External Software Can Allow Malware into Windows Vista
While Windows malware cannot affect Windows Vista, third-party e-mail applications could disable the security of the operating system, said Microsoft's co-president for the platform and services unit in a blog message.
Sophos has invited Jim Allchin of Microsoft over a blog debate on whether the security of Vista is greater than earlier Windows OSs, and whether, how and where all viruses, executables and the rest can pass through.
Sophos selected ten most dangerous viruses from November 2006 and after running a test found that three were able to flow through Vista. Allchin however responded that performing the same test on a system with only Windows Vista software will not let any penetration. But that system must not use Windows Outlook.
Allchin concludes his opinion by saying that all software have some element of imperfection. So, making security approach in layers such as using third-party solutions from vendors as Sophos could provide a better defense. This negates the set up with only Vista software.
The study surprised Microsoft because it rates Vista security features among the top benefits of the software. Allchin regards the problem not in Vista but in the e-mail clients that accept .zip files. malware coming into Vista is often through .zip files. He says that while Windows Mail stops executables to run even in .Zip compressed files, other e-mail clients would also do the same by using the API technology in Windows known as Attachment Manager (AM). AM was first introduced in Windows XP Service Pack 2.
The source of the problem is widespread use of Outlook and not Windows Mail. So, it is not the existing malware alone that is of so much concern.
On publication of the report, Microsoft tried to run the Sophos test to find that no single virus could infect an exposed system that runs only application included in the operating system. This was true for Microsoft Mail too.
Allchin emphasized on the possibility of vulnerabilities still popping up in Windows Vista. He advised users to refrain from opening e-mail attachments they suspected and recommended the deployment of firewall and anti-virus software onto their systems.
Related article: Easter May be a Good Opportunity for Scammers
» SPAMfighter News - 27-12-2006