Feeds

Security watchers lambast Vista

Malware blocking credentials questioned

Using blade systems to cut costs and sharpen efficiencies

Windows Vista has only just left the starting blocks but security watchers have wasted no time in challenging claims that it provides improved security defences.

Virus Bulletin, the independent security certification body, has revealed that Microsoft's own anti-virus product, Live OneCare, is among four anti-virus testing products that failed to reach the standard required for approval. McAfee's VirusScan anti-virus software also failed the tough VB100 certification process. Eleven of the 15 products submitted passed the tests.

Virus Bulletin's VB100 tests pit each anti-virus package against a test-set from the WildList database of viruses that are known to be circulating on computers around the world. To earn VB100 certification, products must be able to detect all of these viruses without generating any false alarms when scanning a set of clean files.

Security vendors have had plenty of time to develop Vista products, so there's little excuse for the failure rates unearthed by the test, Virus Bulletin argues.

"With the number of delays that we've seen in Vista's release, there's no excuse for security vendors not to have got their products right by now," said John Hawes, technical consultant at Virus Bulletin. "Security companies voluntarily send in their products for testing and certifying, and I had my head in hands when I saw how poorly tailored some of the products were".

While Vista contains a number of security improvements, notably better anti-spyware defences, additional protection is required. "Although many improvements have been made, Vista cannot fend off today's malware without help from security products," Hawes added.

Unlike other certification schemes, Virus Bulletin tests all products free of charge and does not permit re-testing. Vendors have to get it right first time. The results of the VB100 certification of anti-virus products for Vista can be seen here (free registration required).

The ones that got away

As well as testing firms, Microsoft's rivals have also (more predictably) questioned the security credentials of Vista. Anti-spyware vendor Webroot, for example, criticises "ineffective blocking capabilities" in Windows Defender, a product which competes against Webroot's Spy Sweeper line of anti-spyware products. Webroot also warns of slow (weekly) definition updates, and weak anti-virus capabilities in the default anti-spyware and anti-virus components of Microsoft's Windows Vista and Live OneCare consumer security suite.

In tests conducted by Webroot researchers Windows Defender failed to block 84 per cent of a testing sample-set that included 15 of the most common variations of existing spyware and malware. Threats of various types - including adware, system monitors, keyloggers and trojans - were able to reside on the testing environment undetected by Windows Vista, Webroot reports.

Kaspersky Lab, meanwhile, praises Microsoft's efforts to enhance security as a positive step towards protecting against malicious threats while questioning whether the current security functions implemented in Vista can remove the need for third-party security software.

Kaspersky finds several key security aspects of Vista - including User Account Control, PatchGuard and Internet Explorer 7 security features - full of shortcomings. The User Account Control means that any user has minimal rights and any "suspicious" activity results in either a request for confirmation or a request to enter a password.

But Alisa Shevchenko, virus analyst at Kaspersky. warns that a large number of harmless actions can be classed 'suspicious', even if they turn out not to be malicious. The feature is likely to generate so many alerts that a users will either disable the security feature or enter the Administrator password, according to Kaspersky.

The PatchGuard function monitors modifications to the core system. But as with the User Account Control function, it might be evaded or disabled. Kaspersky Lab says that PatchGuard's protection against rootkits is incomplete, even ignoring the fact that the technology only applies to 64 bit systems.

Kaspersky also describes Internet Explorer 7 security features (such as protected mode, ActiveX Opt-in and Cross-Domain Scripting Attack Prevention) as an improvement but an incomplete defence against malware. ®

The smart choice: opportunity from uncertainty

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Chrome browser has been DRAINING PC batteries for YEARS
Google is only now fixing ancient, energy-sapping bug
Do YOU work at Microsoft? Um. Are you SURE about that?
Nokia and marketing types first to get the bullet, says report
Microsoft takes on Chromebook with low-cost Windows laptops
Redmond's chief salesman: We're taking 'hard' decisions
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
Big Blue Apple: IBM to sell iPads, iPhones to enterprises
iOS/2 gear loaded with apps for big biz ... uh oh BlackBerry
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.