Microsoft admits Vista security won't change much

Viruses, trojans, rootkits will remain

By Nick Farrell

Tue Apr 24 2007, 07:50

DESPITE THE fact that Vole told us that Vista would be much more secure than XP, a top Microsoft security expert has warned that very little will change.

Mark Russinovich, a technical fellow in Microsoft's Platform and Services Division, told the CanSecWest security conference in Vancouver that hackers and virus writers will simply adapt to the new Vista framework.

He pointed out that Vista's User Account Control will stop malware from making changes to the operating system but it's not a security boundary.

Russinovich predicted that malware will develop its own elevation techniques and trick users into clicking "allow" to give elevated rights to a malicious file.

He said that there will be malware spoofing over-the-shoulder credential prompt and even launching a medium integrity level process in the administrator's account.

Malware authors will design hacks where they do not need to take over the entire box'. They will end up thriving in the standard user environment, setting up botnets and grab keystrokes," he predicted.

More in the ZD Net technical bogs.

DHS assessed Anonymous threat to industrial control systems Limited attack possibility but significant learning potential Monday, 17 October 2011, 13:53 PM Read more	A BIOS trojan is found in the wild Hook used for rootkit redundancy Tuesday, 13 September 2011, 14:32 PM Read more
Hackers target Canada Tibet Committee ahead of Dalai Lama visit Likely a cyber espionage attempt Tuesday, 6 September 2011, 14:02 PM Read more	Three out of four rootkit infections are on Windows XP Report is not good news for the Microsoft OS Thursday, 28 July 2011, 15:43 PM Read more
The rise, fall and legacy of the hacker group Lulzsec How it all started and where it all went wrong Monday, 4 July 2011, 15:53 PM Read more	Mac fake anti-virus malware is evolving fast, doesn't need a password What works for Windows, works for Mac Thursday, 26 May 2011, 12:15 PM Read more

< Previous article| Next article >

Comments

There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.

INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage

INQ Jobs

Cambridge, Maths; embedded

Cambridge, Maths; embedded ...

INQ Poll

Authorities in several countries raided Megaupload recently, shut down all of its services, seized hundreds of servers and arrested several of its executives on criminal charges.

Do you think the move was justified?

Yes, companies should suffer an immediate death penalty upon being accused of copyright infringement.

Yes, the coppers said the company was breaking the law so it must be guilty.

No, the company and the people accused are innocent until proven guilty.

No, the company had millions of customers who have been harmed by having access to their data files cut off.

I don't care, I never used Megaupload anyway.

View other polls

© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093

SEARCH :

Site Credentials:

Business & Technology websites:

Business research resources:

Products:

Investment Market IT websites:

Find out what you are worth:

Salary Calculator

Search for a job:

Recruitment Agency A-Z Directory

Accreditations:

Digital Publisher of the Year 2010

Microsoft admits Vista security won't change much

Share this:

RIM Playbook OS 2.0 and Blackberry 7.1 video demo

Nokia Lumia 710 video review