Vista Only Marginally More Secure Than XP, Research Suggests
Independent security tests performed by CRN.com suggests that Windows Vista is only marginally more secure than Windows XP. CRN spent a week testing both operating systems against various Trojans, viruses and various exploits.
The tests were performed with Windows Vista Business on an HP Compaq 6515b notebook with Internet Explorer 7 (IE7) and an HP Compaq nc6400 with Windows XP with Internet Explorer 6 (IE6), both using the default security features and settings.
Finjan's RUSafe sniffer tool (a security tool that sniffs live traffic and generates logs that can be analyzed to help protect you against malicious web based attacks) was used to help analyze the data.
The computers were tested in 6 areas: Viruses, Spyware and Adware, Trojans, Remote Data Services (RDS) exploits, Vector Markup Language (VML) and other image file flaws, spoofing and testing and phishing.
Viruses
The Finjan RUSafe sniffer tool detected 20 instances of viruses detected in web sites, including suspicious file types, spoofed content, worms and executable files.
One virus and one worm were undetected by either operating system and none of the files were blocked by either operating system.
Spyware and Adware
Windows Defender, built into Windows Vista did pick up one IE Plugin spyware, but not all the variants of the same spyware were prevented by IE7. A few of the sites with spyware were undetected by IE7. The Windows XP machine with IE6 missed all of the sites with spyware.
Trojans
2 Trojans were tested with each system. Vista blocked one, warning that the file might cause problems, but missed the other one. XP gave similar warnings but allowed the engineer performing the test to run both.
Remote Data Services Exploits
RDS exploits are used by computer hackers to run denial-of-service (DOS) attacks to paralyze systems. Vista detected one RDS ActiveX exploit, but missed four others. XP failed to detect any of the RDS exploits.
Image files, spoofing and scripting
Vector Markup Language (VML) and other vector-based images are used to allow hackers to execute remote code. Both systems failed to block spoofed content and and vector-based images that used embedded scripts.
Phishing
Simply put, phishing is usually a type of email scam used to entice people into going to web sites that appear to come from trusted companies, asking for verification of certain information, such as passwords, account numbers, etc. in an attempt to steal your identity.
IE7 provides an extra security layer with a built-in phishing filter. When you surf to sites suspected of using phishing techniques, the filter turns red and you have to click on it to continue. IE7 failed to connect to Microsoft's security site several times. Also noted was the fact that several of the bots produced by various forms of malware kept trying to access remote hacking sites. Vista didn't stop that activity. XP with IE6 produced one pop-up warning.
After the testing was finished, both test machines were almost equally damaged by viruses, Trojans and other malware.
As noted by arstechnica, there was no mention of Vistas User Account Control, an extra "security" enhancement, designed to warn users when software attempts to access certain components.
By default, IE7 in Vista runs in protected mode which would force scripts to run at restricted privilege levels, unlike XP which allows scripts to run at administrator level. Theoretically, protected mode should alleviate the damage to a certain extent.
It would also have been nice to know exactly what happened after the malware attacked the systems. A little more information is needed to accurately compare both systems.
However, one thing remains perfectly clear. Regardless of which OS you're using, it's very important to have security measures such as regularly update antivirus and antispyware programs in place.
Visit Bill's Links and More for more great tips, just like this one!
Most popular articles
- Which Processor is Better: Intel or AMD? - Explained
- How to Prevent Ransomware in 2018 - 10 Steps
- 5 Best Anti Ransomware Software Free
- How to Fix: Computer / Network Infected with Ransomware (10 Steps)
- How to Fix: Your Computer is Infected, Call This Number (Scam)
- Scammed by Informatico Experts? Here's What to Do
- Scammed by Smart PC Experts? Here's What to Do
- Scammed by Right PC Experts? Here's What to Do
- Scammed by PC / Web Network Experts? Here's What to Do
- How to Fix: Windows Update Won't Update
- Explained: Do I need a VPN? Are VPNs Safe for Online Banking?
- Explained: VPN vs Proxy; What's the Difference?
- Explained: Difference Between VPN Server and VPN (Service)
- Forgot Password? How to: Reset Any Password: Windows Vista, 7, 8, 10
- How to: Use a Firewall to Block Full Screen Ads on Android
- Explained: Absolute Best way to Limit Data on Android
- Explained: Difference Between Dark Web, Deep Net, Darknet and More
- Explained: If I Reset Windows 10 will it Remove Malware?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.