Review: Vista, XP Users Equally At Peril To Viruses, Exploits

Printer-friendly version Email this CRN article

After a week of extensive testing, the CRN Test Center found that users of Windows Vista and Windows XP are equally at risk to viruses and exploits and that overall Vista brings only marginal security advantages over XP.

One of Microsoft's big promises with Vista was a more secure operating system. But when stripped to the bare bones and thrown into the wild, wild Web, Vista's security failed to impress Test Center engineers.

Vista remains riddled with holes, despite its multilayer security architecture and embedded security tools. Besides providing no improvement in virus protection vs. XP, Vista brings little or no security gains over its predecessor against such threats as RDS exploits, script exploits, image exploits, VML exploits, malformed Web pages and known malicious URLs, the Test Center found.

Armed with two notebooks -- an HP Compaq 6515b notebook running Windows Vista Business 32-bit Edition with the 256-bit encryption version of Internet Explorer 7 and an HP Compaq nc6400 running Windows XP with the 128-bit encryption version of Internet Explorer 6 -- Test Center engineers probed both OSes with some of the most dangerous exploits known today.

To even the playing field, all of the HP ProtectTools Security Manager tools on both notebooks were shut down. None of the encryption tools and the password-protect options were initialized. In addition, HP's ProtectTools Application Protection Service was not activated. Only the default security features and settings on both OSes were kept.

The Test Center selected Finjan's RUSafe appliance to analyze all HTTP traffic going to both notebooks. RUSafe is more than just a sniffer; it can analyze code behavior and identify malicious files. Engineers used RUSafe's report engine to compare the OSes and, with the help of Finjan and other experts, visited several known hacker sites.

Since the notebooks were running without any security suites, engineers were only able to visually inspect the behavior of each OS after going to a site. No code tracing techniques were used in the OSes. Instead, Finjan's RUSafe appliance provided the records of what passed to each notebook.

Here's what we found:


The Finjan RUSafe appliance detected 20 instances in which viruses were found in Web sites, suspicious file types, spoofed content on Web sites, worms and executables.

For instance, the Mal/EncPK-F virus and the W32/SillyFD-AB worm penetrated both OSes without detection.

None of the files were blocked by either OS. Both OSes failed to detect illegitimate archives and some binary objects that were not digitally signed.


Vista's Windows Defender, which is designed to detect various malware, gives the new OS a slight edge over XP when detecting spyware and adware sites.

For instance, Vista was able to pick up one of the IEPlugin spyware. Yet not all variants of the same spyware were detected through IE 7. In fact, three passed through undetected. Vista also missed the HotBar spyware signature. XP with IE 6 missed all of the sites with spyware. Most of the spyware came from pornography and hacker sites found through Astalavista's portal.

Surprisingly, Vista was able to detect adware built into the Zango player, which is typically used for playing porn videos. Even so, the current version of the Zango player could not run on Vista. XP did not provide any warnings about Zango.

Next: Some Deadly Trojans

Printer-friendly version Email this CRN article