Vista Vulnerabilities

by santonov on February 20th, 2007 in Industry and Security News.

Even before it hit the market, Vista, pegged by Windows as their most secure operating system yet, has been under the scrutiny of many in the security industry. And the security spotlight continues...

Only weeks after its commercial release, researchers are raising specific concerns about the new operating systems security.

On the heels of Microsofts latest Patch Tuesday, which included the first fix that will involve Vista (a critical flaw in the Microsoft Malware Protection Engine that affects the Windows Defender security package), new security holes are now being questioned. According to reports, Security Researcher Joanna Rutkowska claims to have found a "gaping hole" in Vistas User Account Control (UAC) security functionality.

As one of its security features, Vista runs in a normal user account by default and pops-up dialogue boxes before performing administrative functions like modifying system files. The concern raised is over the Vista assumption that all application installers should be run with administrative privileges. When you try to install a new program, you must choose to give the installer complete system privileges or not run the program; when you run an installer as administrator, it has access to your file system and registry. Rutkowska has pointed out several security problems this opens up.

A blog response from a Microsoft security manager stated that accommodations had been made to consider both security and usability, and that it was not a matter of security bugs."

Rutkowska doesn't seem to think that explanation is enough to answer the security questions that have been brought up. A statement on her blog reads, "If Microsoft won't change their attitude soon, then in a couple of months the security of Vista (from the typical malwares point of view) will be equal to the security of current XP systems (which means, not too impressive)."

What do we think about it? If nothing else, this news definitely highlights the need to use third party software as an additional security measure in place to protect yourself from malware.

That's why we have made sure that Ad-Aware 2007 will be Vista compatible and Vista certified - because we support your need to control what products secure your computer and protect your privacy.