This article is more than 1 year old

Security watchers lambast Vista

Malware blocking credentials questioned

Windows Vista has only just left the starting blocks but security watchers have wasted no time in challenging claims that it provides improved security defences.

Virus Bulletin, the independent security certification body, has revealed that Microsoft's own anti-virus product, Live OneCare, is among four anti-virus testing products that failed to reach the standard required for approval. McAfee's VirusScan anti-virus software also failed the tough VB100 certification process. Eleven of the 15 products submitted passed the tests.

Virus Bulletin's VB100 tests pit each anti-virus package against a test-set from the WildList database of viruses that are known to be circulating on computers around the world. To earn VB100 certification, products must be able to detect all of these viruses without generating any false alarms when scanning a set of clean files.

Security vendors have had plenty of time to develop Vista products, so there's little excuse for the failure rates unearthed by the test, Virus Bulletin argues.

"With the number of delays that we've seen in Vista's release, there's no excuse for security vendors not to have got their products right by now," said John Hawes, technical consultant at Virus Bulletin. "Security companies voluntarily send in their products for testing and certifying, and I had my head in hands when I saw how poorly tailored some of the products were".

While Vista contains a number of security improvements, notably better anti-spyware defences, additional protection is required. "Although many improvements have been made, Vista cannot fend off today's malware without help from security products," Hawes added.

Unlike other certification schemes, Virus Bulletin tests all products free of charge and does not permit re-testing. Vendors have to get it right first time. The results of the VB100 certification of anti-virus products for Vista can be seen here (free registration required).

The ones that got away

As well as testing firms, Microsoft's rivals have also (more predictably) questioned the security credentials of Vista. Anti-spyware vendor Webroot, for example, criticises "ineffective blocking capabilities" in Windows Defender, a product which competes against Webroot's Spy Sweeper line of anti-spyware products. Webroot also warns of slow (weekly) definition updates, and weak anti-virus capabilities in the default anti-spyware and anti-virus components of Microsoft's Windows Vista and Live OneCare consumer security suite.

In tests conducted by Webroot researchers Windows Defender failed to block 84 per cent of a testing sample-set that included 15 of the most common variations of existing spyware and malware. Threats of various types - including adware, system monitors, keyloggers and trojans - were able to reside on the testing environment undetected by Windows Vista, Webroot reports.

Kaspersky Lab, meanwhile, praises Microsoft's efforts to enhance security as a positive step towards protecting against malicious threats while questioning whether the current security functions implemented in Vista can remove the need for third-party security software.

Kaspersky finds several key security aspects of Vista - including User Account Control, PatchGuard and Internet Explorer 7 security features - full of shortcomings. The User Account Control means that any user has minimal rights and any "suspicious" activity results in either a request for confirmation or a request to enter a password.

But Alisa Shevchenko, virus analyst at Kaspersky. warns that a large number of harmless actions can be classed 'suspicious', even if they turn out not to be malicious. The feature is likely to generate so many alerts that a users will either disable the security feature or enter the Administrator password, according to Kaspersky.

The PatchGuard function monitors modifications to the core system. But as with the User Account Control function, it might be evaded or disabled. Kaspersky Lab says that PatchGuard's protection against rootkits is incomplete, even ignoring the fact that the technology only applies to 64 bit systems.

Kaspersky also describes Internet Explorer 7 security features (such as protected mode, ActiveX Opt-in and Cross-Domain Scripting Attack Prevention) as an improvement but an incomplete defence against malware. ®

More about

TIP US OFF

Send us news


Other stories you might like