The Channel logo

back to article Windows 8 security is like a swiss cheese flak jacket - sez AV firm

The knives are out for Windows Defender, the basic anti-malware protection bundled with Windows 8: makers of rival antivirus products are lining up to criticise Microsoft's efforts to secure its operating system. Windows 8 can be infected by 16 percent of the most common malware families, even with Windows Defender activated, …

COMMENTS

This topic is closed for new posts.
Silver badge
Facepalm

Fallapartgate

I coined this phrase in another thread, and it fits what we're seeing here perfectly - microsoft itself, its crappy tablets and of course its unusable software which is as big a joke when it comes to security as its always been.

8
9
Silver badge
Meh

Yes

But should we be surprised that this software, after years of development, months of testing, billions spent and finally released has more holes in it than Gorgonzola cheese?

Ummm No.

5
2
Anonymous Coward

Re: more holes in it

Gorgonzola is an Italian blue cheese, the holey Swiss cheese is Emmentaler.

7
0
Anonymous Coward

Re: more holes in it

> Gorgonzola is an Italian blue cheese, the holey Swiss cheese is Emmentaler.

Any Norwegian Jarlsberger, per chance?

1
0

Re: more holes in it

It's Jarlsberg, not Jarlsberger.

Also, that cheese(my favorite if anyone wonders) is known for its 'nutty' flavour and few but large holes. The holes also tends to have a small 'tear' in them.

Now, the size of the holes may be reminiscent of Windows, but there's way too few of them to be a valid comparison...

1
0
FAIL

Re: Fallapartgate

Don't forget their cloud offering - down again:

http://www.zdnet.com/microsoft-hit-by-second-office-365-email-outage-in-five-days-7000007342/

Perhaps Sinofsky did more than just publicly give Ballmer the bird when he left?

1
0
Anonymous Coward

Re: more holes in it

Under UK statute law, any mention of Norwegian Jarlberg musy be followed by a reference to Venezuelan Beaver cheese.

This post is to keep El Reg legally compliant in this respect.

0
0
Bronze badge
Joke

Re: more holes in it

Wensleydale.

Shut that bloody bazouki up!

;->

0
0
Bronze badge

Re: more holes in it

I much prefer Canadian beaver cheese, though I understand the Scots kind is coming along nicely.

0
0

Should be

Bill Gate cos only he can save them from themselves

0
0
Anonymous Coward

ANTIVIRUS SOFTWARE COMPANY PUBLISHED GROUNDBREAKING STUDY TODAY PROVING THE SOFTWARE THEY SELL IS REQUIRED TO MEET THE SECURITY STANDARDS SET BY ANTIVIRUS SOFTWARE COMPANY

17
2

Sour grapes?

If AV vendors dropped the bloat and offered something as streamlined as Windows Defender that's proven to deal with more threats I'd consider a change. For nor it, a firewall and common sense are good enough for me.

10
3
Silver badge
Windows

I always wonder...

"Malware that successfully bypassed Windows Defender was capable of opening backdoors to allow hackers to remotely control the attacked x86 PC, intercepting keystrokes, stealing online gaming credentials, and more."

There's one bit of information I'm always missing with researches like this: what kind of user account and user profile was used? Because the end user can matter a lot when it comes to system security and breach of that security.

2 extreme examples... Although Windows 7 sets up an admin account for you to work with by default (and relies on UAC to block unwanted system changes) its not how I like to work. Instead I lowered my accounts privileges to that of a normal user (I'm on Windows 7 Professional btw; this also provides user account access), removed the password from this account and instead added a password to the global system administrator account. Resulting in the obvious situation that my user account has no write access to system parts of the system partition (C). I can't dump something in c:\program files, I can't do much in c:\windows; the only places I have full r/w access to are my own personal data directories as well as the stuff on the non-system partition (D).

The moment I want to do something beyond my capabilities I either have to raise my privileges (start a raised console ("run as administrator") for example or simply await a UAC prompt. After which I need to type a password and then can perform the required changes.

Needless to say; I'm pretty confident that not much malware which might be capable of bypassing Security Essentials will also easily be capable to install itself. Unless of course it fully runs within user space and doesn't require any extra credentials; but mentioning of stuff such as keyboard monitoring makes me think otherwise. My account credentials simply wouldn't allow me to do this. (unless of course they're actually exploiting local root exploits or local backdoors, the article doesn't quite say).

Another extreme example is a friend of mine who clicks before reading. Sounds dumb, it is dumb, but that's the way he works. When he sees a website popup he's clicked it before you could say "I don't think that looks trustworthy". He'll even go as far as mindlessly clicking "yes" on UAC messages, sometimes even jokingly mentioning that "Oh, Windows needs to ask me if Bill Gates can go to the bathroom, sure; do what you have to do".

Needless to say: its also the kind of friend who calls me every once in a while to ask me if I could help him make his "PC run faster". At one time I even managed (well, stuff like adaware & spybot managed) to remove 584 cases of malware, spyware, tracking cookies and other kinds of crap from his PC. Although his switch to Windows 7 has managed to slow that process down quite a bit.

My point...

Needless to say that my user credentials and user profile (the way I work) is bound to stop a lot of crap even whenever that is capable of bypassing my virus scanners. Whereas my friend... With such a user profile I don't think it would even help if his virus scanner (or "protection suite") would be capable of blocking everything. Whenever there's a trojan provided chances are high he'll invite it right over by clicking "yes" ("sure I'd like some new software, lets have it!").

AS SUCH.... What kind of user profile is used during such virus tests? With modern Windows (Vista, 7, 8) its almost inevitable that the user will get a system warning somehow. So do they simply assume the user simply clicks yes all the time or....

7
0
(Written by Reg staff) Silver badge

Re: I always wonder...

All very good points. However, what happens when you encounter code that is able to elevate its privileges and/or bypass the UAC? I saw some good example code within the past fortnight that demonstrates this. Once the code is running on your machine, half the battle is lost. I'll try to dig up some examples.

Also, consider your friend: the kind of person who installs everything, clicks through UAC, gets thoroughly pwned. That's the sort of user Bitdefender is attempting to simulate, not a pro user able to lock down the machine.

All IMHO.

C.

2
0
Bronze badge

Re: I always wonder...

damn, what kind of pr0n/hacking sites are you visiting that you need to be that paranoid :p

0
6
Gold badge
WTF?

Re: I always wonder...

the kind of person who installs everything, clicks through UAC, gets thoroughly pwned. That's the sort of user Bitdefender is attempting to simulate...

Bit of a daft test then. You can't proof a system against a user equipped with the capability to invoke admin privilege and determined to override the security. Defender is part of a layered approach and ruling out smartscreen, UAC et. al. is a bit like testing their own product having first disabled its heuristics, browser plugin and any firewall features "because I was getting too many messages and it stopped things working".

Give me any A/V suite and I'll get the box it's on pwned, if you allow me access to admin privilege and to behave like a complete twat who's going out of their way to get pwned.

Christ, I thought my mother was the most computer illiterate person on the planet[1], but at least she knows she's crap, reads the messages and makes an informed decision.

[1] I managed to talk her through installing a new ADSL router over the phone, despite some unknown POS having hard set the bloody DNS IP to the old router's settings (for the love of god, why?) at some point in the past. That gave Job a run for his money when it comes to patience, I can tell you.

1
0
Silver badge

Re: Bit of a daft test then

But it was also a bit of a daft security system at the start too. The UAC popped up way too often and you either got annoyed, turned it off, or adapted his daft friends approach. It gotten somewhat better since then.

I've always liked a differentiated approach myself. Until the companies made it nearly impossible to not buy a suite I always ran AV from a different vendor than my software firewall, and none of it was from MS, who ought to have their own decent security in the system.

And it's not just MS. When I see a program pop-up a message from a third party vendor that says "An executable file wants to access the internet. Do you want to allow this?" I want to scream. WHICH FRICKING FILE?!?!?!?

0
0
Anonymous Coward

Who'd have thunk it?

Windoze with security flaws? Hmm. Not the first time...

7
5
Anonymous Coward

Re: Who'd have thunk it?

And I bought it ALL - 'cos RICHTO said it was great, the BEST, he KNEW, it was a FACT - oh! he-a culpa !

3
0
Bronze badge
Meh

Twisted Garbage

Wouldnt this comment only really be valid if MS was making out that the windows defender was actually a replacement for third party anti virus software? Not sure that they have done that, if they did then I would agree with the comment that this is a fail, if they did not then this article is irrelevant.

2
0
Silver badge

Re: Twisted Garbage

When they go and rename it to "Windows Partial-Defender" you may have a point.

4
1
Silver badge

Re: Twisted Garbage

I've not looked at what they say about the windows 8 version, but it's Security Essentials renamed and installed by default, and they push Security Essentials as a replacement, and say not to run it and another AV program at the same time.

0
0
Bronze badge

Re: Twisted Garbage

Every A/V supplier recommends not running two A/V products at the same time, because they will tend to interfere with each others operation (and in the worst case scenario will flag the other products virus definition files as malicious and block access).

0
0
Silver badge
Thumb Down

"at least Windows Defender is capable of repairing the operating system if damaged"

Yet more, interminable, StartUp-Repair. That's all we need for Tuesdays.

Whooppee!

0
1
Anonymous Coward

As much as it would be ncie to have secure software from MS

You can almost guarantee that if they made something that meant a/v products were no longer required, they'd be done for anti-competitive practices.

2
0
Anonymous Coward

Defence in depth

AV software is part of the totality of the defence on a computer; webpage filtering, UAC, sandboxing and other elements work together.

To test one part of a system in isolation is only part of the story. A step to measuring the effectiveness of the whole since it is difficult to test a complex system as is. But to state that the entirety of a system is grossly faulty because of one element is disingenuous.

I presume that Bit Defender will show that their software would have stopped all the malware samples as well as bringing a cup of tea up for you in the morning

3
0
Bronze badge

As any fule no

Defender on the BBC Model B was the best.

1
0

Re: As any fule no

For some reason I could never get to grips with that game. Nice graphics, cool sounds, but my memories of playing it go something like:

"Beeeoooowwwwwwww..." "FFFttt! FFFttt! FFFttt!" "chshchshcshshchchsh!!!" "Err Err Err" [Little aliens dancing on the wreckage of my ship]

1
0
Bronze badge
Alien

Re: As any fule no

You just needed nine fingers on each hand.

0
0
Silver badge
FAIL

In other words we’ve simulated a hapless user.

And they couldn't find a real PHB in the office anywhere to test it properly? Or even set up an internal webserver rather than an FTP one to do it?

How many "hapless users" FTP stuff these days?

2
1
Bronze badge

Using my brain

I've not had a virus infection on a machine of mine, ever. For most of my life I haven't had anti-virus either - I only started when the more 'virulent' viruses came about, like Sasser etc... and then I've only ever used free software.

Using my brain is the main way to prevent infection - don't click random links, don't open random emails from people I don't know, don't install software which comes from random websites, don't use pirate software from P2P services.

That and both edge and software firewalls do the job perfectly.

0
2
Facepalm

16% Fail Better than 100% Slow with Commercial AV

So 16% of malware gets through if I act like a complete moron. I'd rather take my chances that I'm somewhat more savvy and miss out on the CPU-sucking, RAM hogging, file diverting BS that is most AV software. My PC doubled its speed when I tossed out commercial AV software and let Defender do the basics. That was two years ago and I've only had one virus since then, which Defender caught before any harm was done.

1
1
Anonymous Coward

Re: 16% Fail Better than 100% Slow with Commercial AV

So YOU'RE one of the idiots who keeps flooding my Inbox with Viagra Spam.

0
0

Headline Grabbing

One thing I couldn't help but notice is that you failed to mention how Windows 8's security compares to Windows 7 or Windows Vista. You say Windows 8 can be infected by 16% of the most popular malware when the OS' only protection is Windows Defender. I suspect that that if you ran those same tests against Windows Vista or 7 that you'd find similar results. My instinct is telling me that Windows 8 is likely as secure as it's predecessors and that you're focusing on Windows 8 in an attempt to grab headlines.

When you look at this from the Glass-Half-Full perspective, that means a clean install of Windows 8 is resistant to 84% of malware designed specifically to infect Windows machines. That's pretty good as far as I'm concerned. As the saying goes "You're trying to make a mountain out of a mole hill".

0
1
This topic is closed for new posts.

Opinion

Chris Mellor

Drives nails forged with Red Hat iron into VCE's coffin
Sleep Cycle iOS app screenshot

Trevor Pott

Forget big-spending globo biz: it's about the consumer... and he's desperate for a nap
Steve Bennet, ex-Symantec CEO

Chris Mellor

Enormo security firm needs to get serious about acquisitions

Features

Windows 8.1 Update  Storeapps Taskbar
Chinese Buffet self-service
Chopping down the phone tree to scrump low-hanging fruit
An original member of the System/360 family announced in 1964, the Model 50 was the most powerful unit in the medium price range.
Big Blue's big $5bn bet adjusted, modified, reduced, back for more
Microsoft CEO Satya Nadella
Redmond needs to discover the mathematics of trust