News 

'This report confirms our worst fears; the computer underground is pouncing on the Windows source code in search of new attack methods,' comments Eugene Kaspersky, Head of Anti-Virus Research at Kaspersky Labs. 'The speed at which the first discovery appeared forces us to seriously re-evaluate the immediate future of the Internet.'

The flaw remains in place while Microsoft rushes to put together appropriate patches to shore up the operating system, but the fact that the source code has been leaked at all makes analysing the code for vulnerabilities that much more speedy and easy. Previously, virus writers would have needed time to probe for vulnerabilities or be lucky enough to stumble across one.

'From now on, we can expect a similar surprise any minute,' said Kaspersky.

While viruses exploiting the flaw have not yet been seen, it would be possible to infect a computer through this vulnerability not only by incorporating a bmp image in an email but also online. However, the leaked code comes from Windows NT and 2000, and this latest vulnerability only affects XP users that have not installed Service Pack 1.

But even so, the source code leak raises some serious questions over security. Denis Zenkin, Head of Corporate Communications, Kaspersky Labs told us: 'The most probable attack scenario concerns the replacement of standard Windows modules (for instance WINSOCK - module for network communication) with a modified one (carrying malicious code) on a target computer. This way, malicious code may give rise to a new generation of stealth viruses: it may intercept the anti-virus API so that anti-virus software cannot scan infected files.

'The process of injecting binary code would still involve a delivery means: e-mail, Internet, P2P networks, etc. But the other side of the source code leak is that the virus-writers can use a security breach to plant the malicious system binary code - this method is much more efficient, rather than a traditional social engineering when a user needs to launch a file manually.'

If the standard API that all antivirus companies use is blocked by malicious code, then potentially antivirus software as we know it may become obsolete and will have to be rewritten to use alternative methods

ADVERTISEMENT

for catching viruses.

Zenkin suggested that these methods may be more complicated than the average consumer will put up with. 'There are some: integrity checkers, behaviour blockers. However, file scanning is still the most wide-spread and user-friendly. For instance, behaviour blockers require a certain level of knowledge from a user, because he or she needs to decide whether an action is malicious or not.'

Other alternatives may also be far more intrusive than those currently in use, involving the 'integration [of antivirus software] into the operating system at a deep level'.

'There are always alternate ways of file intercepting,' added Zenkin. 'However, with Windows some legal issues may arise as they may classify these methods as "illegal hacking", without paying attention that the anti-virus vendors are just taking care of their customers' security.'

There is of course an operating system that will never suffer from a source code leak. Open-source platforms, such as the GNU/Linux operating system, makes the source code publicly available anyway. And although widely regarded as a more secure system than Windows it is far from impregnable.

Kaspersky was the first vendor to introduce a full virus protection suite for Linux in 1999 and even two years ago was detecting a new Linux virus almost every week. 'In my opinion, open source would not help better Windows security - in fact quite the contrary,' said Zenkin.

However, rise in interest in and adoption of the platform has yet to be mirrored by virus activity. Zenkin told us: 'Surprisingly, the amount of Linux-based viruses is not increasing. Moreover we have not registered any major outbreak caused by these viruses for decades. But the rate is still nearly the same - three to four Linux viruses per month.'

Development of the Linux kernel relies on a peer review methodology, where the code passes under the eyes of literally hundreds and thousands of developers on its way to its final form.

That's not to say that there aren't any potential access points,' said Jasmin Ul-Haque, SUSE's Director of Marketing and PR, 'But anything that is discovered is rectified very quickly. The speed of fixing any holes is much faster than with proprietary systems.'

Security breaches of servers that hold the code have occurred in the past, but have indeed been fixed in a matter of days, and a sophisticated system of version tracking is employed to point out changes that have been made.

Zenkin agrees that open or proprietary, the platforms of the future need to be developed with much closer attention to maintaining their integrity. 'Operating systems need to have a kind of a reliable self-checking technology to prevent the replacement of system modules. Windows already has some but unfortunately there are still ways how to bypass them.'