Jump to content

Interesting article on Windows 8 security

Tushman

By Tushman
in Security & Networking

 Share

Recommended Posts

Tushman

Tushman

Posted
Posted

I must be psychic these days. For some reason I felt there were some tremors in the IT world. So I went on Google and typed in "I.T. related news". It returned several links. I just so happened to click on the link that took me to Infoworld's main website. There I found a headline that caught my attention.

 

The article is written by Ellen Messmer but look who she quotes within the story.

 

Windows 8 brings malware improvements, says antivirus researcher.

 

With Windows 8, Microsoft is taking a distinctly different -- and likely far better -- approach to how anti-malware will run in comparison to earlier versions of Windows, says Aryeh Goretsky, researcher at antivirus software firm ESET. Microsoft's approach, called "Early Launch Anti-Malware," basically means the first software driver to be loaded into the Windows 8 OS upon its use will be the driver of the user's anti-malware software. This is a major change because "before, it was a 'no man's land,'" says Goretsky, meaning loading driver software on the user's machine was random and "a malicious device driver" could get there first, allowing the malware to trump the anti-malware and maybe turn it off.

 

Full article here.

  • Like 1
Link to comment
Share on other sites
Tushman

Tushman

Posted
  • Author
Posted

You gotta be kidding me. Only 1 reply? Where is the love for Aryeh? C'mon you guys - it's Aryeh! not just some joe schmoe down the street who doesn't know what he's talking about.

  • Like 1
Link to comment
Share on other sites
Guest LilBambi

Guest LilBambi

Posted
Posted
With Windows 8, Microsoft is taking a distinctly different -- and likely far better -- approach to how anti-malware will run in comparison to earlier versions of Windows, says Aryeh Goretsky, researcher at antivirus software firm ESET. Microsoft's approach, called "Early Launch Anti-Malware," basically means the first software driver to be loaded into the Windows 8 OS upon its use will be the driver of the user's anti-malware software. This is a major change because "before, it was a 'no man's land,"" says Goretsky, meaning loading driver software on the user's machine was random and "a malicious device driver" could get there first, allowing the malware to trump the anti-malware and maybe turn it off.

 

So what will that mean in real world choices for say someone who uses ESET NOD32 and Malwarebytes Anti-Malware for instance?

Link to comment
Share on other sites
goretsky

goretsky

Posted
Posted

Hello,

 

AV-Test lists both ESET NOD32 Antivirus and ESET Smart Security as being compatible with Windows 8 here. I did not see anything listed for MBAM or any mention on Malwarebytes web site, but I would be surprised if they were not yet compatible.

 

Regards,

 

Aryeh Goretsky

 

 

So what will that mean in real world choices for say someone who uses ESET NOD32 and Malwarebytes Anti-Malware for instance?

 

Hello,

 

A slightly larger picture can be found at http://www.edexter.com/.

 

Regards,

 

Aryeh Goretsky

 

I thought that was a cat

Link to comment
Share on other sites
Guest LilBambi

Guest LilBambi

Posted
Posted

So sorry to hear about Dexter passing on. Losing a good friend of 17 yrs is no fun. We lost our good dog, Whitie after nearly 15 years, about the same time Dexter was born. It was a very hard thing.

Link to comment
Share on other sites
Corrine

Corrine

Posted
Posted

I'm so sorry to hear about Dexter, Aryeh.

 

Regarding compatibility, ESET products and MBAM (with multiple iterations of the name) are shown as compatible at the Windows 8 Release Preview Compatibility Center: Find Updates, Drivers, & Downloads.

 

ESET: http://www.microsoft...SearchTerm=ESET

 

MBAM: http://www.microsoft...rm=Malwarebytes

  • Like 1
Link to comment
Share on other sites
Guest LilBambi

Guest LilBambi

Posted
Posted (edited)

I remember reading something about that. As long as you don't have any other antivirus, it remains active, but if you install one of your own, it deactivates or something like that, right?

 

Ah, wait, there is even a caveat on that as noted in this PCWord article:

 

Bear in mind that even though Microsoft will include Windows Defender in Windows 8, PC manufacturers may disable the program on new PCs that carry preinstalled antivirus software from a third-party such as Norton or McAfee. The preinstalled third-party antivirus options are usually limited-time trials, so your initial decision may be whether to keep any preinstalled antivirus; if you decide against keeping it, you'll need to decide whether to enable Windows Defender and use it or to switch to another third-party antivirus program.

 

More in the article.

 

They also do a comparison between the free antivirus software with their conclusion for Windows 8:

 

If your Windows 8 PC comes with a third-party antivirus preinstalled on it, you should first check the program's ranking; if it doesn't rank in the top four, consider opting out and using something else. As we've seen, the free antivirus built into Windows 8 should be easy to use and should provide excellent malware removal, but it will likely be relatively weak at detecting malware in the first place.

 

That's where a combination of Microsoft Security Essentials and updating and running Malwarebytes Anti-malware weekly or as needed if something seems odd with the system, would be a good secondary free (non-realtime) support to Microsoft Security Essentials for those who prefer a totally free solution.

 

 

For pay to play ones, this article on PCWorld suggests a list in order of best at the top Security Suites (it doesn't do antivirus only):

 

 

Personally, I like Microsoft Security Essentials (free alternative) or ESET NOD32 (pay-to-play alternative) and Malwarebytes Anti-malware along with free/pay-to-play WinPatrol, but that's just me.

Edited by LilBambi
Link to comment
Share on other sites
goretsky

goretsky

Posted
Posted

Hello,

 

Precisely. To quote from the white paper:

 

Many new computers purchased with Windows 8, however, will not have Windows Defender installed as their default anti-malware program. Many computer manufacturers ship their computers with a trial version of a commercial anti-malware program installed on them. This is because those manufacturers receive payments from the anti-malware vendors to pre-load the software onto the computers they sell 8. Computer manufacturers also receive a royalty when the computer user purchases a license for the trial product, and when the license is renewed. While the amount of revenue this generates from each individual is not huge—perhaps $15-to-30 USD—when multiplied over tens or hundreds of thousands of computers, it becomes millions of dollars in revenue that computer manufacturers get from anti-malware companies. Microsoft has made it easy for computer manufacturers to disable Windows Defender so that they may continue to receive payments from anti-malware vendors in exchange for bundling their anti-malware software 9, 10, 11.

 

One of the requirements from Microsoft for Windows 8 is that all anti-malware software should be able to cleanly install, disable and uninstall itself. In the past, switching anti-malware products under Windows has been problematic because some anti-malware solutions left files, drivers, processes, registry entries, services and other remnants on a system after they were uninstalled, which would cause various conflicts as well as compatibility and performance issues when new anti-malware software was installed. These changes for anti-malware software in Windows 8 should not only make it much easier for consumers and businesses to replace Windows Defender with other anti-malware software, but also to switch from one anti-malware program to another.

 

So, all antimalware programs which pass Microsoft's Windows 8 certification process should play nicely with each other in terms of uninstalling cleanly to allow the next program to take over the task of keeping the system clean.

 

Oh, and in demi-related discussion, ESET announced their Windows 8 support plans here in a blog post.

 

Regards,

 

Aryeh Goretsky

 

9 Keizer, Gregg. “Windows 8’s built-in AV to be security of last resort.” Security News. 4 Jun. 2012. ComputerWorld. https://www.computer..._of_last_resort

10 Bright, Peter. “Windows 8’s built-in antivirus will put third-party products first.” Technology Lab. 4 Jun. 2012. Ars Technica. http://arstechnica.c...products-first/

11 Kingsley-Hughes, Adam. “Microsoft’s Compromise on Windows 8 Security Leaves Consumers Vulnerable.” Forbes Tech Blog. 8 Jun. 2012. Forbes Media, LLC. http://www.forbes.co...ers-vulnerable/

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...