01 Dec 2006
Security firm Sophos says three of the top ten malware threats in November are capable of bypassing Microsoft's Windows Vista's security defences and infecting users' PCs.
The Vista-resistant malware - Stratio-Zip, Netsky-D and MyDoom-O - comprise 39.7 per cent of all malware currently circulating.
Sophos tested each piece of malware in the top ten on the operating system that was released yesterday, to establish whether users running Vista without any third-party security software would avoid infection.
The results showed that while the Windows Mail email client (Vista's upgrade of Outlook) could identify and halt all of the threats, Stratio-Zip, Netsky-D and MyDoom-O - each of which are commonly disseminated via email - were able to bypass the defences when accessed via a third-party web email client.
This represents a serious issue for businesses who allow employees to access their personal email at work, as well as for companies that are considering adopting an alternative email client.
'There has been much speculation about whether Vista would render existing malware extinct, and the news is now in - it won't,' said Carole Theriault, senior security consultant at Sophos.
'While Microsoft should be commended for the huge security improvements it has made in Vista, running separate security software is still essential to eliminate the risk of infection. On top of this, cyber criminals will already be looking at creating Vista-specific malware,' she said.
'Users need to think carefully about whether their current solution is going to offer sufficient protection against such emerging threats, given that some vendors continue to experience problems adapting their software for the Vista operating environment,' said Theriault.
What do you think? Email us at feedback@computing.co.uk
Further Reading:
Vista sets sights on 30 November release
So Sophos found that a third party mail app allows in common mail threats. So what? That is not the point of Vista's new security, is it? As much as I dislike Microsoft, you can hardly blame the company for other peoples' code. It is not Microsoft's job to ensure that other apps are secure on its operating system. By extension of this third part app principle - when idiot user inevitably clicks the button that says, 'Do you want to install this third-party software so you can keep watching porn, or get crackz for your gamez etc, while exposing your system to the outside world?' you can bet they will even happily tap in their root password to bypass UAC. Just as they have done for years. The real security issue is a mass of uneducated users for windows. At least OS X and Linux require real technical knowledge and force you into understanding just why you should not click that big red button. Any news on which mail client it was? I bet it was not Mozilla's Thunderbird.
So in summary I think it is important to look at the source of the report. Sophos, which not so long ago was criticising competitor Symantec for not coming up with its Vista product quickly, is now - suprise, suprise - saying that there are leaks in Vista - Do you want us to install your software by any chance Sophos? Is that perhaps what you are driving at?
Posted by: dave 02 Dec 2006
Goodness, people. All you need to do is stop using Insurgent Explorer and rubbish like Kazaa, and your computer will be fine. Every time you go to a web site in IE your computer has sex with the site's computer and every other computer it has had sex with. Start using Firefox and you will stop screaming at your PC. We do not even use any stupid anti-virus or anti-spyware software at our workplaces. We just do not allow people IE or P2P.
Posted by: John Coleman 01 Dec 2006
Have your say on this article
Newsletters
Latest stories from Security Technology
Latest videos
You may also like
Security Technology jobs
Technology Patent Wars
Staff are increasingly using their personal devices for work. Productivity may increase as a result, but the trend brings with it security risks
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
