Microsoft admits Vista security won't change much

DESPITE THE fact that Vole told us that Vista would be much more secure than XP, a top Microsoft security expert has warned that very little will change.

Mark Russinovich, a technical fellow in Microsoft's Platform and Services Division, told the CanSecWest security conference in Vancouver that hackers and virus writers will simply adapt to the new Vista framework.

He pointed out that Vista's User Account Control will stop malware from making changes to the operating system but it's not a security boundary.

Russinovich predicted that malware will develop its own elevation techniques and trick users into clicking "allow" to give elevated rights to a malicious file.

He said that there will be malware spoofing over-the-shoulder credential prompt and even launching a medium integrity level process in the administrator's account.

Malware authors will design hacks where they do not need to take over the entire box'. They will end up thriving in the standard user environment, setting up botnets and grab keystrokes," he predicted.

More in the ZD Net technical bogs.