|
Top Security News |
Computer Security Still Damaged By Social Engineering
Interesting article out of CIO magazine about Vista, and that while it is a highly secure operating system, with some neat things it can do, it still is not invulnerable to those programs that require social engineering to get the user to do something. For as long as there..
Collaborative Information Security Next?
Have anyone ever been on the phone with a client after the job, where the client wants more information, needs a copy of the report, or just wants to spend some time discussing the implications of the report that the company generated for them? The files are...
EBay Launches Web Smart Guide For Safety
According to a recent survey, a lot of Australians feel the online world is becoming a safer place to shop - 76 percent, to be exact. A significant portion - 58 percent - "did not think the industry was doing enough to educate people about security online," though. eBay is trying...
RSS Exposes Users to Attack
ZDNet reports from the Black Hat conference in Las Vegas that security experts are increasingly concerned about the potential for malicious attacks perpetrated through web feeds. SPI Dynamics examined a number of online and offline applications used to read RSS...
RFID Technology Vulnerable To Malware
RFID tags may become commonplace in the future, but not a lot of people are looking forward to widespread implementation. There was already concern that these "smart barcodes" would allow consumers' habits to be more easily tracked, and that the technology could facilitate identity theft. It turns out that RFID...
NSA Eyes Social Networking Sites
It was revealed last month that the National Security Agency has been tracking the phone calls of millions of Americans. Now, according to Newscientist.com, it looks like the agency has plans to expand the program to include the monitoring of social network sites such as MySpace. Individuals often give out all sorts...
Root Kit Hunter
I had a strange problem with one of my own RedHat machines the other day. Very simply, I couldn't su to root, and I couldn't even login at the console as root. I hadn't forgotten the password, but the system just wouldn't let me in. As it happened, I didn't have time...
|
|
|
12.21.06
Allchin Disputes Sophos Vista Claims
 By
David Utter
After the Sophos security firm claimed three of the top ten pieces of malware in the wild in November 2006 could affect the new Vista operating system, Microsoft executive Jim Allchin had his engineers investigate the claim.
Even though the trio of current threats have been aimed at the existing Windows XP/2000 OS, some investigating by Sophos determined they could also be an issue for Vista.
"There has been much speculation about whether Vista would render existing malware extinct, and the news is now in - it won't," Sophos' Carole Theriault said in their report. With default settings and no third-party software in place, they found that W32/Stratio-Zip and two other viruses could infect a Vista PC.
Allchin's team at Microsoft followed this up with some tests and came up with a different result.
"What we found was that if you are using only the software in Windows Vista (e.g., Windows Mail and no add-on security software), then you are immune to all ten of the malware threats that Sophos cited," Allchin wrote.
Allchin and Sophos agree on the effectiveness of Windows Mail, the new client arriving with Vista. Both Microsoft and Sophos found that Windows Mail would thwart all ten pieces of malware on the Sophos list.
That was without any third-party security software in place, so Windows Mail gets good marks for its use of new technologies Microsoft developed like Attachment Manager, which debuted in Windows XP SP 2 as Allchin noted.
Here is how he summarized the threats from the malware list used by Sophos:
If you are using Microsoft Outlook or a third-party email client that blocks execution of known executable formats, then a user running Windows Vista is not vulnerable to eight of the ten malware threats. In the case of the ninth piece of malware, Bagle-Zip, the malware is able to run because it uses the .ZIP file format which some mail programs do not block.
In the case of the tenth piece of malware, Mydoom-O, the malware is sometimes able to run because it randomly chooses the file type to which to distribute its payload and sometimes that file type is an executable inside a .ZIP file, which some mail programs do not block. In both cases, this is a function of the e-mail software, not Windows Vista.
That said, even when a user receives a mail infected with Bagle-Zip or Mydoom-O in the .ZIP file format, in order for the malware to affect the system, the user must first explicitly open the .ZIP file and then explicitly run the executable file that's contained inside the .ZIP file -- there is no way for this to happen without two steps of user action. If you happen (to) run a third-party email client that does not block known executable formats, then you may also be vulnerable to Netsky-D.
Sophos noted that the attack vector where Vista is vulnerable comes from the use of web-based email clients. People stuck in the office all day use them to check personal messages, a practice that has caused some companies to ban access to them to cut down on malware threats that could come to those inboxes.
In either case, an antivirus product kept up to date with current signatures and engines will help mitigate these threats. Allchin magnanimously recommends Sophos, along with his company's Windows Live OneCare service.
About the Author:
David Utter is a business and technology writer for SecurityProNews, WebProNews,
and InternetFinancialNews.
|
