14 DAY TRIAL // Existing malicious code can continue to survive on Windows Vista. This is a question regarding current threats and its successful execution, infection and survival on Vista. While Microsoft has just launched Windows Vista enterprise to Software Assurance customers via volume licensing, Sophos has revealed that the operating system is vulnerable to W32/Stratio-Zip, W32/Netsky-D and W32/MyDoom-O worms.
In this context, Symantec has conducted its own Windows Vista and Threat Survivability test. During this project, they executed approximately 2,000 unique instances of current existing malicious code on a 32-bit edition of Windows Vista running with the default UAC. Symantec looked to find the instances that successfully executed, survived a restart, but also the malware that failed due to UAC.
With this in mind, Symantec threw everything it had at Vista running under a VMWare virtual machine: rootkits, Trojans, spyware, viruses, mass mailers etc. Symantec found that the malware which is designed to load drivers or to modify system settings, such as rootkits and trojans failed to execute.
"On average, about seventy percent of the malicious code executed under Windows Vista loaded successfully and executed without a crash or runtime error. Note that malicious code is always looking to latch on to another process, bind to a local port, or modify system critical files; thus, identifying a successful execution does not indicate it fully compromised the victim host. Out of the seventy percent that were able to execute, only about six percent of the samples were able to accomplish a full compromise and an even smaller number (four percent) were able to survive a reboot. The rest did not execute properly due to incompatibility, unhandled exceptions, or security restrictions," revealed Orlando Padilla, Symantec Senior Security Researcher.
In fact, Windows Vista performed surprisingly well. The operating system is in fact immune to the vast majority of existing malware. But Symantec did warn that this is not a status quo, but simply a question of time and adaptability. "At first glance, this looks good for Microsoft; however, it is merely the direct result of a new, unknown system 'cleaning the slate' and protecting against old malicious code techniques. As we have seen in the past, it will only be a matter of time before attackers become more sophisticated, understand Windows Vista, and adapt to this new platform," concluded Padilla.