Symantec paints less-than-rosy picture of Vista security

Page 2 of 2

Attackers may also look to third-party software that contains an executable that uses one of the registry keys to launch during system start-up.

Attackers are also likely to look at an API known as SetWindowsHookEx and getAsyncKeystate to leverage them to hijack sensitive information from a user’s desktop.

In the white paper entitled “Microsoft Windows Vista and Security,” Symantec notes that in Vista, Microsoft has made IPv6 enabled and preferred by default. Microsoft has also included a protocol called Teredo, which allows tunneling of IPv6 over IPv4.

“The implication is that the vast majority of Windows Vista hosts are, by default, remotely accessible via IPv6 and Teredo,” Symantec states in the paper. “The usage of Teredo has the side effect of bypassing many firewall and network-address translation configurations. This has significant consequences for enterprises that rely on network-based protection, since perimeter security devices and other network defenses such as intrusion-prevention systems and intrusion-detection systems will need to be upgraded in order to understand and decapsulate this new protocol.”

In summary, Symantec predicts “the new security features in Windows Vista will result in fewer instances of widespread worms that target core operating system vulnerabilities.”

But Symantec adds it “does not believe that Windows Vista security improvements will stifle other classes of malicious code that have historically targeted the Windows operating system.”