To its customers, Symantec is a big-brand security company, famous for its desktop anti-malware software. To journalists it is becoming better known for another noble endeavour – attempting to rip the heck out of Windows Vista’s security.
The issue of Vista’s security pros and cons is a complex one, but the most important question is still the simplest one imaginable: how much of today’s malware could cause the same problems on Vista as it would on its predecessor, XP?
According to finger-pointer-in-chief, Symantec’s Orlando Padilla, a surprising amount of it works to some extent, depending on how one defines the word “worked”. Using a meaningful number of sample Rootkits, keyloggers, backdoors and Trojans, high numbers were able to execute, but only 2-5 percent were able to do so to the extent of surviving a reboot, or being able to write to the registry. Vista was able to stop the overwhelming majority because of the security design of its user access control (UAC).
That’s all well and good, but Padilla did spot one troubling issue: The Windows firewall blocks all communications out of the PC (most malware depends on such communication), but does so using a set of privileges that can be spoofed even with restricted access rights. Can’t get traffic out of the firewall as was possible with XP? Just use the API to send a message to the user asking for permission to do this. How many users would have a clue where this message came from? How many would know what to do?
Let’s not be flippant about this: Vista’s security is better than that of Windows XP, which is another way of saying that Vista’s designers attempted to secure the operating system, whereas XP’s, famously, didn’t bother to. But some decisions in UAC look as if they just need a new generation of Vista malware to work social engineering into the fabric of the way the malware interacts with the OS, for this loophole to be exploited.
Also last week, Polish researcher Joanna Rutkowska, picked more holes in UAC, specifically the issue of the privileges granted to any program during installation. Because of the way UAC is designed, she points out, the user only has two choices when installing any program - to allow it or disallow it. Disallowing a program won’t make much sense to a user, but allowing it gives the program access to the file system and registry, and the ability to load kernel-level drivers. This can be any program remember, even the criminally insane examples cited by Rutkowska of Tetris. Ouch.
It should be pointed out that all operating systems offer user account control in one form or another, and that any such design can be subverted if attackers are willing to devote the time to undermine it. But we know that Vista malware writers will be, so that comparison is not comforting.
Vista closes many avenues of attack, but it opens some new if less travelled ones as well. The best defence is to understand how the OS, and UAC in particular, works. Microsoft has sent us all back to school again.