Vista presents security concerns, claims McAfee

25 May 2007

Microsoft’s Vista operating system could pose its own set of security concerns, researchers at software security firm McAfee have claimed.

While acknowledging that Vista is a step forward and that Microsoft has done a lot to make it more stable and secure, Toralv Dirro, researcher wth McAfee’s Avert Labs, said it presents its own unique set of problems.

“With Vista, Microsoft made it very difficult for protection software to really hook up people with the operating system to have full control over that machine,” said Dirro. “If some malware breaks into Vista and targets this kind of access then it’s in complete control of the system and in control over the security software that is running there. Then it becomes absolutely impossible to detect that malware once it has taken control.”

He also expressed concern that people will be lulled into a false sense of security by the claims being made about Vista’s high level of security, which he remarked might lead some people to desist from using antivirus software, firewalls and “common sense”.

“Now that everyone is thinking Vista is very secure maybe they’re also thinking: ‘Why do I need that firewall?’ People might not install antivirus and keep it updated or use common sense when downloading things off the internet.

“What hackers really want is not control over the system but control over the data,” he added. “Even if malware cannot take full use of the machine the hacker can still steal all the data he’s interested in. That could be a real danger if people perceive the system as so secure they stop thinking. It took years for them to start thinking about security and that could change for the worse.”

He pointed out that a lot of people are looking into hacking Vista and there is a lot of money to be made from this type of activity.

“No matter what they build into the operating system of Vista the malware writer is going to find a way to shut it down or circumvent it,” added Dave Marcus, researcher, Avert Labs, McAfee.

By Niall Byrne