Myce.com Latest Updates

Security expert: Windows 8 dev preview only detects 50 percent of malware

Posted 30 September 2011 19:29 CET by Justin_Massoud

Security Adviser Chester Wisniewski of Sophos Labs believes Microsoft’s unreleased Windows 8 platform needs an anti-virus power-up, saying the company has “a long way to go” before the OS can consistently detect cyber threats.

Photo credit: Microsoft

Testing the anti-virus measures within the Windows 8 developer preview build sans additional third-party protection, Wisniewski relied on a test file from the European Institute for Computer Antivirus Research (EICAR) which would allow him to discern Windows 8’s effectiveness without exposing himself to actual threats.

“There are some very thorough testing organizations that can evaluate protection much more effectively than most home grown testing operations,” related Wisniewski. “That is why we always use EICAR, as every (or so I thought!) anti-virus and security product will detect EICAR to allow for safe testing.”

Writing at Sophos’ Naked Security blog, he revealed that the EICAR test file download attempt yielded mixed results:

I first tried to download the EICAR test file from eicar.org using Internet Explorer 10. IE informed me that this was a malicious download and would not allow me to save it. Pass!

I then opened notepad and pasted in the 68 magical bytes, chose Save As and named it EICAR.COM. It showed up in my explorer window with no complaints.

I then tried to click the file and it vanished!? No warning, no messages logged in Event Viewer (that I could find). Fail! EICAR should always cause an alert…

A subsequent test yielded similar results for Wisniewski. Inserting a memory stick containing the EICAR test file, he discovered another misstep.

Photo credit: Sophos/Naked Security

“When I tried to copy the file from the USB stick to the Documents folder it did so without complaint,” he explained. “If I tried to run EICAR.COM it gives an error, which is expected as EICAR is a DOS program and cannot execute on Windows 8, but I should get a virus warning, shouldn’t I?”

Wisniewski admitted he was “very confused” and wondered if Microsoft had actually forgotten to program virus protection into the dev build. He decided to try one final test. He would deliver a battery of malware (“All of the samples were between six and twelve months old, so nothing bleeding edge here”) and see how it fared.

Wisniewski’s fears weren’t completely on the money. But he wasn’t too far off, either. “It captured about 50 percent of the malware samples I threw at it,” he announced, adding “clearly there is a lot of work to be done with regard to detection.”

One bright side, he said, was that it detected threats across all three platforms: Mac, Windows and Linux.

Admitting there was still ample time for Microsoft to address the issues he encountered, Wisniewski hopes Windows 8 will be up to snuff upon release. For now, he suggests other testers play it safe.

“If you are testing Windows 8 on a live network, I would recommend you install a third-party anti-virus program as well,” he said. “While Windows Defender caught some samples, it isn’t ready for prime time yet.”

This week Microsoft revealed plans to incorporate cloud syncing in Windows 8, providing users an optional way to maintain settings across multiple computers. (via Naked Security)

olddancer
MyCE Senior Member
Posted on: 30 Sep 11 17:37
Why break with tradition and not require the twice daily "Security Update"?
0 Agree

BradWright
MyCE Member
Posted on: 30 Sep 11 17:52
You guys are aware that this is pre-beta, right? It's like a rough draft of the final product? By the way, Windows Defender, which installs with the Windows 8 Developer Preview, protects your computer against pop-ups, slow performance, and security threats caused by spyware. It isn't an anti-virus program. If you want virus protection, you need to install an anti-virus program.
0 Agree

Justin_Massoud
MyCE Senior Member
Posted on: 30 Sep 11 18:09
Quote:
Originally Posted by BradWright
You guys are aware that this is pre-beta, right? It's like a rough draft of the final product? By the way, Windows Defender, which installs with the Windows 8 Developer Preview, protects your computer against pop-ups, slow performance, and security threats caused by spyware. It isn't an anti-virus program. If you want virus protection, you need to install an anti-virus program.
Yes - and that's reflected in both the post and original story. No one is saying the issues won't be fixed between now and the official release.

Also, Microsoft has stated that Windows 8 will indeed ship with a built-in anti-virus: http://www.zdnet.com/blog/hardware/windows-8-will-ship-with-built-in-antivirus-protection/14757
0 Agree

gamo62
MyCE Junior Member
Posted on: 01 Oct 11 13:05
Really? Do they know that this isn't EVEN a beta? WTF do they expect? Effing wannabees!
0 Agree

coolcolors
MyCE Resident
Posted on: 01 Oct 11 19:27
No matter how tight security the going says in the other world "WHERE THERE IS A WAY THERE IS A WILL" and someone will always break the O/S. That is a no brainer and M$ should just cough up to it that regardless how good there is someone out there that will get past them. Beta just helps them know more about what is coming out and to circumvent the security don't you think??
0 Agree

Post your comment

Myce.com settings

Several settings at Myce.com can be changed, they are stored in cookies, which means they will be reset if you clear Myce.com cookies

Background

Change the background to a plain color or trianglified image (similar to the default image)

No tracking features

At Myce most social media feature are done server side and impose no privacy risk to the visitor when not used. Several features use Javascript with you can turn off here

Layout

Switch to the List layout for an index with chronologycally listed news items or Grid layout for a block based layout. To see the change you need to reload the page

×