Symantec confirmed in the paper what was demonstrated during Vistas development: that hackers "can and will subvert PatchGuard." "The kernel integrity protection mechanisms that are present on 64-bit Windows Vista can only be described as a bump in the road," it said. "While these technologies may slow down an attacker, they do not provide a meaningful defense against a determined attacker." Symantec researchers in fact managed to disable all three of Vistas primary kernel protections: driver signing, code integrity and PatchGuard. "Results have shown that all three technologies can be permanently disabled and removed from Windows Vista after approximately one man-week of effort," the paper said. "A potential victim need make only one mistake to become infected by such a threat. The result: All new security technologies are stripped from their Windows Vista installation in their entirety."Symantec says UAC is too chatty. Click here to read more. All told, about 2,000 malicious code samples, extracted from Symantecs virus library, were thrown at Vista in Symantecs testing. The anti-virus vendor found that 3 percent of backdoors could execute and survive a system restart without any code change. Four percent of keyloggers successfully survived system restart, while 4 percent of mass mailers, 2 percent of Trojans, 2 percent of spyware and 2 percent of adware did. No kernel-based rootkits were able to install themselves, however, thanks to Vistas default limiting of application privilege. These code samples will evolve to accommodate Vistas security technologies, Symantec maintained, allowing malwares success to grow over time. In hindsight, it would seem like many of Vistas vulnerabilities would have been obvious to address in the operating systems years of development. However, Whitehouse pointed out, constructing an operating system does in fact take years, and Microsofts Vista team of course had to rely on the state of security knowledge and malware evolution as it stood historically. "Id bet [Microsofts malware code samples] were probably 4 or 5 years old" when Vista development was ongoing, Whitehouse said. As a response to Symantecs findings, Microsoft provided this statement: "We remain confident that Windows Vista is the most secure version of Windows to date and are encouraged by similar feedback weve received from Symantec and others in the industry. It is important to note that none of the security features in Windows Vista, either individually or collectively, are intended as a Silver Bullet solution to the problem of computer security. Instead, our defense in depth approach makes Windows Vista far more difficult to attack than any previous version of Windows, thus making it more secure. "Security is about making choices. Make it too restrictive and users will have to interact with the software more to do what they want. Conversely, focus on ease of use by making the default settings less stringent and increase the chance that a system can be attacked. We believe Microsoft has developed the right balance and made the right decisions when evaluating the tradeoffs between usability and security. This report does not properly address the fact that many of the Window Vista security technologies have numerous options that allow for a user to make their own judgments as to their need for security balanced against usability. "That said, we are evaluating the information provided by Symantec in these reports that details methods an attacker could potentially use to circumvent security features in Windows Vista, specifically about the GS Flag and Address Space Layout Randomization, and will take any action, if needed, to help make these features stronger or more resilient." Editors Note: This story was updated to include Microsofts response. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
As for Microsofts UAC (User Account Control), a prompt that requires user approval when an application attempts to escalate privileges, Whitehouse had earlier this month posted a way to trick Vista into allowing a malicious prompt to come off as legitimate by posing as a Windows system component. Microsoft isnt recognizing this as a vulnerability, given that UAC isnt considered a hard security boundary, as is a firewall, for example. Rather, Microsoft says, UAC is a chance to verify an attack before it happens.