Keeping Vista safe and secure

By Mark Ward
Technology Correspondent, BBC News website

Microsoft boss Steve Ballmer presided over the Vista launch

Soon after Microsoft's legions of programmers began work on the code that would become Windows Vista, the company announced a Trustworthy Computing initiative.

This, declared founder Bill Gates, would make Microsoft's products far less susceptible to the malicious programs the bad guys were using to try to exploit Windows software.

In 2006, Windows Vista has become the new standard bearer for this initiative as it includes a whole series of technologies that try to make it far harder for malicious programs to compromise a PC.

In a statement Microsoft spokesman Sven Hallauer said Vista was designed from the ground up under the software companies Secure Development Lifecycle which aims to spot potential problems before the code ships.

Mr Hallauer said Microsoft had studied all the "critical" security issues that hit Windows XP between November 2003 and September 2006 and, he said, "found that the vast majority of these issues would either not affect Windows Vista at all or would have been reduced in severity".

Since Vista was released security firm Sophos has challenged this claim. It said it had discovered that three of the top threats in November 2006 bypass the defences on the new operating system and run on Vista.

Guard duty

One big change Microsoft is introducing with Vista is a technology called PatchGuard. This keeps an eye on the core, or kernel, of Windows Vista and stops unauthorised programs (the nasty ones) making changes. It could help stymie many malicious programs that try to embed themselves in Windows.

However, said Dave Marcus, senior security strategist at McAfee, only the 64-bit versions of Vista which are intended for businesses will run this technology. Very few consumers are likely to run this version of the software, said Mr Marcus, so the potential protection it offers will be limited.

The user is the weakest link in the chain here Kevin Hogan, Symantec A visual guide to the changes in Windows Vista

Already security researchers are finding ways around PatchGuard. At the Black Hat hacker conference held in Las Vegas in August, Joanna Rutkowska demonstrated ways to subvert the Vista kernel.

But despite the lack of PatchGuard on the 32-bit versions that most home users are likely to run, Mr Marcus does think Vista will improve security.

"You will see a short-term benefit," he said. "Vista is a well-built operating system but it's going to be the biggest target."

Casual users were most likely to see the biggest benefits, he said, but soon the bad guys would work out ways around the changes Vista has introduced.

Old iron

Kevin Hogan, a senior manager at Symantec security response, also said there were technologies in Vista that would, initially, make it harder for malicious programs to take hold.

In particular, he said, the system Microsoft had dubbed User Account Control should stop some people falling victim. This attempts to limit the access users have to the heart of their PC. Installing a program on a Vista machine requires more authentication or makes a user grant an application specific permission.

"That will be a big help in dealing with drive-by downloads," said Mr Hogan.

Vista was launched to businesses on 30 November

This type of malicious attack occurs when a Windows user visits a webpage that is booby-trapped with code that exploits a vulnerability. Some of the infections contracted this way can bombard people with adverts. Others are more sinister and can steal personal information or hijack a PC.

But, said Mr Hogan, this aura of protection would evaporate as the bad guys work out ways around the new technologies in Vista.

"We're not going to see the two-three year lag we saw after Windows 95 came out," he said. "It'll be far quicker than that."

Recent history is a guide to how quick the bad guys are reacting. In late 2004 Microsoft unveiled the SP2 update for Windows XP which aimed to close many of the loopholes malicious programs exploit.

However, evidence has emerged that the majority of the hijacked home PCs used to send spam are Windows XP machines fitted with SP2.

About 70% of the billions of spam messages sent every month are believed to be sent from hijacked Windows PCs.

Mr Hogan said there was already evidence that malicious hackers and cyber criminals were changing their tactics to get around the increasing number of security tools available for Windows.

Instead of trying to slip past the filters and security programs, many threats now relied on "social engineering" to trick people into installing the attack programs themselves.

Attacks were becoming customised to enable cyber criminals to infect a far higher proportion of victims than they might if they sent a virus to millions of people.

"The user is the weakest link in the chain here," said Mr Hogan, adding that no security program can protect people if they choose to ignore all the warnings.