Hackers will feed on Vista in 2008, says McAfee

Gregg Keizer   Today’s Top Stories   or  Other Security Stories  

Dynamic Data Center and Virtualization Drives Operational Excellence at Emory Healthcare The Secure Web Gateway. Mission Critical For Business Bringing Order and Security to your Mobile Workforce: Corporate Mobility Policy and Device Management An Overview of PAN Manager by Egenera Maximizing Business Agility with the Dynamic Data Center Fast and Simple Recovery of Your Critical Microsoft® Applications with Symantec Backup Exec" Computerworld Report- Large Enterprises Pay More for IPAM An Apple for Your Enterprise? Six Questions To Ask About Information And Competition Sign up to receive Security Resource Alerts

November 26, 2007 (Computerworld) -- [Eds. note: Due to an editing error, an earlier version of the second paragraph of this story didn't make the hacker attitude to Vista clear. The corrected version follows.]

Microsoft Corp. will face more than 40 vulnerabilities in Windows Vista next year, as the operating system climbs past the 10% market-share milestone and malware authors really start to find flaws, a McAfee Inc. analyst said today.

"Most of the current malware has ignored Vista," said Craig Schmugar, a threat researcher at McAfee's Avert Lab -- but that's not because the operating system has been frustratingly secure against attack. Rather, Schmugar argued, Vista's gotten off easy its first year because hackers didn't think it was a worthwhile target.

"These people make their living writing malware or attacking users," he said. "They're driven by financial motivation, and only when market share has an impact will they really work on Vista."

At some point in 2008, Vista will own a tenth of the desktop operating system market, Schmugar predicted. The milestone should mark the beginning of concerted efforts by attackers to root out vulnerabilities in the newer operating system. "Although the huge market share that XP has means [attackers] will still be profitable there for years to come, Vista at 10% will put it on their radar," he said.

According to data from Web metrics vendor Net Applications in Aliso Viejo, Calif., Vista's market share was about 7.9% at the end of October, up from 7.4% the month before.

"In the short term, Microsoft's case that Vista is more secure is supported by the data," conceded Schmugar, who referred to data Microsoft has cited from its Windows Malicious Software Removal Tool. In its most recent report on the tool (download PDF), Microsoft said the program cleaned malware from "60% less Windows Vista-based computers compared to computers running Windows XP SP2."

Schmugar's argument is that while that number is probably accurate, Vista's better performance isn't due only to its security prowess; it also stems from the fact that hackers haven't paid much attention to it.

"You look at the big malware, the most significant threats, and there's nothing specific to Vista in them," Schmugar said. "As Vista gains in adoption, it then impacts malware authors and forces them to focus attention on finding vulnerabilities, or to alter their social engineering techniques to accommodate it."

If that concept sounds familiar -- that market share plays a part in determining the vulnerability profile of an operating system -- it's because Mac OS X users have long relied on it. "There are definitely parallels between Mac OS X and Vista" when it comes to the likelihood of an attack, Schmugar said. "Operating systems aren't bulletproof. You can have an OS that's attacked less, certainly, but a larger part [of the equation] is market share."

Continued...
1 | 2 | NEXT  

Print this Story

Send Us Feedback

E-mail this Story

Digg this Story

Slashdot this Story

"Some Asian airlines are reporting rising losses to inflight credit card fraud because there is typically no online credit-card authorization..." Read more... "In Wednesday's..." Read more... Read more Security posts or See all Blogs

Microsoft feared Mac vs. Vista comparison in '05, insider e-mails show Downed Hadron Collider faces $21M in repairs Thanks to gamers, the desktop supercomputer arrives More top stories...

Hosting firm takedown bags 500,000 bots New Firefox app lets users pimp their browsers Microsoft to launch major upgrade to NAV ERP software Dec. 1

2008 Salary Survey: IT pay takes tiny leaps If you're like our 7,000 survey respondents, your paycheck this year has been flattened and your bonus obliterated. We offer 12 ways to plump up your paycheck. Windows 7 in-depth review and video: This time Microsoft gets it right Microsoft's next OS might more accurately be called Windows 6.5: It's essentially a better version of Vista. Twitter for business: 5 ways to tap the power of the tweet Twitter can be a valuable business tool -- if you know what you're doing. Here's how to juice it for all it's worth. Microsoft's 'Vista Capable' changes outraged HP, insider e-mails show By helping Intel with loosened 'Vista Capable' requirements, Microsoft 'severely damaged' its credibility, said an HP exec in a newly unsealed Feb. 2006 e-mail. Windows 7 Get the latest news, reviews and more about Microsoft's newest desktop operating system More Continuing Coverage Windows 7 Voting Technology Google's Chrome browser Economy in turmoil: Latest news and tips iPhone 3G Bill Gates moves on Windows Vista A to Z Mac A to Z 2008 Salary Survey Find wage data for 50 IT job titles. More Special Reports 2008 Premier 100 IT Leaders 2007 Premier 100 IT Leaders 2008 Best Places to Work in IT 2007 Best Places to Work in IT 2008 Salary Survey 2007 Salary Survey 2006 Salary Survey 2008 IT Forecast 2007 IT Forecast 40 Years of Computerworld Top 12 Green-IT Users The FAQs About Going Green IT Schools to Watch iPhone: One Year Later Global Mobile Your Next Data Center Management: Reinventing IT Stop Data Leaks Web 2.0 Security Surviving Disasters Managing Storage Virtualization The Lean Storage Machine Storage on Trial Can Web 2.0 Save BI? Bypass These BI Potholes All Zones Business Continuity Zone The File Data Management Zone Security Management Zone The SAS Zone Business Intelligence and Analytics Zone The Enterprise Search Zone Software as a Service Zone The Security Zone See your link here

Moving to Windows Vista: The Promise, The Reality Moving to Windows Vista: The Promise, The Reality View this exclusive webcast today! Go to the webcast  Computerworld Executive Bulletin: Building a Robust Antivirus Defense Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs. (Source: MessageLabs) Antivirus software alone isn't enough to prevent today's speedy, sophisticated virus attacks. Security managers should consider multitiered approaches that include behavior scanning, appliances that check e-mail for worms, and restricting user access to dangerous Web sites. Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs, to learn more. Download this executive briefing  Quick Sizing Guide for SAS Grid Running on HP BladeSystems and EVA Storage Download this white paper today! (Source: HP) Designed for CIOs, IT managers, data center managers and grid computing architects seeking to improve performance, SAS Grid Computing on the HP BladeSystem c-Class helps accelerate growth and mitigate risks with a simplified, consolidated infrastructure that's agile enough to efficiently handle change. SAS Grid Manager on HP BladeSystem can lower costs through automation, virtualization and improved IT efficiency. Download this white paper  White Papers Read up on the latest ideas and technologies from companies that sell hardware, software and services. Collaboration Tools and Organizational Success Driving Business Success Through Workgroup Choice and Flexibility Boost Productivity While Cutting Costs with Next-Generation Collaboration View more whitepapers

• Microsoft feared Mac vs. Vista comparison in '05, insider e-mails show
• Hosting firm takedown bags 500,000 bots
• Downed Hadron Collider faces $21M in repairs
• More top stories 

The Security Zone With the mobility of employees and the ease with which external devices can be brought in and out of a network, continuing to build your security plan for network servers and clients is a must. Fortunately, there is much that organizations can do to protect themselves from attacks - internal and external. Having the right policies, procedures and server configurations is critical... Learn more in The Security Zone See All Zones

Fired up about IT? Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT – the good, the bad, and the rest of the weird stuff you deal with every day. New baits

"Turning information into a Competitive Advantage" Companies today are realizing that competitive advantage is harder to sustain when based solely on gains in productivity and cost efficiency. The focus is shifting to invest more in business optimization initiatives which rely on trusted information to develop new insights that deliver better business results. But how can this be done efficiently in a business environment across multiple applications and processes. The answer is an Information Agenda - an innovative approach to transforming business information into a strategic asset for competitive advantage. View this webcast now!  See more Webcasts

Steven J. Vaughan-Nichols: The World without Linux DATELINE: WindowsWorld 2008: Microsoft CEO and President, Steve Ballmer was happy as a clam today when he announced, for the 4th time this century, that Longhorn would be released soon. ...[more]