Vista less secure than XP

[joepic]

Security company Kaspersky claimed that Vista's User Account Control (UAC), the system of user privileges that can be used to restrict users' administrative rights, will be so annoying that users will disable it.

Natalya Kaspersky, the company's chief executive, said that without UAC, Vista will be less secure than Windows XP SP2. "There's a question mark if Vista security has improved, or has really dropped down," she said to our sister site ZDNet UK at the CeBIT show in Hanover last week.

Kaspersky provides one of the scanning engines in ForeFront, Microsoft's business security product.

Arno Edelmann, business security product manager for Microsoft, said that Kaspersky's claims were surprising. "We have a thriving community of partners, and Kasperky is one of our best partners," Edelmann told ZDNet UK. "I find their statements a little strange because they have one of the best insights into Microsoft security products."

After being roundly criticised over its security strategy in the past, Microsoft has done a lot of work to improve its approach and has been touting Vista as its most secure operating system. But Kaspersky confirmed that her analysts had found five ways to bypass Vista's UAC, and that malware writers will find more security holes.

Kaspersky also added her voice to Symantec and McAfee complaints that PatchGuard, designed to protect the Vista kernel, is hindering security companies' work.

"PatchGuard doesn't allow legitimate security vendors to do what we used to do," said Kaspersky.

Symantec has claimed that PatchGuard is hurting security vendors more than it was hurting malware writers. Bruce McCorkendale, a chief engineer at Symantec, said: "There are types of security policies and next-generation security products that can only work through some of the mechanisms that PatchGuard prohibits."

Eugene Kaspersky, the company founder, said last Thursday that while vendors had to interact with Vista legitimately, hackers were under no such constraints.

[ssj2_goha]

Not surprised........
upgrade past vista

[Marvingj]

Microsoft did a bad job of securing Vista, came out to soon. Watch for all the Bugs it has....

[JohnnyMalaria]

@joepic

I just love the way you spin articles by using misrepresentative titles - ever thought of work for Apple as an advertising copywriter?

[JohnnyMalaria]

Not surprised........
upgrade past vista

Maybe pushing for Mac sales will make Apple forgive your illegal use of their OS on non-Apple hardware....

[ssj2_goha]

I actually sell mac computers. and the computer i have OSX on is really sucky. and i don't use it all that often....... I actually have to see if it's still installed on it........

[BJ_M]

not really video related news - moving to computer...

[redwudz]

I agree UAC is irritating, and yes, I did shut it off. But I wouldn't recommend that unless you are cautious where you go on the internet and you have good antispyware, antivirus and anti-trojan software installed. I'm also hoping a decent firewall will come out soon. Zone Alarm is working on one and it should be a big seller. Vista's firewall is about useless for outgoing packets.

As an alternative to shutting UAC off entirely you can tone it down quite a bit, and use Firefox for a browser instead of IE. That should improve the security without UAC asking for authorization for every move you make.

[Soopafresh]

Software makers rarely factor in psychology and human behavior. That's why the easiest way for hackers to get passwords is via "Social Engineering" - calling people up on the phone and requesting the information.

[thecoalman]

Symantec has claimed that PatchGuard is hurting security vendors more than it was hurting malware writers. Bruce McCorkendale, a chief engineer at Symantec, said: "There are types of security policies and next-generation security products that can only work through some of the mechanisms that PatchGuard prohibits."

Yea thats the ticket, leave that vulnerability in place so we can continue to sell our product.