Security Vista

At the end of March, while security researchers were 'compensating' for download-type attacks, they found a surprise: there was another flaw in the way Windows handled files. believe dynamic cursor (.a

Even though Windows Vista is probably more secure than Windows XP, Microsoft's new operating system has been shown to be vulnerable.

At the end of March, while security researchers were ' offsetting their heads ' with download-type attacks, they found a surprise: there was another vulnerability in the way Windows handled the file. Dynamic cursor (.ani), does not exclude Windows XP. This vulnerability also affects Vista, the operating system that Microsoft pays much attention to security.

Security experts still believe that Vista is much more advanced than previous versions of Windows. According to them, Vista has added new security features, including an improved firewall, 'Protected Mode' for Internet Explorer and User Account Control. These features help Vista better cope with the common types of spyware and malicious software attacks. But the flaw (fixed) is Microsoft's "mudslide" left, plus two other important security patches released for Vista in the first three months of launch. This has more or less affected Vista's security scent (see section 'Vista vulnerabilities'). Vista may be more secure, but users still have to worry about security.

Thin bulletproof vest

User Account Control (UAC) is the best tool in this group. According to Microsoft 's own estimates, up to 95% of Windows operating system users before Vista appears, often run familiar applications with the administrator account, but with this account they have the right to modify the system. But this also helps hackers attack PC easily. By default, UAC requires a password for each task, avoids users, or malicious programs, from changing or tampering with sensitive areas of the operating system.

Picture 1 of Security Vista

Vista's integrated anti-spyware application - Windows Defender - lets you scan every day, but when tested, the tool misses about a third of all spyware and adware samples.

But UAC itself is the biggest enemy. Frequent pop-up reminders appear really troublesome, particularly during the process of setting up a new system. After about 10 days of use, the frequency of this reminder is reduced but not everyone can avoid being reminded constantly. For example, the simple thing is that you want to transfer a file in one folder to another, the system also displays a pop-up alert.

As a result, many Vista users were frustrated to turn off UAC (there is a case where users have to turn on UAC again so they can run some old games that require user rights). But doing so touches security for turning off UAC or many people annoyed by "letting go" when pressing 'Allow' bluff, doing so, they ignored UAC's purpose.

A security researcher said that UAC has a weakness in the design that when installing the program, UAC will "open the door" the whole system, regardless of whether the installation program does not need to access it all. system (see also find.pcworld.com/57069). Microsoft acknowledges this weakness, but it is safe for users. The company has not said whether the plan will revise UAC's design.

The second major security feature of Vista is Windows Defender, the anti-spyware tool that has been released for free for XP and this time integrated in Vista. Although this is not a full anti-virus utility, it can easily scan for spyware or adware that is taking up system resources. Defender also has a 'filter' when you download files via Internet Explorer 7.

This is a great idea. But through the AV-Test test (AV-Test.org), Defender only detected 65% of 14,517 adware and spyware samples in a required scan. Compared to 8 other anti-virus tools that have anti-spyware functionality, they all have a recognition rate of 73% to 99% for the same sample number. According to AV-Test experts, Windows Defender is not good. Almost every single tool or built-in anti-spyware feature proved to be better than Defender.

Firewall is good

Vista's improved firewall is another story. It has the ability to block both outbound and outbound traffic (inbound and outbound) while XP's firewall only blocks access. The outbound filter has a second layer of security to block complex malicious attacks that they often "silently" hook your system to remote-controlled hackers. But because there are many types of security in this second layer, deciding which programs are and are not allowed to go beyond the system is another technical issue. For this reason, Microsoft defaults to blocking outbound traffic. Even if there is no outbound filter, the firewall is rated very well.

Picture 2 of Security Vista

Vista's upgrade firewall can block anonymous programs they try to connect to the Internet, but this function is off by default.

According to an expert, Vista's firewall is always running in the background, blocking all incoming connections that are unclear. Fluent users can configure the outbound filter to enhance security; but those who are not technically skilled may not be able to configure the outflow for themselves, but they can block attacks from outside anyway. By default, the user is not forced to set up any rules for outgoing stream filters.

The Vista firewall passes most of AV-Test's analytical tests. However, it cannot filter e-mail attachments that some other firewall tools do. Moreover, it is not the tool with the highest filtering rate when tested with attack patterns (also called leaktest, the program written to test firewalls that block applications that try to 'hook up' Internet).

However, many security companies and researchers, including AV-Test argue that because these test program models are written by ' insiders ' (different from malicious software), they have can not accurately assess the capabilities of the firewall.

Vista's firewall, along with many other firewalls, can do a good job of blocking outside intrusion into your computer. But Internet programs are forced to go through the firewall to access the website, go to the e-mail inbox, or even the chat tool. This in itself creates a loophole for hackers to attack.

Because Internet Explorer opens the door to your PC and IE is used by so many people, the browser is constantly under the 'bullet line'. To increase the level of security for IE7, the default version of the Windows Vista browser is in Protected Mode, separating IE from sensitive operating systems if IE has been hacked. This defensive tactic is currently successful, resisting current attacks such as dynamic cursor errors.

In addition to such "frontline" defense types, Vista also has many other types of defense. PatchGuard tool blocks rootkits, an internal virus signature program. Another technique called Address Space Layout Randomization makes it difficult for malicious software to find and infect running processes. Finally, there are some changes in the kernel, which is the heart of any operating system, increasing the ability to prevent attacks by hackers.

Attack is aimed at people

Don't be hasty, while Vista is safer than XP, experts predict that bad guys will quickly find a way to bypass Vista's security. One popular method is to use psychological "moves" to target people, not PCs. These 'psychological' techniques are a form of sending malicious software disguising in a game or some fascinating video to exploit the curiosity or ignorance of the user, forcing them to click on a link or a Attachments. If clicked, the malware has overcome ½ automatic security layer, including firewall.

Another potential threat to Vista's security layer is to attack programs, not the operating system. Audiovisual programs such as Adobe Flash and Apple QuickTime have recently suffered from attacks because hackers discover and exploit software weaknesses, for example they can attack through a live video file. online. To keep your PC safe, you should install the fix for those programs, they are just as important as the fixes for the operating system. According to an expert, any application available on the desktop has vulnerabilities.

A clear message to PC users is that, although the bad guys are harder to attack, Vista is not an operating system without gaps. You still need to install the patches to fill the detected vulnerabilities and you still have to use the antivirus program you used in XP.

Vista vulnerabilities

Dynamic cursor : an error in the dynamic cursor code contained in the operating system from Windows 2000 SP4 to Vista. With .ani, .cur or .ico files, remote attackers can create buffer overflows, "throw" lots of data into a program so that the program is overloaded. This allows bad guys to invade a user's PC. Microsoft fixed this error with patch MS07-017 .

Malware Protection Engine : a critical flaw in every version of Windows using the Microsoft Malware Protection Engine, adopted in Windows Defender anti-spyware tool and Microsoft's OneCare virus scanning software. This error can force the system to run attack code when it scans an infected PDF file. You can fix this with the MS07-010 patch .

CSRSS : a vulnerability in Windows Client / Server Runtime Server Subsystem error handling (CSRSS) may allow an attacker to 'wipe' the UAC (User Account Control) feature of Vista.Fix this error by patchMS07-021.

 

Update 13 December 2018
« PREV
NEXT »
Category

Technology

Life

Discover science

Medicine - Health

Event

Entertainment