SuperSite Blog : Security, Commentary

As Expected, Security Software Makers Mock Microsoft's Free AV

pthurrott — Wed, 30 Sep 2009 14:17:08 GMT

You had to see this one coming. They did it when Microsoft shipped Windows Live OneCare and then raced to create their own me-too products. But what will Symantec and McAfee do now that Microsoft is providing Windows users with free AV? Whine, of course. IDG News reports:

"Security Essentials won't change anything," said Jens Meggers, Symantec's vice president of engineering. "Microsoft has a really bad track record in security," he added, ticking off several ventures into consumer security that the giant has tried, including Windows Defender, an anti-spyware tool bundled with Windows Vista and Windows 7; the released-monthly Malicious Software Removal Tool; and OneCare.

I'd remind people that Symantec still sells its OneCare rip-off, Norton 360, right next to its normal Norton AV and Norton Internet Security suites. You know, it's the same. But different.

In a company blog, another Symantec employee called Security Essentials a "rerun" of OneCare, and said: "At the end of the day, Microsoft Security Essentials is a rerun no one should watch."

Ah boy. I wonder if that guy works on Norton 360.

I think Microsoft Security Essentials is excellent, but then I also exercise common sense online. From what I can tell, that's the best defense.

Security software changes in Windows 7 RC

pthurrott — Sat, 25 Apr 2009 15:05:30 GMT

I had noticed in one of the previous post-Beta interim builds of Windows 7 that ESET NOD32 was throwing up an Action Center message to the effect that it was incompatible with the way security software communicates its status; previously, NOD32 worked just fine. In the RC build, this has been formalized with an appearance by the familiar Program Compatibility Assistant window shown here. There's no fix as of yet, but I suspect this change will affect more than just NOD32. I will check.

I don't see any documentation about what's changed with regards to security software, but I'll ask Microsoft during our Windows 7 RC briefing early next week.

UPDATE: I should note that this is NOD32 3.x. I've been told that 4.0 works without complaint.

Is UAC broken in Windows 7?

pthurrott — Fri, 30 Jan 2009 15:23:37 GMT

Bloggers Long Zheng and Rafael Rivera have found what appears to be a serious failing in the emasculated version of User Account Control (UAC) that Microsoft is including in Windows 7: Apparently, it doesn’t work and is very easy to bypass. So easy, in fact, that Zheng and Rivera were able to write up a quickie Visual Basic Script (VBScript) that can compromise a Windows 7 PC. Microsoft’s response so far: “This feature works as intended.” This has the makings of a fight.

Sacrificing security for usability: UAC security flaw in Windows 7 beta (with proof of concept code)

This is dedicated to every ignorant “tech journalist” who cried wolf about UAC in Windows Vista. A change to User Account Control (UAC) in Windows 7 to make it “less annoying” inadvertently clears the path for a simple but ingenius override that renders UAC disabled without user interaction. For the security conscious, a workaround is also provided.

By default, Windows 7’s UAC setting is set to “Notify me only when programs try to make changes to my computer” and “Don’t notify me when I make changes to Windows settings”. How it distinguishes between a (third party) program and Windows settings is with a security certificate … The Achilles’ heel of this system is that changing UAC is also considered a “change to Windows settings”, coupled with the new default UAC security level, would not prompt you if changed. Even to disable UAC entirely.

The implications are even worse than originally thought. You could automate a restart after UAC has been changed, add a program to the user’s startup folder and because UAC is now off, run with full administrative privileges ready to wreak havoc.

Beta users of Windows 7 can also apply a simple fix. Changing the UAC policy to “Always Notify” will force Windows 7 to notify you even if UAC settings change. Annoying, but safe.

Put another way, “annoying but safe … Like it was in Windows Vista. And is in Mac OS X, by the way.”

Raf’s take...

Malware can turn off UAC in Windows 7; “By design” says Microsoft

Windows 7, however, now ships with UAC configured to hide prompts when users change Windows settings. While this mode still ensures normal applications can’t overwrite your entire registry hive, Microsoft made a boo-boo in allowing users to change any Windows setting without any prompts. Yes, you can even change UAC settings, allow applications free reign in elevated mode (after the required restart).

An obvious fix for this “issue” would be to force the adjustment of UAC parameters to be confirmed by a human. Until Microsoft addresses this “issue”, you can set UAC to its highest mode to kill any concerns you may have… but you’re not using this in a production environment anyway – right?

Um. Right.

Microsoft?

Microsoft Security guys have fun at Mac loyalist’s expense

pthurrott — Mon, 11 Aug 2008 07:08:06 GMT

Thanks to Joe R. for this link: This one kind of speaks for itself, but it’s funny and I’m guessing most of you will enjoy it. A choice clip:

h8er: I run a Mac! Don't you feel embarrassed working for Microsoft knowing that 40% of your customers are infected with Malware?

MSFT guy: Actually, based upon research in the latest Security Intelligence Report, less than 1% of machines have malware and need corrective action - plus, recent research in the same report has shown that most of that is on older platforms and Windows Vista has an even lower incidence. 40% is a pretty high number, what source did you hear that from?

h8er: <crickets chirping in the silence>

Good stuff. :) Nothing shuts down these clowns bal faster than the truth.

Yes, Virginia, Vista really is more secure than previous Windows versions

pthurrott — Wed, 14 May 2008 13:36:43 GMT

A report from PC Tools last week claimed that Windows Vista was, in fact, more susceptible to malware than Windows 2000, an operating system Microsoft released almost a decade ago, and well before its Trustworthy Computing initiative:

Leading security software vendor, PC Tools, today released research confirming that the widely debated Windows Vista is still a long way from having immunity to online threats and that additional protection is essential.

"Ironically, the new operating system has been hailed by Microsoft as the most secure version of Windows to date. However, recent research conducted with statistics from over 1.4 million computers within the ThreatFire community has shown that Windows Vista is more susceptible to malware than the eight year old Windows 2000 operating system, and only 37% more secure than Windows XP," said Simon Clausen, Chief Executive Officer, PC Tools.

PC Tools cautions that because Vista has a smaller market share than its predecessor, targeted attacks are less frequent. However, once Vista’s market-share increases, it is likely to become a more lucrative platform for attack.

Sensational. Widely reported.

Too bad it's all baloney.

Windows Vista and Malware

Recently there have been some questions raised about the susceptibility of Windows Vista to malware – specifically, that it’s more susceptible to malware than Windows 2000. I’d like to show why we reject that claim. We study the malware space very carefully and publish our results twice a year in the Security Intelligence Report. This report is compiled from statistics on malware infections based on over 450 million executions of the Malicious Software Removal Tool (MSRT) every month. Microsoft is a member of AMTSO (Anti Malware Testing Standards Organization) and its charter includes defining test methodology so that there is a minimum quality bar to all testing of this type.

Our results published in the April 2008 version of the Security Intelligence Report show that Windows Vista is significantly less susceptible to malware than older operating systems. In fact, from June – December 2007, using proportionate numbers, the MSRT found and cleaned malware from 60.5% fewer Windows Vista-based computers than from computers running Windows XP with Service Pack 2 installed. How about Windows 2000? Using proportionate numbers, MSRT found and cleaned malware from 44% fewer Windows Vista-based computers than Windows 2000 SP4 computers and 77% fewer than from computers running Windows 2000 SP3. Note that the Windows 2000 numbers include both Windows 2000 client AND server versions, while the Windows XP numbers of course are only clients. Servers tend to be less likely to get infected with malware.

This one is so obvious I'm embarrassed to even post this. Anyone who really believes that Windows 2000 is more secure than Windows Vista is--sorry--an idiot. There's just no kind way to say it.