handle email
Print this article out and give it to someone tech-y if you get stuck
UNIX greybeards threaten Debian fork over systemd plan
'Veteran Unix Admins' fear desktop emphasis is betraying open source
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
Redmond top man Satya Nadella: 'Microsoft LOVES Linux'
Open-source 'love' fairly runneth over at cloud event
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.