Other approaches

Members of another class of security products try to resist new threats by changing the user's computing environment to limit damage from a successful invasion. Some (like GreenBorder Pro) create a "sandbox," or virtually walled-off environment, for frequently targeted programs such as Web browsers and e-mail clients. An attack might break through IE, for instance, but any attempt to install spyware or make other malicious changes would not escape the sandbox.

Other programs, in lieu of creating a virtual environment, modify users' rights so as to remove an application's ability to make deep system changes. This category of utility includes the free DropMyRights applet from Microsoft.

Still other types of programs, such as the free VMWare Player, install a distinct, encapsulated operating system that includes its own browser. The cordoned-off browser is completely detached from your regular computing environment.

Windows Vista introduces several security updates that work along some of the same lines. But no one thinks software vulnerabilities or zero-day exploits are going to disappear. Unfortunately, the established black market for stolen data and unwitting spam-senders all but guarantees that criminals will continue to find ways to profit from malware misery.

Nevertheless, David Perry, global director of education for Trend Micro, remains cautiously optimistic about the future state of Internet safety. "I believe eventually we will get the Web to the point where threats are just a nuisance," he says. "But that isn't coming this year."

Zero-day defense in Microsoft's new OS

How well will the much-touted new security features in Windows Vista protect you from a zero-day attack? Better than you might think.

The key new feature may be User Account Control, which changes user account permissions in Vista. As a matter of convenience--since administrator privileges are required for many common system tasks--almost every home user runs Windows XP under the administrator setting. But attackers can take advantage of the setting's carte-blanche rights to make major modifications to a system, such as by installing malware-hiding rootkits.

In contrast, the default Vista user account occupies a middle ground between an anything-goes administrator account and a hands-tied guest pass. Microsoft has tried to make the change more palatable by authorizing standard account holders to perform some routine system tasks such as printer driver installation, but power users are already complaining about having to click through too many User Account Control prompts that demand an administrator password.

Also, Internet Explorer by default runs in a protected mode with the fewest permissions possible. This arrangement limits the havoc that a zero-day exploit capable of hijacking IE (such as the WMF or VML exploit) could wreak on your PC.

Finally, Vista ships with Windows Defender, which can block malware attempts to add entries to the startup folder--for example, in the guise of baseline antispyware. The operating system also shuffles the locations at which libraries and programs load into memory, so malware that attempts to find and change the system's most important processes will have to hit moving targets.