14 DAY TRIAL // For security company Kaspersky, Windows Vista vulnerabilities are only a question of time. Foremost, Kaspersky sees a correlation between the popularity of the operating system and the volume of attacks, predicting that as the first will increase with the adoption of Vista, it will drive a jump in the latter. Alexander Gostev, principal antivirus researcher for Kaspersky has even identified one of the first target areas within the operating system: PatchGuard, the Kernel Patch Protection technology that restricts access to the operating system's core.
"We're not asking whether vulnerabilities will be found, but when. One of the first things to be targeted will be the technology which is meant to make getting access to the kernel more difficult," revealed Gostev for ZDNet. "Particularly because there are already approaches for evaluating this technology."
Currently, the volume of existing malicious code that would successfully execute, compromise and survive a reboot on Windows Vista is negligible. But Kaspersky forecasts that the situation will change for the worse as in excess of 90% of the existing malware will be adapted for Vista.
"There are tens of thousands of viruses which are fully functional just under a user account. Nine out of 10 contemporary viruses will function under Vista--overall UAC will not make much difference. Users still have the right to send and receive e-mail--hackers will program e-mail worms. Users are not going to want to work within a restrictive system. They'll disable anything which says you can't download, you can't install. There's always going to be the human factor--people always get in there and disable stuff they don't like," added Gostev on ZDNet.
Gostev additionally revealed that the UAC in Vista has already been circumvented and that this will serve as a vector for attacks. "In IE7 Microsoft fixed old vulnerabilities, but new vulnerabilities are being found. Hackers and virus writers will attempt to get around user defenses by exploiting the browser," explained Gostev.