Myce.com Latest Updates

Security expert: Windows 8 dev preview only detects 50 percent of malware

Posted at 30 September 2011 19:29 CEST by Justin_Massoud

Security Adviser Chester Wisniewski of Sophos Labs believes Microsoft’s unreleased Windows 8 platform needs an anti-virus power-up, saying the company has “a long way to go” before the OS can consistently detect cyber threats.

Photo credit: Microsoft

Testing the anti-virus measures within the Windows 8 developer preview build sans additional third-party protection, Wisniewski relied on a test file from the European Institute for Computer Antivirus Research (EICAR) which would allow him to discern Windows 8’s effectiveness without exposing himself to actual threats.

“There are some very thorough testing organizations that can evaluate protection much more effectively than most home grown testing operations,” related Wisniewski. “That is why we always use EICAR, as every (or so I thought!) anti-virus and security product will detect EICAR to allow for safe testing.”

Writing at Sophos’ Naked Security blog, he revealed that the EICAR test file download attempt yielded mixed results:

I first tried to download the EICAR test file from eicar.org using Internet Explorer 10. IE informed me that this was a malicious download and would not allow me to save it. Pass!

I then opened notepad and pasted in the 68 magical bytes, chose Save As and named it EICAR.COM. It showed up in my explorer window with no complaints.

I then tried to click the file and it vanished!? No warning, no messages logged in Event Viewer (that I could find). Fail! EICAR should always cause an alert…

A subsequent test yielded similar results for Wisniewski. Inserting a memory stick containing the EICAR test file, he discovered another misstep.

Photo credit: Sophos/Naked Security

“When I tried to copy the file from the USB stick to the Documents folder it did so without complaint,” he explained. “If I tried to run EICAR.COM it gives an error, which is expected as EICAR is a DOS program and cannot execute on Windows 8, but I should get a virus warning, shouldn’t I?”

Wisniewski admitted he was “very confused” and wondered if Microsoft had actually forgotten to program virus protection into the dev build. He decided to try one final test. He would deliver a battery of malware (“All of the samples were between six and twelve months old, so nothing bleeding edge here”) and see how it fared.

Wisniewski’s fears weren’t completely on the money. But he wasn’t too far off, either. “It captured about 50 percent of the malware samples I threw at it,” he announced, adding “clearly there is a lot of work to be done with regard to detection.”

One bright side, he said, was that it detected threats across all three platforms: Mac, Windows and Linux.

Admitting there was still ample time for Microsoft to address the issues he encountered, Wisniewski hopes Windows 8 will be up to snuff upon release. For now, he suggests other testers play it safe.

“If you are testing Windows 8 on a live network, I would recommend you install a third-party anti-virus program as well,” he said. “While Windows Defender caught some samples, it isn’t ready for prime time yet.”

This week Microsoft revealed plans to incorporate cloud syncing in Windows 8, providing users an optional way to maintain settings across multiple computers. (via Naked Security)

Click to share

There are 5 comments

olddancer
MyCE Senior Member
Posted on: 30 Sep 11 19:37
    Why break with tradition and not require the twice daily "Security Update"?
    BradWright
    MyCE Member
    Posted on: 30 Sep 11 19:52
      You guys are aware that this is pre-beta, right? It's like a rough draft of the final product? By the way, Windows Defender, which installs with the Windows 8 Developer Preview, protects your computer against pop-ups, slow performance, and security threats caused by spyware. It isn't an anti-virus program. If you want virus protection, you need to install an anti-virus program.
      Justin_Massoud
      MyCE Senior Member
      Posted on: 30 Sep 11 20:09
        Quote:
        Originally Posted by BradWright
        You guys are aware that this is pre-beta, right? It's like a rough draft of the final product? By the way, Windows Defender, which installs with the Windows 8 Developer Preview, protects your computer against pop-ups, slow performance, and security threats caused by spyware. It isn't an anti-virus program. If you want virus protection, you need to install an anti-virus program.
        Yes - and that's reflected in both the post and original story. No one is saying the issues won't be fixed between now and the official release.

        Also, Microsoft has stated that Windows 8 will indeed ship with a built-in anti-virus: http://www.zdnet.com/blog/hardware/windows-8-will-ship-with-built-in-antivirus-protection/14757
        gamo62
        MyCE Junior Member
        Posted on: 01 Oct 11 15:05
          Really? Do they know that this isn't EVEN a beta? WTF do they expect? Effing wannabees!
          coolcolors
          MyCE Resident
          Posted on: 01 Oct 11 21:27
            No matter how tight security the going says in the other world "WHERE THERE IS A WAY THERE IS A WILL" and someone will always break the O/S. That is a no brainer and M$ should just cough up to it that regardless how good there is someone out there that will get past them. Beta just helps them know more about what is coming out and to circumvent the security don't you think??

            Post your comment

            You need to register before you can comment

            Like us

            Most popular headlines

            TuneIn radio app update disappoints many users - requires social login

            The popular mobile radio app TuneIn receives a lot of negative comments after th...

            Xbox One owners complain about "horrible noise" coming from console

            Xbox One owners complain about noise coming out of their game console. The issue...

            TDMore releases free DVD Copy software - claims faster than others

            TDMore today announced the availability of "Free DVD Copy" which allow...

            Leaked Windows 9 screenshots clearly show new Start menu and more

            Several German websites have been provided with new screenshots of Windows 9. Th...

            HGST announces enterprise 6TB and 8TB hard drives, with plans for 10TB HDD and 3.2TB SSD

            HGST (informally known to most as Hitachi's storage division, though it it now o...

            See all headlines
            Follow Myce.com