The Cupertino-based security company pretends that Vista is foolproof

Feb 13, 2007 11:30 GMT  ·  By

The true question here is related to the extent of Windows Vista's impenetrability. The fact of the matter is that Vista is by no means bulletproof. But Symantec decided to play along with the much touted security features of the operating system and assume that Vista was perfect.

"For the sake of argument, let's pretend that Vista as an operating system is completely solid and impenetrable - would this mean that security is no longer a concern? But surely, it must be if your operating system can't be compromised, right? WRONG. To think otherwise would be giving into a false sense of security (no pun intended, of course)," said Vince Hwang, Symantec Sr. Security Response Researcher.

Overlooking the fact that Windows Vista is not an impenetrable operating system, Symantec has proposed alternative attack vectors for the operating system. The conclusion is that, in the eventuality that Windows Vista does prove impenetrable, Symantec's security will protect users from vulnerabilities across third-party products integrated with the operating system and against the users themselves, as the Cupertino-based security company considers the users the weakest link in the security chain.

"Computer attacks today are primarily financially motivated, so it'll take a lot to deter an attacker from getting to his pot of ill-gotten gold; as a result, if the operating system is completely secure and difficult to exploit, then attacks would likely shift towards the next path of least resistance - applications that sit on top of Vista. Web applications are particularly attractive given the ease of exploit and the amount of flaws that many carry," Hwang added.

And as far as users go, they are susceptible to a broad and diverse range of social engineering schemes, from phishing attempts to malformed emails. But Windows Vista is not perfect. And Symantec's are among those that have received the VB100 award for Windows Vista, while Microsoft's own OneCare has failed the test performed by Virus Bulletin.