Chapter 7. Vista Client Protection

Windows Vista is designed to prevent the local execution of malicious mobile code. Chapter 7 discusses Microsoft's newest initiatives against malware programs, including the Malicious Software Removal Tool, Security Center, Windows Defender, Windows Live OneCare, and Microsoft Forefront Client Security.

Popularity of Client-Side Attacks

Client-side exploits are always a popular type of malicious attack. However, the present focus on using them for profit is unprecedented. The Microsoft Antimalware Team revealed the following statistics in a free white paper (www.microsoft.com/downloads/details.aspx?FamilyId=47DDCFA9-645D-4495-9EDA-92CDE33E99A9&displaylang=en) based upon the results from Windows Malicious Software Removal Tool (MSRT), which ran over 2.7 billion times on over 270 million unique computers. Some of the findings are as follows:

  • High-risk malware is found on 1 in 311 computers (i.e., 5.7 million computers)

  • 3.5 million computers had a backdoor Trojan (or 62 percent of infected computers)

  • 9 percent of infected computers had a malicious rootkit

  • Bots (Rbot, Sdbot, and Gaobot) compromise three of the top five popular malicious removals

The detection rate of malicious software (1 in 311 computers) is drastically lower than the overall malware prevalence rate because MSRT does not check for spyware, adware, phishing e-mails, malicious links, and any malware not present in memory (for example, script worms). In light of these findings, it's likely ...

Get WINDOWS VISTA™ SECURITY: Securing Vista Against Malicious Attacks now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.