Microsoft slams Vista virus report

Proof-of-concept code described by security company F-Secure as the "first Vista virus" does not affect the operating system at all, Microsoft has insisted. 

The exploit is said to target Microsoft Command Shell (MSH) technology currently in development under the codename Monad. 

A spokeswoman for Microsoft told vnunet.com that, contrary to F-Secure's assertion, MSH will not be part of Windows Vista.

"The current plan is that Monad will not be included in the final version of Windows Vista," she said. "Monad is being considered for the Windows platform for the next three to five years."

Instead, users will find "some of the technology" in the next version of Exchange due out in the second half of 2006. Microsoft had not previously given full disclosure about its plans not to include MSH in Vista.

The first operating system that could be affected by MSH will be Longhorn Server, and not Windows Vista, according to the spokeswoman.

"It is a possibility that Monad's timing could align with the update release to Longhorn Server, but it is too early to confirm that this will be the case," she said.

Longhorn Server is the next version of Windows Server 2003 and is scheduled for release in 2007.

MSH is a command-line shell tool that lets IT administrators manage a system. It is similar to the command shell in Unix, Linux and OS X.

A first beta of the technology was released in June. MSH is not part of the Vista beta that was launched two weeks ago.

F-Secure pointed to a proof-of-concept virus in a blog posting on its website which it said was developed by an Austrian virus writer. It has named the virus 'Danom', which is 'Monad' backwards.

Microsoft further undermined F-Secure's report by pointing out that the virus used a proven method to use command shells in all operating systems to launch a virus.

"The viruses do not attempt to exploit a software vulnerability and do not encompass a new method of attack," the spokeswoman said.

Backing up his company's official statement, a Microsoft developer by the name of Lee Holmes blasted the report by F-Secure on his blog. 

"It's a misleading title," said Holmes referring to the F-Secure post. "It's an issue that affects any vehicle for any executable code on any operating system."

Mikko Hyppönen, director of antivirus research at F-Secure, defended his original posting in an email to vnunet.com. "I stand by my blog entry," he said. "Everything I wrote was accurate at the time of writing."

Hyppönen confirmed that the method of attack is not new, but insisted that the virus still qualifies as new because it targets the new MSH platform.

"But I also understand that Microsoft is concerned as these 'Danom' viruses are now widely reported in the media as [the] first viruses for Windows Vista when, as we now know, MSH will not even ship with Vista," Hyppönen concluded.