Malware Aims to Evade Windows 7 Safeguards

Windows 7 adds a number of new security features, but social engineering attacks mean that you can’t let your guard down.

Experts agree that Windows 7 has enhanced security to ward off attacks on vulnerabilities in old software. But what if a money-minded online scammer can persuade you to download malware onto your PC?

Five fantastic open source tools for Windows admins

"Windows 7 is more secure, and upgrading to it is a big improvement," says Chester Wisniewski, a senior security advisor with software-maker Sophos. "But it's not going to stop malware in its tracks."

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Experts agree that Windows 7 has enhanced security to ward off attacks on vulnerabilities in old software. But what if a money-minded online scammer can persuade you to download malware onto your PC?

Five fantastic open source tools for Windows admins

"Windows 7 is more secure, and upgrading to it is a big improvement," says Chester Wisniewski, a senior security advisor with software-maker Sophos. "But it's not going to stop malware in its tracks."

Exploits Take a Hit

Digital crooks generally use two tactics to install malware on a PC. Exploits often take the form of a snippet of attack code hidden on a Web page--often a hacked-but-otherwise-benign site. When you browse the page, the exploit hunts for software flaws in Windows or in third-party programs such as Adobe Flash or QuickTime. If it finds one, the exploit may surreptitiously install malware without any hint of the attack.

In contrast, social engineering attacks try to trick you into downloading and installing bot malware that poses as a useful program or video. Some attacks combine tactics, as when a scammer sends an e-mail message encouraging you to open an attached PDF file, only to trigger an exploit buried in the file that then hunts for a flaw in Adobe Reader.

Security upgrades in Windows 7 could help prevent many attacks that target software flaws. ActiveX attacks, once the bane of Internet Explorer users, may "pretty much disappear" due to IE 8's Protected Mode, says H.D. Moore, chief security officer at Rapid7 and creator of the Metasploit testing tool.

The arcane-sounding Address Space Layer Randomization makes it harder for crooks to find a vulnerability for a running program in your computer's memory. The related Data Execution Prevention feature attempts to prohibit an attack from taking advantage of any flaw that it may discover.

"These two, in particular, could have a very large impact," says Wisniewski. Still, though ASLR and DEP were expanded to protect more programs in Windows 7 than in Vista, they don't cover all applications.

Vista Safer Than XP?

For a sense of what that impact might be, we can look at how Vista fared against malware. Microsoft's latest Security Intelligence Report covers the first half of 2009, prior to Windows 7's release. It's based on data from the Malicious Software Removal Tool, which Microsoft distributes via Automatic Updates to fight common malware infections. According to that data, the infection rate for an up-to-date Vista computer was 62 percent lower than that for an up-to-date XP system.

It's possible, of course, that Vista users are technologically savvier on average, and so less likely to fall victim to malware. The sample sizes for XP and Vista, which Microsoft didn't include in the report, might skew the statistics, as well.

But Sophos's Wisniewski thinks that ASLR and DEP are factors, too. And since those features are expanded in Windows 7, there's reason to hope they'll continue to be effective.

"I don't see this going away anytime soon," says Moore. He notes that there are plenty of ways crooks can and likely will continue to ply their evil trade against the new OS. But "it does raise the bar," Moore says.