By Mark Ward
Technology Correspondent, BBC News website
Hi-tech criminals are looking forward to the consumer release of Windows Vista, say security experts.
Windows Vista will be available to consumers in early 2007
Vista will be the big event in computer security in 2007, say experts and add that it will have a profound effect on both sides of the security world.
Many organised crime gangs are already tearing the new version of Windows apart looking for ways to exploit its weaknesses, say some.
Others are expecting to see Vista attacked soon after it debuts.
While Microsoft's business customers have been able to buy Vista since 30 November, consumers are being forced to wait until late January 2007 to get their hands on the next version of the Windows operating system.
Microsoft has said that the whole development process of the operating system has been run with better security in mind.
Within Vista are several technologies that could stop many people falling victim to the most common sorts of malicious attack, said Kevin Hogan, director of security operations at Symantec.
In particular, he said, the way Vista handles user accounts will limit the freedom malicious programs have to run and install themselves surreptitiously.
Increasingly, said Mr Hogan, hi-tech criminals were booby-trapping benign looking webpages with code that slips through vulnerabilities in the various versions of Windows. It should also help stop people being caught out by malicious attachments on e-mail messages.
"That'll deal with a lot of the current threats we are seeing," said Mr Hogan.
Mikko Hypponen, chief research officer at security firm F-Secure, said the warnings that these account controls display when malicious code tries to install itself will prove useful.
Hypponen: Cyber criminals are translating their wares to work on Vista
"It'll become much more obvious when they get infected," he said.
But, said Mr Hypponen, as well as stopping some of the threats hitting users, Vista is also likely to spur many hi-tech criminals to step up their research efforts and translate their old malicious wares to the new software.
"None of the existing bots, backdoors, trojans in general run on Vista," said Mr Hypponen.
Already security experts are seeing exploits for Vista vulnerabilities being sold on underground websites and proof-of-concept code appearing on discussion boards.
Gerhard Eschelbeck, chief technology officer at security firm Webroot, said he expected the hi-tech criminals to start exploiting the many ways that Vista tries to warn people about security threats.
He said it was only a matter of time before cyber criminals find a way to mimic the security warnings that Vista uses to try to trick people into installing a malicious program.
"They are thinking how to attack the user directly rather than try to penetrate the applications," he said.
While Vista might help many users stay safer online, many criminals would be happy targeting the tens of millions of people who own older versions of Windows, said Mr Eschelbeck.
In 2007 he said he expected to see malicious code turning up on many different types of sites - many of which looked completely benign.
Hi-tech criminals are targeting web-based databases
Those behind malicious programs were also more interested in having their creations hang around longer, said Mr Eschelbeck.
"The goal is to stay undetected for a long time," he said. "It's being driven by people looking for financial gain."
The diversity of the hi-tech underground was also shown by the new targets many were going after, said Paul Davie, chief executive of security firm Secerno.
He said many hi-tech criminals were now targeting web shops that use a database to handle orders in a bid to steal valuable information they can sell or use.
Many attackers, he said, were using sophisticated techniques to squeeze information out of databases.
"These attacks - examples of which include hackers exposing hundreds of thousands of credit card numbers worldwide - certainly will increase sharply in 2007," he said.
"The security sector is coming to terms with the fact that it is dealing with highly financially motivated, technologically advanced and professional database infiltrators," he said.