Cebit 07: Vista security 'will not last a year'

Windows Vista will be as vulnerable to rogue code as XP within a year, the co-founder of anti-virus firm Kaspersky predicted at Cebit today.

Eugene Kaspersky also called for an “Interpol of the Internet” to counter a new breed of international high-tech criminals.

His virus analyst Magnus Kalyuki told a press conference that the German equivalent of the FBI had warned of an increase in industrial espionage by Chinese hackers, which had cost on state alone €1bn.

Attacks targeting single companies in this way were particularly hard to tackle because they did not tend to be amenable to generic defences.

Kaspersky, who pointed out that no software is 100 per cent invulnerable, said: “Creating a malware attack is very easy. Fighting it is very hard. We should attack the criminal rather than trying to defend against the crime.”

But the fact that so many attacks were international made it hard to crack down on the perpetrators. A victim in the US would find it very hard to get action taken against a perpetrator in, say, France.

A truly international police force could have any threat countered at source immediately it was traced.

Both Kaspersky and his co-founder, chief executive Natalya Kaspersky, said malware writers would expose the vulnerabilities of Vista within a year.

Natalya said there was only so much that third-party security companies could do, because Microsoft had locked down the kernel with its PatchGuard system, so that the security of Vista rested entirely on the company’s own defences.

She said there were at least three ways for malware to switch off Patchguard, which in any case only worked on the 64-bit edition.

Another point of weakness was UAC – user access control, which keeps prompting users for permission for software or services to do something. She claimed it too was easy to switch off, and in any case many users would simple do so themselves because they would find it so irritating.

She asked: “Will the security improvements in Vista be enough to to compensate for reduced protection from security vendors? The simple answer at this stage is that I don’t know.”

Her partner was less equivocal. “Vista will be as vulnerable as XP within a year,” he said.