Symantec Explains Weakness in Vista Firewall
Microsoft Windows Vista firewall is susceptible to compromise that could result in a number of prohibited functions, revealed a new research by Symantec.
This could be embarrassing to Microsoft, which canvassed Vista to have the highest security status among all the Microsoft's operating systems, so far. The software maker has added a host of new security features that also include an advanced firewall.
Orlando Padilla, a member of Symantec Security response team challenged that efficacy of Vista's firewall when he wrote a study on a blog post about how well Vista fares with current malware. The study was released during the first week of March this year.
Padilla explained in the blog on Symantec's Web site that Microsoft has configured its Vista operating system to stop by default all third-party and unrecognized network communications. But if anyone clicks on the 'Unlock' button, the function would not work.
Padilla said the problem with the unblock button is that someone who has managed to acquire the same privileges as a normal user can access it. An attacker with such unauthorized privileges can create vulnerability in the firewall, and exploit it to inject a malicious code, he wrote on the post.
Javier Santoyo, manager of development in Symantec's research team argued that corrupting a firewall is not unusual, but Microsoft possessed the ability to enhance the firewall's power by employing its Vista and User Account Control (UAC). The issue is that Microsoft hasn't used that opportunity; Santoyo said in a statement that TECHWORLD published in March 2007.
Santoyo gave an additional interpretation of the problem. While Vista's firewall arrests all unreliable network traffic if the user does not click the unblock button, it is not difficult for attackers to inject malware so that the code stealthily clicks the button. Alternatively, they could code malware so that a responsive user could click the button, he said. Now it is possible for rival firewall vendors to approach in the same line, Santoyo said.
Assuming an attacker can exploit the firewall unblock button, the features to create a bot is now also present, Padilla wrote in his study paper.
» SPAMfighter News - 21-03-2007