Security expert: Windows 8 dev preview only detects 50 percent of malware
Security Adviser Chester Wisniewski of Sophos Labs believes Microsoft’s unreleased Windows 8 platform needs an anti-virus power-up, saying the company has “a long way to go” before the OS can consistently detect cyber threats.
Testing the anti-virus measures within the Windows 8 developer preview build sans additional third-party protection, Wisniewski relied on a test file from the European Institute for Computer Antivirus Research (EICAR) which would allow him to discern Windows 8’s effectiveness without exposing himself to actual threats.
“There are some very thorough testing organizations that can evaluate protection much more effectively than most home grown testing operations,” related Wisniewski. “That is why we always use EICAR, as every (or so I thought!) anti-virus and security product will detect EICAR to allow for safe testing.”
Writing at Sophos’ Naked Security blog, he revealed that the EICAR test file download attempt yielded mixed results:
I first tried to download the EICAR test file from eicar.org using Internet Explorer 10. IE informed me that this was a malicious download and would not allow me to save it. Pass!
I then opened notepad and pasted in the 68 magical bytes, chose Save As and named it EICAR.COM. It showed up in my explorer window with no complaints.
I then tried to click the file and it vanished!? No warning, no messages logged in Event Viewer (that I could find). Fail! EICAR should always cause an alert…
A subsequent test yielded similar results for Wisniewski. Inserting a memory stick containing the EICAR test file, he discovered another misstep.
“When I tried to copy the file from the USB stick to the Documents folder it did so without complaint,” he explained. “If I tried to run EICAR.COM it gives an error, which is expected as EICAR is a DOS program and cannot execute on Windows 8, but I should get a virus warning, shouldn’t I?”
Wisniewski admitted he was “very confused” and wondered if Microsoft had actually forgotten to program virus protection into the dev build. He decided to try one final test. He would deliver a battery of malware (“All of the samples were between six and twelve months old, so nothing bleeding edge here”) and see how it fared.
Wisniewski’s fears weren’t completely on the money. But he wasn’t too far off, either. “It captured about 50 percent of the malware samples I threw at it,” he announced, adding “clearly there is a lot of work to be done with regard to detection.”
One bright side, he said, was that it detected threats across all three platforms: Mac, Windows and Linux.
Admitting there was still ample time for Microsoft to address the issues he encountered, Wisniewski hopes Windows 8 will be up to snuff upon release. For now, he suggests other testers play it safe.
“If you are testing Windows 8 on a live network, I would recommend you install a third-party anti-virus program as well,” he said. “While Windows Defender caught some samples, it isn’t ready for prime time yet.”
5 Comments on Security expert: Windows 8 dev preview only detects 50 percent of malware
- Posts: 285
- Posted on: 30 Sep 11 19:37
- Posts: 225
- Posted on: 30 Sep 11 19:52
- Posts: 941
- Posted on: 30 Sep 11 20:09
You guys are aware that this is pre-beta, right? It's like a rough draft of the final product? By the way, Windows Defender, which installs with the Windows 8 Developer Preview, protects your computer against pop-ups, slow performance, and security threats caused by spyware. It isn't an anti-virus program. If you want virus protection, you need to install an anti-virus program.
Also, Microsoft has stated that Windows 8 will indeed ship with a built-in anti-virus: http://www.zdnet.com/blog/hardware/windows-8-will-ship-with-built-in-antivirus-protection/14757
- Posts: 69
- Posted on: 01 Oct 11 15:05
- Posts: 6497
- Posted on: 01 Oct 11 21:27
Most popular headlines
- Tue 16 Apr 16:12 by DoMiN8ToR
- Software, Windows 8
The upcoming update of Windows 8 might allow users to boot to the desktop again.
- Fri 12 Apr 15:10 by DoMiN8ToR
The number of jobs in the film and music industry in the United States has increased despite the claimed negative effects of illegal downloads.
- Tue 9 Apr 14:23 by DoMiN8ToR
The PirateBay has moved to the domain thepiratebay.gl in fear that their previous domain would be ceased by Swedish authorities
- Wed 17 Apr 13:57 by DoMiN8ToR
- Solid State (ssd)
A Chinese tech site has posted a picture that reveals details on Intel's 9 series chipset.