Sunday, November 8, 2009

Windows Defender in Windows Vista

Windows Defender is Microsoft’s anti-spyware program, which it purchased from Giant and re-badged. An examination of the effectiveness of this product is beyond the scope of this article. One excellent feature, however, is that WD (who else wishes they had called it Windows Malware Defender – WMD?) does tell the user in good
detail every time a program (even a legitimate one) takes certain actions, such as writing to the registry. For the informed user, this is useful information.

What is most interesting, though, is that despite all of the other measures taken in Vista to preserve system integrity and reduce the attack surface for malicious exploiters, there is still a need for a standalone (albeit bundled) application
which is dedicated exclusively to dealing with undesirable programs. This, more than any other indication, is tantamount to an admission that Microsoft does not believe
that the new security controls in Vista are going to solve ‘the virus problem’.

The fact that Microsoft is also now firmly in the anti-virus game with its repackaged version of RAV, is another tacit recognition of this fact.

SO FAR, SO GOOD ... SO WHAT?

So, what is the impact of the new security features on ‘the virus problem’? Windows Defender will clearly have some impact – as will user access control. It may also be the case (as it was with Windows 9x and Windows NT) that, initially, a large tranche of older malware will be rendered useless on the Vista platform. Clearly that is a good thing, but history shows us that eventually the bad guys catch up, and soon it’s
business as usual in the malware creation world.

In recent years there has been a massive trend towards criminal exploitation of malware, and this has meant huge amounts of money being invested in malware development. Just as, in the laboratories of every anti-malware software vendor on the planet, there are many people scurrying around trying to get a product out that will work on Vista, there are as many people (maybe even more) out there who
have the money to create their own infrastructure and hire malware authors with the express purpose of bringing Vista to its knees.

Recently we have seen direct malicious exploitations of zero-day vulnerabilities in MS Word and MS Excel, and there is no slowdown in the number of vulnerabilities being
found. It is almost a certainty that in Windows Vista (as in any sufficiently large piece of code) there are vulnerabilities waiting to be found, or perhaps which have already been found, and are now waiting hungrily for a few bytes of exploit code.

If the end result of the laudable new measures in Windows Vista is that the user feels, like so many misguided GNU/Linux and Mac OS users, invulnerable to attack from
either viruses or the plethora of other undesirable software attacks, particularly ones that employ social engineering techniques, then we will have moved backward rather than forward.

Users of any operating system have a responsibility to educate themselves about the dangers of using their systems, and the realistic possibility that, if they do not, at some point they will fall prey to an attack.

No comments:

Post a Comment