The planned release of Vista at the end of January has provoked a great deal of speculation about its expected impact on hackers. Vulnerabilities in Windows and its related Office suite of applications have been the primary targets of hackers and criminal data seekers for years.
Microsoft claims that Vista will offer completely new, more secure core components. Will virus writers and other attackers turn away from Windows users in search of new victims who use other operating systems and cross-platform applications?
Until now, users of those other operating systems — such as Unix, Linux and Mac OS — have enjoyed nearly attack-free computing. Could that come to an end if Vista makes gains among users?
Open Invitation
The worldwide domination of Microsoft products has driven the criminal fringe to find vulnerabilities and use them to deliver viruses, spyware, and other malware designed to steal data.
Microsoft officials have been touting Vista’s “ironclad” internal design as a new model for computing security that could reduce the need for third-party security products.
Although Vista may reduce the likelihood of attacks, it will remain squarely in the hackers’ crosshairs, according to security experts.
Attacks are based solely on market share, according to Roger Thompson, CTO of Exploit Prevention Labs, who does not anticipate a major change in the attack profile on operating systems.
“Spyware and adware is a business, and the bad guys make money out of it. I expect they’ll continue to find vulnerabilities, even if at a slower pace than currently,” he told TechNewsWorld, adding, “I expect they’ll find ways to social engineer their way into Vista PCs.”
The most significant benefit from a wide adoption of Vista is that most of the current rootkits probably will not work. “Most malicious Web sites currently install rootkits, and Vista will be a welcome blow to them,” Thompson added.
Vista Ground Zero
Only an insignificant number of hackers and virus writers will flee Vista and move to Linux and Mac machines, claimed Dale Laushman, CTO of the Uptime Group.
Virus writers will not flee Vista, he contended, because they are driven by ego. “Since the most damaging viruses make it into the press, which feeds the ego with anonymous notoriety, a virus writer will typically design his virus to target the largest number of systems to inflict as much damage as possible,” he said.
Microsoft has a lot riding on its new security features in Vista, according to Ed Moyle, a security services manager at CTG. However, he does not think that tighter security will necessarily make Vista a less appealing target for attackers. Instead, he expects Vista to be the top target for attackers going forward.
“Microsoft is the most widely used OS platform. Researchers who are interested in ensuring a wide audience for the issues they find are likely to continue to target Microsoft — and particularly Vista — as vulnerabilities located in this platform are likely to generate press and thereby readership for their research,” Moyle explained.
Legitimate Alternative
“We’ve already seen several security threats and viruses appear in Linux and Mac OS solely as a function of their gains in market share,” noted Patrick Gray, president of Prevoyance Group. “There are enough Linux and Mac computers running that it is now worth a virus writer or cracker’s time to attack these systems.”
Others concurred with Gray. “The Linux world will face increasing exposure as an attack target. Linux is becoming more dispersed and is becoming used more on desktops,” suggested Jeff Huegel, CSO of business applications provider USi.
There is some truth to speculation about hackers switching targets after Vista is released, agreed Helmuth Freericks, CTO at Authentium. Cybercrime is the fastest growing criminal activity involving computers. As such, cybercriminals will branch out where enough common targets exist, he said.
“Linux is growing its base of users, but Windows still is a huge target,” he added.
Cross-Platform Risks
Even if hackers do not flee Vista in droves for alternative operating systems, they are already looking at using software that plays on multiple platforms as new attack vectors.
“We have seen an increase in attacks on cross-platform applications in the last 18 months,” confirmed Patrick Hinojosa, CTO of CyberDefender. “If attackers can find a popular cross platform, then it could be a threat.”
However, even when an application such as Office — both Windows and Mac versions — is a common exchange point, attackers still have to deal with existing OS issues. “I can see that being done,” said Hinojosa.
While CTG’s Moyle does not deny that cross-platform attacks may grow into a serious security threat in the wake of Vista, he does not see it as a sure bet.
“From a cross-platform exploitation perspective, I don’t think it is likely that we will see much in the way of security incidents impacting multiple platforms going forward,” he said.
“We might see a continuation of issues that impact multiple platforms because they share underlying source code — for example, Mac OS X and BSD,” Hinojosa continued. “This is different from what some have suggested. It is more likely that we will see a rise in cross-platform attacks that are equally viable on multiple platforms.”
Show Me the Money
The bottom line with Vista or any other potential target for hackers is the money. “Attackers are looking for financial gain. This requires massive e-mail [operations]. Attackers need large-scale recipients of infected code,” Hinojosa said.
Therefore, the issue is not which OS is more secure than Vista. The problem is user numbers. In the home computing arena, only 1 percent of users run Linux and 10 percent have a Mac; the rest use Windows, claimed Hinojosa.
Even if an OS is less secure than Vista, there is not enough return on investment for criminals to switch tactics and go after other platforms, he concluded.
Loading ...
This article cites several experts that base their opinions on several assumptions:
1. Vista will be immediately and widely migrated to.
2. Linux and Mac OSX could be just as easily targeted notwithstanding architecture differences, which has made attacks all but impossible.
One thing that the writer completely ignores, probably is unaware of, is the way in which software is installed on Linux distributions, which is in and of itself an additional security layer, that simply does not and can never exist on a windows os.
I’m not sure what you mean when you say ‘which is in and of itself an additional security layer, that simply does not and can never exist on a windows os.’
are you referring to packaging applications with distros? This is done with Windows as well. OEM’s build images using WinPE and can pre-load whatever software they want, with or without preinstall images.