Feeds

Security watchers lambast Vista

Malware blocking credentials questioned

Secure remote control for conventional and virtual desktops

Windows Vista has only just left the starting blocks but security watchers have wasted no time in challenging claims that it provides improved security defences.

Virus Bulletin, the independent security certification body, has revealed that Microsoft's own anti-virus product, Live OneCare, is among four anti-virus testing products that failed to reach the standard required for approval. McAfee's VirusScan anti-virus software also failed the tough VB100 certification process. Eleven of the 15 products submitted passed the tests.

Virus Bulletin's VB100 tests pit each anti-virus package against a test-set from the WildList database of viruses that are known to be circulating on computers around the world. To earn VB100 certification, products must be able to detect all of these viruses without generating any false alarms when scanning a set of clean files.

Security vendors have had plenty of time to develop Vista products, so there's little excuse for the failure rates unearthed by the test, Virus Bulletin argues.

"With the number of delays that we've seen in Vista's release, there's no excuse for security vendors not to have got their products right by now," said John Hawes, technical consultant at Virus Bulletin. "Security companies voluntarily send in their products for testing and certifying, and I had my head in hands when I saw how poorly tailored some of the products were".

While Vista contains a number of security improvements, notably better anti-spyware defences, additional protection is required. "Although many improvements have been made, Vista cannot fend off today's malware without help from security products," Hawes added.

Unlike other certification schemes, Virus Bulletin tests all products free of charge and does not permit re-testing. Vendors have to get it right first time. The results of the VB100 certification of anti-virus products for Vista can be seen here (free registration required).

The ones that got away

As well as testing firms, Microsoft's rivals have also (more predictably) questioned the security credentials of Vista. Anti-spyware vendor Webroot, for example, criticises "ineffective blocking capabilities" in Windows Defender, a product which competes against Webroot's Spy Sweeper line of anti-spyware products. Webroot also warns of slow (weekly) definition updates, and weak anti-virus capabilities in the default anti-spyware and anti-virus components of Microsoft's Windows Vista and Live OneCare consumer security suite.

In tests conducted by Webroot researchers Windows Defender failed to block 84 per cent of a testing sample-set that included 15 of the most common variations of existing spyware and malware. Threats of various types - including adware, system monitors, keyloggers and trojans - were able to reside on the testing environment undetected by Windows Vista, Webroot reports.

Kaspersky Lab, meanwhile, praises Microsoft's efforts to enhance security as a positive step towards protecting against malicious threats while questioning whether the current security functions implemented in Vista can remove the need for third-party security software.

Kaspersky finds several key security aspects of Vista - including User Account Control, PatchGuard and Internet Explorer 7 security features - full of shortcomings. The User Account Control means that any user has minimal rights and any "suspicious" activity results in either a request for confirmation or a request to enter a password.

But Alisa Shevchenko, virus analyst at Kaspersky. warns that a large number of harmless actions can be classed 'suspicious', even if they turn out not to be malicious. The feature is likely to generate so many alerts that a users will either disable the security feature or enter the Administrator password, according to Kaspersky.

The PatchGuard function monitors modifications to the core system. But as with the User Account Control function, it might be evaded or disabled. Kaspersky Lab says that PatchGuard's protection against rootkits is incomplete, even ignoring the fact that the technology only applies to 64 bit systems.

Kaspersky also describes Internet Explorer 7 security features (such as protected mode, ActiveX Opt-in and Cross-Domain Scripting Attack Prevention) as an improvement but an incomplete defence against malware. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
ONE MILLION people already running Windows 10
A third of them are doing it in VMs, but early feedback focuses on frippery
Sign off my IT project or I’ll PHONE your MUM
Honestly, it’s a piece of piss
Netscape Navigator - the browser that started it all - turns 20
It was 20 years ago today, Marc Andreeesen taught the band to play
Torvalds CONFESSES: 'I'm pretty good at alienating devs'
Admits to 'a metric ****load' of mistakes during work with Linux collaborators
Sway: Microsoft's new Office app doesn't have an Undo function
Content aggregation, meet the workplace ... oh
Do Moan! MONSTER 6-day EMAIL OUTAGE hits Domain Monster
Customers freaked out by frightful service
Ploppr: The #VultureTRENDING App of the Now
This organic crowd sourced viro- social fertiliser just got REAL
Return of the Jedi – Apache reclaims web server crown
.london, .hamburg and .公司 - that's .com in Chinese - storm the web server charts
NetWare sales revive in China thanks to that man Snowden
If it ain't Microsoft, it's in fashion behind the Great Firewall
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.