Hi-tech criminals are looking forward to the consumer release of Windows Vista, say security experts.
Vista will be the big event in computer security in 2007, say experts and add that it will have a profound effect on both sides of the security world.
Many organised crime gangs are already tearing the new version of Windows apart looking for ways to exploit its weaknesses, say some.
Others are expecting to see Vista attacked soon after it debuts.
Fresh target
While Microsoft's business customers have been able to buy Vista since 30 November, consumers are being forced to wait until late January 2007 to get their hands on the next version of the Windows operating system.
Microsoft has said that the whole development process of the operating system has been run with better security in mind.
Within Vista are several technologies that could stop many people falling victim to the most common sorts of malicious attack, said Kevin Hogan, director of security operations at Symantec.
In particular, he said, the way Vista handles user accounts will limit the freedom malicious programs have to run and install themselves surreptitiously.
Increasingly, said Mr Hogan, hi-tech criminals were booby-trapping benign looking webpages with code that slips through vulnerabilities in the various versions of Windows. It should also help stop people being caught out by malicious attachments on e-mail messages.
"That'll deal with a lot of the current threats we are seeing," said Mr Hogan.
Mikko Hypponen, chief research officer at security firm F-Secure, said the warnings that these account controls display when malicious code tries to install itself will prove useful.
"It'll become much more obvious when they get infected," he said.
But, said Mr Hypponen, as well as stopping some of the threats hitting users, Vista is also likely to spur many hi-tech criminals to step up their research efforts and translate their old malicious wares to the new software.
"None of the existing bots, backdoors, trojans in general run on Vista," said Mr Hypponen.
Already security experts are seeing exploits for Vista vulnerabilities being sold on underground websites and proof-of-concept code appearing on discussion boards.
Gerhard Eschelbeck, chief technology officer at security firm Webroot, said he expected the hi-tech criminals to start exploiting the many ways that Vista tries to warn people about security threats.
He said it was only a matter of time before cyber criminals find a way to mimic the security warnings that Vista uses to try to trick people into installing a malicious program.
"They are thinking how to attack the user directly rather than try to penetrate the applications," he said.
Old iron
While Vista might help many users stay safer online, many criminals would be happy targeting the tens of millions of people who own older versions of Windows, said Mr Eschelbeck.
In 2007 he said he expected to see malicious code turning up on many different types of sites - many of which looked completely benign.
Those behind malicious programs were also more interested in having their creations hang around longer, said Mr Eschelbeck.
"The goal is to stay undetected for a long time," he said. "It's being driven by people looking for financial gain."
The diversity of the hi-tech underground was also shown by the new targets many were going after, said Paul Davie, chief executive of security firm Secerno.
He said many hi-tech criminals were now targeting web shops that use a database to handle orders in a bid to steal valuable information they can sell or use.
Many attackers, he said, were using sophisticated techniques to squeeze information out of databases.
"These attacks - examples of which include hackers exposing hundreds of thousands of credit card numbers worldwide - certainly will increase sharply in 2007," he said.
"The security sector is coming to terms with the fact that it is dealing with highly financially motivated, technologically advanced and professional database infiltrators," he said.
Written by Mark Ward Technology Correspondent, BBC News website
Tuesday, July 31, 2007
SF Municipal Wi-Fi Wait Grows
The next crucial votes on San Francisco's municipal Wi-Fi proposal will be delayed until next month while chosen contractor EarthLink Inc. becomes increasingly skittish about building wireless networks for cities.
After a request by EarthLink, Board of Supervisors President Aaron Peskin plans to push back votes currently scheduled for this week until well into September. Peskin has proposed amendments to EarthLink's proposed contract with the city that could help move it through the board, which has final approval on the network plan and has been sharply divided.
Peskin said late Monday he plans to move a vote by the board's Budget and Finance Committee to Sept. 12. That committee vote, on whether to send the plan on to the full board, had been set for Wednesday after several earlier delays. Meanwhile, the full board had been set to vote Tuesday on whether the project should continue to be exempt from an environmental impact report. Its vote, also postponed several times, would be pushed back to Sept. 11.
San Francisco's municipal Wi-Fi project, originally proposed in 2004, is one of the most closely watched in the U.S. It would include a paid service provided by EarthLink and a slower, free service from Google Inc. The plan has run into a thicket of objections concerning privacy, health, quality of service, help for disadvantaged residents, the city's role, and the process of conceiving and approving the project. Plans elsewhere in the country, including in Philadelphia and Sacramento, California, also have run into problems and delays.
Meanwhile, EarthLink has scaled back its nationwide plans for municipal Wi-Fi networks as it grapples with the vagaries of this new type of business and with its own financial problems. Last week, EarthLink's recently appointed president and CEO, Rolla Huff, said the company's municipal network business as currently conceived can't make enough money. The business is now under review.
"Until we're confident that we can build new networks and get an acceptable return, we will delay any further new buildouts," Huff said on a conference call following EarthLink's second-quarter earnings report. The company lost US$16.3 million in the quarter, which ended June 30.
EarthLink now plans to ask cities that want municipal networks to sign up as anchor tenants, committing themselves to buying service for their own operations, Huff said.
San Francisco isn't ready to become such a tenant, according to Peskin, who said EarthLink raised the issue with him several weeks ago and he ran it by city IT officials. The government doesn't have enough Wi-Fi equipment to make use of the services it would be buying, he said.
"We still have people filling out paper in the police department," Peskin said. "Someday we'll get there, and the city could be a user, but it's not, at this point, the best use of our money."
Written by: Stephen Lawson, IDG News Service
After a request by EarthLink, Board of Supervisors President Aaron Peskin plans to push back votes currently scheduled for this week until well into September. Peskin has proposed amendments to EarthLink's proposed contract with the city that could help move it through the board, which has final approval on the network plan and has been sharply divided.
Peskin said late Monday he plans to move a vote by the board's Budget and Finance Committee to Sept. 12. That committee vote, on whether to send the plan on to the full board, had been set for Wednesday after several earlier delays. Meanwhile, the full board had been set to vote Tuesday on whether the project should continue to be exempt from an environmental impact report. Its vote, also postponed several times, would be pushed back to Sept. 11.
San Francisco's municipal Wi-Fi project, originally proposed in 2004, is one of the most closely watched in the U.S. It would include a paid service provided by EarthLink and a slower, free service from Google Inc. The plan has run into a thicket of objections concerning privacy, health, quality of service, help for disadvantaged residents, the city's role, and the process of conceiving and approving the project. Plans elsewhere in the country, including in Philadelphia and Sacramento, California, also have run into problems and delays.
Meanwhile, EarthLink has scaled back its nationwide plans for municipal Wi-Fi networks as it grapples with the vagaries of this new type of business and with its own financial problems. Last week, EarthLink's recently appointed president and CEO, Rolla Huff, said the company's municipal network business as currently conceived can't make enough money. The business is now under review.
"Until we're confident that we can build new networks and get an acceptable return, we will delay any further new buildouts," Huff said on a conference call following EarthLink's second-quarter earnings report. The company lost US$16.3 million in the quarter, which ended June 30.
EarthLink now plans to ask cities that want municipal networks to sign up as anchor tenants, committing themselves to buying service for their own operations, Huff said.
San Francisco isn't ready to become such a tenant, according to Peskin, who said EarthLink raised the issue with him several weeks ago and he ran it by city IT officials. The government doesn't have enough Wi-Fi equipment to make use of the services it would be buying, he said.
"We still have people filling out paper in the police department," Peskin said. "Someday we'll get there, and the city could be a user, but it's not, at this point, the best use of our money."
Written by: Stephen Lawson, IDG News Service
Subscribe to:
Posts (Atom)
