Windows Vista security under fire

Kaspersky Lab believes that Vista's security may not be as effective as promised

Microsoft's Windows Vista is "unlikely to deliver long-term robust security protection", an IT security vendor claimed today.

An article published by Kaspersky Lab questioned whether the current security functions implemented in Vista will be effective.

The report, written by Kaspersky virus analyst Alisa Shevchenko, examined the key security aspects of Vista, including User Account Control, PatchGuard and Internet Explorer 7.

Vista's User Account Control ensures that any user, including the Administrator, has minimal rights, and that any 'suspicious' activity results in either a request for confirmation or a request to enter a password.

However, Shevchenko believes that a large number of harmless actions can be classed as 'suspicious', even if they turn out not to be malicious.

Alerting the user to each of these is likely to cause such a high volume of alerts that the user will either disable the feature or enter the Administrator password.

Shevchenko also claimed that "any type of protection can be evaded, and because of this, the advantages provided by this new layer of defence are conditional, and as practice shows, temporary".

He went on to claim that PatchGuard, which monitors modifications to the core system, can be evaded or disabled.

Shevchenko also questioned PatchGuard's protection against root-kits as it only offers protection against certain types of root-kit, and not all.

"Vista is undoubtedly more secure than previous Microsoft operating systems. And a system which is configured in such a way that everything is blocked except for access to designated sites could be regarded as being absolutely secure," said the report.

"However, the majority of users will find the significant restrictions on actions which effectively sterilise the system unacceptable, just as the constant requests to confirm or enter a password for an action which the system defines as being 'potentially dangerous'.

"And it is at this point that the 'almost totally secure' system is transformed in to a 'more vulnerable' system'."

• Kaspersky Lab Vista vs. Viruses report
• Microsoft releases Vista and Office 2007
• IT pros brand Windows Vista a 'distraction'