Symantec’s Vista research not so damning after all

Despite their best efforts to highlight problems with the security features Microsoft has added in Windows Vista, Symantec researchers are admitting that much of the work done to protect the new OS is pretty effective.

Speaking at the Black Hat DC 2007 conference last week, Ollie Whitehouse, a researcher with Symantec’s Security Response team, walked show attendees through the various tests he and his team put Vista through.

Whitehouse specifically focused on research his company compiled on two technologies — Vista’s anti-buffer overflow system, known by its flag name “GS,” and the product’s address space layout randomization (ASLR) feature — which is designed to obscure programs stored in the OS’ memory to make it harder for attackers to locate any vulnerabilities in the programs.

And while the researcher isolated specific problems with each system — namely an ability to predict which types of files might or might not be protected by GS, and a malfunction in ASLR that limits some of the tools’ randomization capabilities — in outlining the issues Whitehouse repeatedly noted that the features worked better than he had originally expected.

The problem with GS is that a hacker could potentially find the types of files it does not protect and attack them, which is hardly an indictment of the technology itself. The ASLR problem has been reported to Microsoft — who said it would fix the glitch whenever it produces a Service Pack 1-type follow up to the OS — which again doesn’t represent damning criticism given that the tool appears to work fine otherwise.

In leafing through all four of the Vista reports produced thus far by Symantec’s research team — which are to be followed by a new report due today from the AV software maker regarding the security implications of changes made by Microsoft in the OS’ network stack — it’s actually pretty clear that Microsoft’s overall security efforts with the product have been pretty successful.

For another example of the type of back-handed compliments sprinkled throughout the reports you can look to the section on Vista’s kernel patch protection (KPP) features, inarguably the most controversial set of tools added by Microsoft, which touched-off a massive row between the software giant and many third party Windows security vendors, led by Symantec.

While Symantec contends that the KPP features, which are aimed at blocking root kits, can potentially be circumvented, it also notes: “The implementation of these protections achieves many of the security goals that Microsoft had envisioned.”

So there you have it. Symantec concedes that Microsoft has been proven to be fairly successful with most of the security measures it attempted to take in Vista.

Meanwhile, Symantec, and most others — including Microsoft, maintain that Vista users still need additional protection in the form of aftermarket security applications.

At the end of the day the only argument in this whole scenario that really appears to rage on is which of the two companies you’ll choose to buy those tools from in the future.