Security Adviser Chester Wisniewski of Sophos Labs believes Microsoft’s unreleased Windows 8 platform needs an anti-virus power-up, saying the company has “a long way to go” before the OS can consistently detect cyber threats.
Testing the anti-virus measures within the Windows 8 developer preview build sans additional third-party protection, Wisniewski relied on a test file from the European Institute for Computer Antivirus Research (EICAR) which would allow him to discern Windows 8’s effectiveness without exposing himself to actual threats.
“There are some very thorough testing organizations that can evaluate protection much more effectively than most home grown testing operations,” related Wisniewski. “That is why we always use EICAR, as every (or so I thought!) anti-virus and security product will detect EICAR to allow for safe testing.”
Writing at Sophos’ Naked Security blog, he revealed that the EICAR test file download attempt yielded mixed results:
I first tried to download the EICAR test file from eicar.org using Internet Explorer 10. IE informed me that this was a malicious download and would not allow me to save it. Pass!
I then opened notepad and pasted in the 68 magical bytes, chose Save As and named it EICAR.COM. It showed up in my explorer window with no complaints.
I then tried to click the file and it vanished!? No warning, no messages logged in Event Viewer (that I could find). Fail! EICAR should always cause an alert…
A subsequent test yielded similar results for Wisniewski. Inserting a memory stick containing the EICAR test file, he discovered another misstep.
“When I tried to copy the file from the USB stick to the Documents folder it did so without complaint,” he explained. “If I tried to run EICAR.COM it gives an error, which is expected as EICAR is a DOS program and cannot execute on Windows 8, but I should get a virus warning, shouldn’t I?”
Wisniewski admitted he was “very confused” and wondered if Microsoft had actually forgotten to program virus protection into the dev build. He decided to try one final test. He would deliver a battery of malware (“All of the samples were between six and twelve months old, so nothing bleeding edge here”) and see how it fared.
Wisniewski’s fears weren’t completely on the money. But he wasn’t too far off, either. “It captured about 50 percent of the malware samples I threw at it,” he announced, adding “clearly there is a lot of work to be done with regard to detection.”
One bright side, he said, was that it detected threats across all three platforms: Mac, Windows and Linux.
Admitting there was still ample time for Microsoft to address the issues he encountered, Wisniewski hopes Windows 8 will be up to snuff upon release. For now, he suggests other testers play it safe.
“If you are testing Windows 8 on a live network, I would recommend you install a third-party anti-virus program as well,” he said. “While Windows Defender caught some samples, it isn’t ready for prime time yet.”