Last July, I discussed how Windows Vista™ was one of the mostimportant technologies that we would see in 2007. Last year, SymantecAdvanced Threat Research released four research papers on the then betaversion of Windows Vista. These papers provided a security analysis ofthe new Windows Vista network stack, user-mode security defenses,kernel-mode security technologies, and the Teredo protocol—a key IPv6over IPv4 transition technology in Vista. Being one of the firstthird-party assessments on the progression of Windows Vista security,these papers were extremely well received in the technology industry.
Fast forward to today, and Windows Vista has now been released tobusinesses and consumers alike. Throughout its release, Symantec hastracked the evolution of Vista very closely and continued to assess itspotential in defeating today’s attackers. We’ve documented our findingsin a series of six research papers that are being released in thecourse of the next week. The goal of this research is to provide abalanced, unbiased, and objective viewpoint on Windows Vista security,based on the many decades of our team’s combined security experience.Our goal is to separate reality from hype, the latter of which can runerrant if it is allowed to.
These papers will cover everything from a broad high-level overviewof Windows Vista security and what it means, to technical deep dives onspecific technologies. These technical deep dives will include how wellWindows Vista can stand up to existing malicious code, as well as athorough analysis of Windows Vista networking.
Our research is available on the following Web site:
www.symantec.com/enterprise/theme.jsp?themeid=vista_research
The first paper is designed for technical managers and other ITprofessionals who want to understand the effectiveness of WindowsVista’s new security technologies. This paper will be valuable todecision makers who need to get a practical understanding of WindowsVista’s true security posture.
This paper can be found at:
Security Implications of Microsoft Windows Vista
Our research shows that while Microsoft has addressed a common classof threats known collectively as "memory manipulation vulnerabilities,"attackers have largely moved away from exploiting these flaws in coreoperating system components. Instead, attackers have moved to attackthird-party applications, such as Office suites, Web browsers, andother common software. The defense mechanisms that are intended to makeWindows more secure are also, in many cases, not extended tothird-party applications. As a result, software that isn’t developed toleverage Windows Vista’s security features remains exposed.
In addition, our research also shows that even today’s maliciouscode is quite capable of surviving on Windows Vista with nomodification. This demonstrates that malicious code authors will easilyadapt to Microsoft’s new operating system.
These findings, plus others discussed in our technical papers,reveal that although Windows Vista is the most secure version ofWindows yet, it is not a silver bullet. It is also clear that attackerswill adapt, as they have done already, in order to subvert theprotection mechanisms that were introduced into Windows XP SP2.
This reinforces the fact that while Microsoft can address longstanding trends in operating system vulnerabilities, it is much moredifficult for any operating system vendor to completely eradicatethreats from their platform.