Symantec clears Vista on malware

Microsoft's Windows Vista is more secure than previous versions of the operating system, according to security experts. 

Symantec's latest set of white papers found that rootkit malware will not install in Vista without users being notified, and that all kernel-level rootkits are blocked unless users ignore multiple pop-ups and click the 'Allow' button.

Graham Cluley, senior technology consultant at Sophos, said that the User Account Control in Vista is an important enhancement designed to prevent the installation of malware.

"However, it is also very intrusive with a high number of alerts that end users need to respond to, so there is a strong likelihood of it being disabled unless they are trained in how to use it," he added.

"This is one of the weaknesses that malware authors will undoubtedly attempt to exploit."

Symantec's study found that between 96 and 98 per cent of malware such as spyware and Trojans is also blocked.

However, the firm warned that malware writers could decrease those percentages by making only minor changes to their code.

Cluley agreed that Vista is the most secure operating system yet from Microsoft, but pointed out that it will still be targeted.

"Better security does not mean perfect security. The only 100 per cent secure computer is probably one without an internet connection, and with the keyboard and all disk drives disconnected," he said.

"There is malware that can successfully run on Windows Vista, so early adopters of the new operating system should still worry about worms, Trojans, spyware and the like."

Symantec's report also noted that the kernel protection is only offered in the 64-bit version of Vista, and that the 32-bit version is still open to attack.

Symantec praised features in the operating system that allowed developers to make their code harder to exploit.

But it also warned that this protection is only available if developers include it, and is missing from older Windows XP software and even some core components of Vista.

Symantec originally mauled Vista back in August 2006, pointing to security flaws that would allow computers to be easily overtaken by malicious parties.

"During this research we discovered a number of implementation flaws that continued to allow a full machine compromise to occur," the 2006 report said.

"By exploiting these flaws, a low-privilege, low-integrity level process can bypass User Account Protection, and ultimately execute code at a high-privilege, high-integrity level."

However, those tests were carried out on early release code and Symantec said that security would continue to be addressed until the final release, with some of the holes already plugged by Vista Beta 2.

Cluley concluded that the battle would continue between virus and malware writers and the team behind Windows Vista.

"There will continue to be flaws found in Windows Vista, and users will need to ensure that they are putting appropriate measures in place to defend themselves," he said.