Environment, configuration, and vulnerability specific

Feb 28, 2007 15:56 GMT  ·  By

Microsoft has invested heavily in protecting the core of Windows Vista. Despite this, Vista is far from being a security silver bullet, and the fact of the matter is that the threat landscape is adapting to the security strategy implemented by Microsoft and evolving past it. "Attackers have already moved on," revealed Symantec. In this context, Symantec predicts that a whole new breed of malware will target the operating system. And the evolved security threats will feature a more focused approach.

"While Microsoft has invested heavily in multiple technologies to mitigate the effect of memory corruption and memory manipulation vulnerabilities, Symantec anticipates the discovery of new techniques for successful exploitation. However these new techniques will not be generic; instead, they will be environment-, configuration-, and vulnerability-specific. Both enterprises and consumers will continue to face threats that Windows Vista and its built-in security features cannot protect against," the Cupertino-based security company explained.

Even if Windows Vista is currently the most secure of the Windows platforms, it has a handicap compared to the threat landscape, the slow pace of its evolution. Additionally, with Windows Vista, the Redmond Company has simultaneously introduced a variety of new technologies and of attack avenues. Symantec concludes that the new technologies in Windows Vista are accompanied by an inherent risk and could serve as attack vectors. In this regard, the Cupertino-based security company has identified the Windows SideBar and the RSS feed reader as presenting a risk to users.

"It is the responsibility of security software providers to quickly identify malicious threats and deliver appropriate antivirus solutions. The introduction of such technologies and the attendant risks underscores the need for the concomitant development of security solutions," Symantec revealed.