Vista holds its own against malware
Vista is a pretty secure operating system, perhaps not as secure as Linux or OSX simply because those operating systems have almost no exploits. But as far Windows goes, Vista is as secure as it gets and I mean that in a good way. You may remember the ANI flaw that affected all versions of Windows including Vista, well; the ANI flaw didn’t do exactly what it was supposed to do because of Vista’s security features though it did cause problems. Vista is safe for now says Computer World.
The ANI flaw was a problem with the animated cursor files in which by downloading an infected file, it would cause Vista to enter a “crash-restart†loop where the only two solutions were to hope safe mode and system restore could fix the problem or a complete reinstall. But the “crash-restart†loop is not what it was designed to do.
This ANI flaw was one of two exploits that tried to skirt circumvent one of Vista’s security features called Address Space Load Randomization (ASLR). ASLR randomizes how the operating system’s memory map is laid out each time it is loaded. Many older exploits on Windows 2000 and XP required that the malware be loaded into the same memory space to function correctly, this is not possible in Vista and is why many older generation spyware can’t run.
When the ANI exploits attempted to go around the ASLR it simply caused a “crash-restart†loop because it had trouble getting into memory. This is also the reason older programs may not run correctly on Vista because even the legitimate ones want to be loaded into the same memory space and that is probably why a number of firewalls and security suites are not yet ready for Vista, a handful are though.
Now that this has come to light, I am left wondering what the real purpose behind the ANI flaw was since all it resulted in was a “crash-restart†loop but had greater things in mind. It is only a matter of time before the malware and spyware writers do find a way to bypass the ASLR security so prepare for it now. Of course, Microsoft should make Vista do something other than enter a “crash-restart” loop when presented with this type of attack but the alternative of what it could do is far worse.
Related Posts:
