Symantec released its first three major papers on Vista security today, with three more to come. The first, called “Preventing Overflows”, discusses how Vista attempts to reduce buffer overflow attacks via its GS stack protection mechanism.
The second paper, “Shuffling the Deck”, is about the new Named Address Space Layout Randomization. This is basically what Vista does to make the memory locations of system libraries more difficult to predict. ASLR, along with Data Execution Prevention, make it harder to exploit existing vulnerabilities; it does not actually eliminate them.
Finally, the last paper has the intriguing title, “Does Today’s Malware Matter on Vista?” – I’m guessing the answer is yes. Here, Symantec attempts to measure Vista’s immunity to malicious code by bombarding it with attacks and seeing how it reacts. In particular, they look at four new features: user account control, virtualization, Windows Firewall, and Windows Defender.
The bottom line:
The majority of this malicious code targets Windows XP and previous versions of Microsoft Windows. As a result it was found to be much less effective when executed on Windows Vista. As Windows Vista becomes widely deployed, we expect that attackers will adapt to its new environment. As we have shown, threats can already execute within the confines of Vistas more restricted environment.
Keep in mind that Symantec is not exactly happy with Microsoft right now. They think Vista is encroaching on their turf with its built in security features, and they even sued to prevent the operating system’s release. Also, Symantec’s anti-virus software is specifically not in Vista’s official list of supported software, which has been quite the sore spot.
