ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

Microsoft Windows Vista

Vista vulnerable to malware from 2004

Tom Espiner ZDNet.co.uk

Published: 30 Nov 2006 13:44 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Microsoft's Vista may be vulnerable to at least three pieces of widespread malware, two of which date back to 2004 , according to security vendor Sophos.

At least three well-known internet worms — labelled Stratio-Zip, Netsky-D and MyDoom-O by Sophos — are able to execute on the OS, according Sophos.

These worms comprise 39.7 percent of all malware currently in circulation, according to the security vendor. The MyDoom and Netsky variants were first detected back in 2004.

Systems running Vista are vulnerable to the malware when running third-party email clients, according to Sophos. Windows Mail Client — the Vista replacement to Outlook — will block the worms, but businesses running third-party email clients such as Lotus Notes, or that permit web-based mail such as Yahoo or Gmail, could be vulnerable.

Sophos decided to test Vista for resistance to common strains of malware after Microsoft co-president Jim Allchin made a comment that he would be happy for his seven-year-old son to use a locked-down version without antivirus.

"The comment about his seven-year-old spurred our idea — let's see if malware runs on Vista," said Carole Theriault, senior security consultant at Sophos. "It does."

"I'm certainly not going to run Vista without antivirus," Theriault added. "And I wouldn't take the risk with my business. Who knows how many more pieces of malware run on it?"

Windows Mail Client will block these mass-mailers, as it detects double extensions. Some mass mailers try to hide their executable payloads behind another extension — for example a text file. Mail Client will notice both the executable and the text file, and prevent the executable from running, in its default setting. However, Mail Client security features do not apply to third-party email clients, which may not block malware adequately.

Although Sophos is recommending that businesses running XP eventually shift to Vista, as XP is less secure, Theriault said that for the time being businesses considering running Vista will still need to take security precautions.

"Vista is excellent, but it hasn't really changed the security landscape," said Theriault. "You still need antivirus, firewalls and patches at least."

Theriault said it was too early to predict the speed and scale of Vista uptake.

"People will listen to what's going on, and make a decision depending on what suits their environment best. It's too early to say," said Theriault.

These are among the first flaws found in the finalised version of Vista. The Vista kernel was hacked by a Polish security researcher at the Black Hat security conference this year, using virtualisation technologies. Security company Symantec also reported flaws in the Vista kernel in August.

Microsoft was approached for comment on this story but no spokesperson was available.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with HP

Did you find this article useful?
440 out of 522 people found this useful



More in this Special Report

  • Windows Vista overview

    Video Find out what's new in the latest version of Windows, and what you should be aware of before you buy

  • Windows Vista Business

    Review Windows Vista Business is essentially warmed-up Windows XP. If you're currently happy with Windows XP SP2, we see no compelling reason to upgrade. On the other hand, if you need a new computer right now, Windows Vista is stable enough for everyday use

  • 10 things to consider before taking the Vista plunge

    News If you're planning a rollout of the latest Windows operating system, certain factors need to be evaluated first

  • Bill Gates talks Vista and Linux

    News Bill Gates is pretty confident that when he spots an emerging technology, it will emerge. Exactly when that happens, though, is sometimes an open question

  • Vista launch kicks off in New York

    News Microsoft has begun two days of events celebrating the consumer launch of its latest operating system

  • Why you should care about Vista

    FAQ  It's finally ready, so here's what you need to know about Microsoft's latest operating system

  • Peace in our time for Vista?

    Opinion Jim Allchin's comments that Windows Vista doesn't need any extra security software could stir up further confrontation with antivirus companies, at a time when Microsoft needs all the friends it can get

  • Should businesses upgrade to Vista?

    Buyer's Guide IT managers need to consider whether Microsoft's new Vista operating system is worth installing — and if it is, when the roll-out should begin.

  • A quick guide to Windows Vista's new file system

    Tech Guide Windows Vista challenges how we think about files and file storage, allowing users to tag, organise and search content in new ways.

  • Windows Vista is in sync with your files

    Tech Guide Need to synchronise files and folders with local mobile devices or remote servers? Our guide explains how Windows Vista users go about it.

Company/Topic Alerts

Create a new alert from the list below:






Related Jobs

Microelectronics Software Manager, Network Mgt Software/ Open Fabrics

Drivers, Libraries & Open Fabrics Software management experience is essential for this role (likely to be more than 5 years) and experience of ...

Lotus Notes Developer. London. 30,000 - 35,000

Lotus Notes Developer. London. Leading manufacturer of office equipment and machinery is looking to recruit a Lotus Notes Developer. You will have ...

Technical Author required for the Worcester Area 35,000

A Lotus Domino Developer is needed to develop, maintain and administer Lotus Domino, in addition will have the opportunity to be involved in Domino ...

Sentry Posts Blog

Mobile Linux Better For Mobile Busines...

Mobile Linux Better For Mobile Business Apps? Author: Eric Everson, MyMobiSafe.com As mobile Linux is carving it’s footprint on the future of mobile application development, the... More

Post a comment

DWP downplays security breach

The Department for Work and Pensions (DWP) has admitted that some of its staff have been forwarding passwords with password protected material. An email that was leaked on the 'Dizzy... More

Post a comment

How many headshots does one chairperso...

We got a strange request last week from the head of PR from Russian security experts Kaspersky. It seems although the company was very happy with the interview we recently carried with... More

Post a comment

Featured Talkback

On the contrary, if vendors were forced to stand behind their products it should increase innovation. It would force more, and better , testing before hitting the sales floor, resulting in fewer updates and less downtime for the consumer. At present the EULA removes responsibility from the vendor, and moves it to the user, which is a step backward. Make the vendor responsibility for their code.

By: ator1940

Read full story:
RSA: Vendor liability may stifle innovation