Symantec, McAfee under-prepared for Vista

Symantec and McAfee "should have prepared better" for Microsoft Vista, rival IT security firm Sophos claims.

Symantec and McAfee have made high-profile complaints that they are being "locked out" of the Vista operating system kernel by Microsoft`s PatchGuard technology. It is claimed that this allegedly anti-competitive move by Microsoft will prevent security firms from developing host intrusion prevention systems (HIPS) for Vista to protect against new malware.

However, Sophos argues that its approach to HIPS technology has met with no problems on both the low-spec and high-spec versions of Windows Vista. In addition, Sophos claims that Microsoft has so far provided all the interfaces that Sophos needs for providing this form of protection.

"Symantec and McAfee may be struggling with HIPS because they haven`t coded their solutions with high-spec Vista in mind," said Richard Jacobs, CTO of Sophos.

A new Trojan takes the unusual self-defence step of installing anti-virus (AV) software to scrub the victimised PC of competing malware, a security researcher said.

According to Joe Stewart of Atlanta-based SecureWorks, the SpamThru Trojan adds a pirated copy of Kaspersky Lab`s AntiVirus for WinGate to a cloaked folder on the compromised machine. The illegitimate AV program scans the system for malicious code - passing over SpamThru`s own files and then deletes what malware it finds when the PC next boots.

Typical Trojan techniques stop at disabling existing AV software, preventing AV products from retrieving signature updates, and to defeat the competition, blocking specific pieces of malware. "SpamThru takes the game to a new level," said Stewart in an online brief posted last week on the SecureWorks` Web site. "Ten minutes after the download of the DLL, it begins to scan the system."

The Internet Industry Association (IIA) has launched its GetNetSafe scheme, which aims to increase the awareness of online security, and spyware, in particular with Australian Internet users, reports PC World.

The programme targets all home users, including families and small businesses, and is being run as a part of the National E-Security Awareness Week that will run through to 27 October.

Undetected spyware could track users` behaviour on the Internet, record passwords and other sensitive information, and cost users speed and bandwidth by using infected computers to send out large volumes of spam, the IIA warns.