RealTime IT News

Vista, 3rd-Party eMail And The Malware Mix

Antivirus vendor Sophos ran a little Windows Vista security test. Guess who failed? Third party Webmail providers.

The company selected the ten worst examples of malware  from its top 10 threat list and sent them to a computer running Vista in User mode, which is more restricted and should limit the capabilities of malware on the system.

Windows Mail, the new e-mail client in Vista that replaces Outlook Express, handily stopped all 10 samples of malware. But when the e-mail came through Webmail hosts such as Google  Gmail, Yahoo  Mail and even Microsoft's  Hotmail, three samples were able to infect the computers.

The three viruses, W32/Netsky-D, W32/Stratio-Zip and W32/MyDoom-P, are hardly new. Their lineage traces back to 2004, although, as Yankee Group analyst Andrew Jaquith points out, there are hundreds of variants of Netsky and MyDoom. "It's not one virus, it's a whole family," he told internetnews.com.

The problem, said Ron O'Brien, senior security analyst for Sophos, doesn't lie with Vista but with the Webmail providers. "The security offered by Vista doesn't extend to third-party e-mail clients. What it means is unless you are running a Windows-exclusive environment, using Windows Mail, you clearly have to have overarching support or security," he said.

So, for protecting your network, it might be a good idea to block some of these Webmail-based clients. But, he added, it brings up the whole issue of endpoint control.

Still, that some of these viruses are thriving years after they were first identified means a lot of computers are still not secured. "We see a large number of malware types that are able to survive when all indications are that people can block them," said O'Brien. "So why do they proliferate in the top 10? Someone somewhere is offering them safe harbor, as it were. We can only attribute that to the large number of unprotected PCs out there."

A Microsoft spokesperson defended the service, claiming that the three worms that got by Vista's security relied on social engineering. From that standpoint, it's difficult to make a computer secure from being misled.

Jaquith agreed to a point. "You'd think [end-users] are educated enough to know if they get an attachment from someone they don't know, they should view it with suspicion unless they can trust it. No Vista security is going to protect you from that," he said.

But, he added, "The folks that host Webmail have a custodial responsibility to make sure they are not carriers of viruses, worms or other security problems. At a certain point, the user is choosing to be compromised. On the other side, if you are a carrier, you need to keep your pipes clean."