Security expert: Windows 8 dev preview only detects 50 percent of malware
Security Adviser Chester Wisniewski of Sophos Labs believes Microsoft’s unreleased Windows 8 platform needs an anti-virus power-up, saying the company has “a long way to go” before the OS can consistently detect cyber threats.
Testing the anti-virus measures within the Windows 8 developer preview build sans additional third-party protection, Wisniewski relied on a test file from the European Institute for Computer Antivirus Research (EICAR) which would allow him to discern Windows 8′s effectiveness without exposing himself to actual threats.
“There are some very thorough testing organizations that can evaluate protection much more effectively than most home grown testing operations,” related Wisniewski. “That is why we always use EICAR, as every (or so I thought!) anti-virus and security product will detect EICAR to allow for safe testing.”
Writing at Sophos’ Naked Security blog, he revealed that the EICAR test file download attempt yielded mixed results:
I first tried to download the EICAR test file from eicar.org using Internet Explorer 10. IE informed me that this was a malicious download and would not allow me to save it. Pass!
I then opened notepad and pasted in the 68 magical bytes, chose Save As and named it EICAR.COM. It showed up in my explorer window with no complaints.
I then tried to click the file and it vanished!? No warning, no messages logged in Event Viewer (that I could find). Fail! EICAR should always cause an alert…
A subsequent test yielded similar results for Wisniewski. Inserting a memory stick containing the EICAR test file, he discovered another misstep.
“When I tried to copy the file from the USB stick to the Documents folder it did so without complaint,” he explained. “If I tried to run EICAR.COM it gives an error, which is expected as EICAR is a DOS program and cannot execute on Windows 8, but I should get a virus warning, shouldn’t I?”
Wisniewski admitted he was “very confused” and wondered if Microsoft had actually forgotten to program virus protection into the dev build. He decided to try one final test. He would deliver a battery of malware (“All of the samples were between six and twelve months old, so nothing bleeding edge here”) and see how it fared.
Wisniewski’s fears weren’t completely on the money. But he wasn’t too far off, either. “It captured about 50 percent of the malware samples I threw at it,” he announced, adding “clearly there is a lot of work to be done with regard to detection.”
One bright side, he said, was that it detected threats across all three platforms: Mac, Windows and Linux.
Admitting there was still ample time for Microsoft to address the issues he encountered, Wisniewski hopes Windows 8 will be up to snuff upon release. For now, he suggests other testers play it safe.
“If you are testing Windows 8 on a live network, I would recommend you install a third-party anti-virus program as well,” he said. “While Windows Defender caught some samples, it isn’t ready for prime time yet.”
There are 5 comments
- MyCE Senior Member
- Posted on: 30 Sep 11 19:37
- MyCE Member
- Posted on: 30 Sep 11 19:52
- MyCE Senior Member
- Posted on: 30 Sep 11 20:09
Originally Posted by BradWright
You guys are aware that this is pre-beta, right? It's like a rough draft of the final product? By the way, Windows Defender, which installs with the Windows 8 Developer Preview, protects your computer against pop-ups, slow performance, and security threats caused by spyware. It isn't an anti-virus program. If you want virus protection, you need to install an anti-virus program.
Also, Microsoft has stated that Windows 8 will indeed ship with a built-in anti-virus: http://www.zdnet.com/blog/hardware/windows-8-will-ship-with-built-in-antivirus-protection/14757
- MyCE Junior Member
- Posted on: 01 Oct 11 15:05
- MyCE Resident
- Posted on: 01 Oct 11 21:27
Most popular headlines
- Fri 29 Aug 05:08 by DoMiN8ToR
Although Microsoft is not updating Windows XP anymore since April this year, a d...
- Thu 28 Aug 04:08 by DoMiN8ToR
Microsoft has released the Windows 8.1 August Update again, the company withdrew...
- Wed 27 Aug 08:08 by DoMiN8ToR
The Russian group or individual that leaks confidential Microsoft information to...
- Wed 27 Aug 03:08 by DoMiN8ToR
Dutch security researchers discovered that the Java website has been used to dis...
- Thu 28 Aug 11:08 by DoMiN8ToR
Android build (LRW50D) has been spotted in the Chromium issue tracker, the...