Microsoft's Vista may be vulnerable to at least three pieces of widespread malware, two of which date back to 2004 , according to security vendor Sophos.
At least three well-known internet worms — labelled Stratio-Zip, Netsky-D and MyDoom-O by Sophos — are able to execute on the OS, according Sophos.
These worms comprise 39.7 percent of all malware currently in circulation, according to the security vendor. The MyDoom and Netsky variants were first detected back in 2004.
Systems running Vista are vulnerable to the malware when running third-party email clients, according to Sophos. Windows Mail Client — the Vista replacement to Outlook — will block the worms, but businesses running third-party email clients such as Lotus Notes, or that permit web-based mail such as Yahoo or Gmail, could be vulnerable.
Sophos decided to test Vista for resistance to common strains of malware after Microsoft co-president Jim Allchin made a comment that he would be happy for his seven-year-old son to use a locked-down version without antivirus.
"The comment about his seven-year-old spurred our idea — let's see if malware runs on Vista," said Carole Theriault, senior security consultant at Sophos. "It does."
"I'm certainly not going to run Vista without antivirus," Theriault added. "And I wouldn't take the risk with my business. Who knows how many more pieces of malware run on it?"
Windows Mail Client will block these mass-mailers, as it detects double extensions. Some mass mailers try to hide their executable payloads behind another extension — for example a text file. Mail Client will notice both the executable and the text file, and prevent the executable from running, in its default setting. However, Mail Client security features do not apply to third-party email clients, which may not block malware adequately.
Although Sophos is recommending that businesses running XP eventually shift to Vista, as XP is less secure, Theriault said that for the time being businesses considering running Vista will still need to take security precautions.
"Vista is excellent, but it hasn't really changed the security landscape," said Theriault. "You still need antivirus, firewalls and patches at least."
Theriault said it was too early to predict the speed and scale of Vista uptake.
"People will listen to what's going on, and make a decision depending on what suits their environment best. It's too early to say," said Theriault.
These are among the first flaws found in the finalised version of Vista. The Vista kernel was hacked by a Polish security researcher at the Black Hat security conference this year, using virtualisation technologies. Security company Symantec also reported flaws in the Vista kernel in August.
Microsoft was approached for comment on this story but no spokesperson was available.
Talkback
I visited a site from a google search for a location in Philippines and viewed some of the images thereon, nothing else. I was immediately bombarded with spam directed to the email addresses in use only on my Vista computer and which spam was clearly linked to this site. I was also, so I thought, fully protected by a third party security suite.
In consequence of this, these email addresses are now compromised, being now spammed every day.
Needless to say, I'm choked off by this. Particularly since one of the addresses is personalised.
If you gave you e-mail address away to a site you did not trust then what do you expect. This has nothing to do with the security of your desktop! I find it hard to believe that by simply browsing some images somehow the site has worked out your current e-mail address and started spamming it. More than likley you gave you e-mail away willingly and paid the pice :)
If you gave you e-mail address away to a site you did not trust then what do you expect. This has nothing to do with the security of your desktop! I find it hard to believe that by simply browsing some images somehow the site has worked out your current e-mail address and started spamming it. More than likley you gave you e-mail away willingly and paid the pice :)
No I did not give any details, I thought that was clear. My computer was compromised by a simple visit to the site, as stated. Now, and not before, I am spammed to one of my email addresses (correctly addressed) which I will have to abandon at considerable inconvenience.
What type of e-mail address are we talking here something configured in outlook or web e-mail address? So you are saying that you visited a website, the website took advantage of some security hole in ie. Then installed some kind of root kit, virus or custom rouge code which then searched your machine found an e-mail account configured in outlook. Then uploaded this information to a server somewhere which added you to a spam list and now you are getting spammed a lot?
Sorry everybody, I did some beta testing for windows vista, and here is my highlight of the changes that they say are sooo wonderful...
Excessive graphics. In an attempt to make the microsoft os look better than mac, they went crazy. yeah, it looks great, but it is slow as ever..
Try disabling the windows theme? I thought of this, went back to the windows 2000 look, still ran slow as ever..
I get a kick out of how you make this sound so improbable..
installed some kind of root kit, virus or custom rouge code which then searched your machine found an e-mail account configured in outlook
Geez man, the guy could have had a keylogger running thats sending out information, or still had a piece of mallware running, its not like vista scans the machine for mallware before it installs.
I mean, Aren't we talking about Microsoft software? Some of the most flawed software comes from microsoft. Do I have to bring up windows ME?? An independant study recently stated that 96% of the time you are using internet explorer there are known security holes without patches available. Talk about Zero day..
Now, Don't get me wrong. Im thinking this guy probably just posted his email somewhere he shouldn't have or something like that.
But I don't think its going to be very long before we start to see alot more of these types of messages..
I don't really know whether to continue this discussion.
However, I didn't use the keyboard or provide any information, I only viewed some images on the site and was almost immediately spammed in duplicate to the two email addresses (entered in both Outlook and Windows Mail) on my Vista computer (I have eight email addresses on my primary XP computer). The initial spam was clearly linked to the site visited, it said so in the header. Therefore I presume a crafted mischievious image as the source and that Vista, and Trend Micro Suite, was not proof against it. Of course, third party security software is not yet fully compatible with Vista.
The consequence is that my main email address is now severely spammed to the point where I'll have to abandon it and my personalised A-Tails email address may also have to be abandoned although, for some unknown reason, not so severely compromised
Separately, I always wonder why other spam which is not correctly addressed to me actually ends up in my email account(s) at all.
Correct could be a key logger. I just haven't seen something before which has such an immediate turn around to spamming e-mail addresses. So as far as malware/hacks go this one seems pretty sophisticated. You are right to point out that we can only expect to see more of this in the future.
If you get a positive identification in terms of recognised malware I would be interested to find out what it was. More than likely a custom attack particularly if the spams were associated with the website in question.
Thanks.
The addition of better security in Vista is a very good thing, as long as it doesn’t discourage third party development for that platform. Once Microsoft Vista becomes the standard desktop O/S, as it probably will, there is real concern that it may also become the default and only security solution for companies. This would result in hackers and malware authors may have a lot less security tools to deal with. Monocultures, of all kinds, tend to respond poorly to external attacks, and it may be that Windows Vista serves to extend this problem to the IT security world resulting ultimately in more worse, more pervasive, infections.
Geoff Webb, Director of Marketing, FutureSoft
Vista is only intended to grant basic security to basic users. Corporates, advanced users, and enterprises will still require additional security, and human-engineering attacks will nearly always circumvent security if they're well enough made. Regardless of Allchin's unfortunate comment acting as a red flag to hacker bulls, Vista has never been advertised or marketed as the end-all be-all for all security woes.
I run Vista, have for a couple of months now as a beta tester, and would never dream of running it without an AV client, but that said it is far more secure out of the box than any previous version of Windows that I've ever run and I've run pretty much every single version since Win 3.11. For the businessses I consult for, I'd have no problems of conscience recommending they adopt and use it, providing that they keep the enhanced security (firewalls, AV clients on desktop, mail gateway scanners, defence in depth, etc...) most of them already have in place.
I would set my Mom up with a locked-down Vsta when I can and encourage her to get an AV client but wouldn't worry too hugely if she didn't do so because I'd know she was at least baseline protected against the most common attacks.
Hiya,
I hate to burst your bubble but I do not believe that Vista is the problem here; but I do believe that you are blaming Vista because you don't know what else to blame !
What you fail to mention in any of your postings is whether you had valid upto-date Anti-Virus software installed, and which version of Vista you are using; Yet alone mention whether you have the phishing filters, and automatic protection enabled within IE7+.
I believe that the problem you are experiencing is associated with the fact that you have previously used your e-mail address to sign-up, or sign-in to a web based system, and have agreed to IE remembering your information. Then you have visited the said website, and this has launched scripts, (possibly ActiveX), to read the contents of your index.dat files. Which is not beyond the realms of possibility.
You see IE7+, (the variant used in Vista), works in a totally different way to the IE7 version that sits within XP. In Vista, whilst IE7+ is part of the operating system it operates independently from the profile that is logged into the computer at the time; and if you have modified the ActiveX controls, within IE7+ then you will automatically allow the running of AX controllers without needing approval - some people do this to make their web experience easier.
The problem that I have is you are only telling us half the information that we need in order to make a valid decision; but you are only too willing to blame the fact that your own e-mail account has been spammed upon Vista without understanding the consequences of your actions.
I'd be grateful if you could please provide more information upon the points raised above; which will allow a vailid decision, and should you need it help.
Arthur
My window is small but looks out on a big world
Pet hate - people who blame that which they don't understand
Allchin said "My son, seven years old, runs Windows Vista and, honestly, he doesn't have an antivirus system on his machine. His machine is locked down with parental controls, he can't download things unless it's to the places that I've said that he could do, and I'm feeling totally confident about that."
Sophos, attempting to spin things, ran a test that did *not* follow the statement above, i.e. the OS was not locked down, and you could download things.
Why not try it under the situation that Allchin said?