Natalya Kaspersky e la sicurezza di Windows Vista
2. Comunicato in lingua inglese
Security from Microsoft – the door to a brave new world?
Does Vista mean you won’t need an antivirus solution?
Recently, Jim Allchin, Co-President of Microsoft’s Platforms & Services Division ended up in a tight spot. Journalists misinterpreted a phrase from an interview he gave, fuelling a potential scandal. According to the media, Vista is so secure that users will no longer require additional antivirus protection
However, it all turned out to be a storm in a teacup. Jim Allchin apologized for his lack of clarity and explained that he had been misrepresented. In his words, although he believes that Vista is the most secure operating system Microsoft has developed to date, it will not provide complete protection against viruses and other malware.
Is Vista secure? How secure is secure? What does Microsoft hope to achieve by entering the security market? These are currently hot topics in the media. Leading representatives from the antivirus industry have expressed totally opposing views. As CEO of Kaspersky Lab, I would like to take this opportunity to add my opinion on Vista and security.
Vista security: a few key points
To start, we need to look at Vista as a whole. Microsoft has redesigned and improved the user interface, added 3-D windows, and simplified the way in which users can search for files, documents and applications. All of these modifications will make computers more approachable for new users, at the same time offering improved usability for those with more experience.
Microsoft has also introduced a number of new and enhanced security features in Windows Vista.
For instance, the number of processes and applications that launch by default with administrative privileges has been significantly reduced. Attempts to solve compatibility issues in previous versions of Windows led to large numbers of users working from the administrator account, and a large number of applications running with high privileges.
In Vista, all processes and applications run with limited privileges by default. This means that if an application contains a potentially exploitable vulnerability, an attack will not have a major impact on the operating system and will prevent serious damage to the computer.
This new technology is known as User Account Control. This will ask the user for confirmation before any action that would require higher privileges is performed. User Account Control is designed to prevent events from taking place without user consent, a feature which was absent from previous versions of Windows.
Windows Vista also offers a protected mode for Internet Explorer 7.0 to make web surfing safer. In this mode, the browser works with a certain set of system restrictions that prevent malicious code from modifying key system areas. This does not protect against all types of attack, but reduces their likelihood. Internet Explorer 7.0 is also available for Windows XP, but without the option of protected mode.
Vista includes Windows Defender, which “protects your computers against spyware and other potentially unwanted software”. Many people take this to mean that Windows Defender will ensure protection from malware. This is simply untrue. Windows Defender is not a fully functional antivirus product – it only protects against spyware, just one subset of contemporary malware. Windows Defender does not protect against viruses, Trojans, worms etc.
Currently, Microsoft offers two solutions that provide protection against malware. Windows Defender, integrated into Windows, only protects against spyware. Microsoft OneCare is a standalone solution that does protect against viruses, Trojans and other threats, but it is not part of Vista. OneCare is a separate product and has to be purchased separately, like any other antivirus solution.
Malware Classification according to Microsoft
Today Microsoft divides malicious programs into two categories: spyware (programs that steal data) and viruses (everything else).
This is a purely nominal distinction; other antivirus vendors have other, more detailed classification systems. Moreover, there is no one industry wide definition for spyware. For instance, we at Kaspersky Lab define spyware as programs that harvest user data and then send this information to the author/ user of the program.
However, it is often impossible to categorize malicious programs without some ambiguity, as they have a range of functionality. Given this, how would Microsoft classify a malicious program that ends up on a computer because it is part of a worm, or spam or a Trojan, and then proceeds to spy on the user's actions? Vista's protection module, which only protects against a single type of malware, may give users a false sense of security, resulting in an increase in infected machines.
Unlike Microsoft, most antivirus vendors offer protection against all types of malware. Dedicated solutions such as anti-spyware programs are becoming a thing of the past. Anti-spyware was a hot issue several years ago and a number of start-ups appeared that cashed in on this trend. Since then, most of them have either disappeared without trace or been bought out by major antivirus vendors.
But let’s return to Vista and antivirus solutions. Microsoft itself recommends that users install a standalone antivirus solution. The Windows Security Center in Vista will inform a user that s/he does not have an antivirus solution, and it will continue to alert the user until appropriate software is installed.
If a user clicks on ‘Find a program’ they will land on a page that lists OneCare, as well as all Microsoft approved antivirus solutions.
Will your antivirus solution run on Windows Vista?
Most people know it is not recommended to install two antivirus solutions on a single computer. This is because many antivirus solutions use the same system resources and the conflict may result in system instability or even the notorious Blue Screen of Death.
Because Windows Defender is integrated into Vista, users may assume that it is dangerous to install another antivirus solution. However, Windows Defender has been deliberately developed to be compatible with standalone antivirus solutions.
Another possible misconception that needs to be dispelled: some believe that Microsoft solutions, such as OneCare, are more suitable for users than similar products from other vendors. Why? It is claimed that OneCare integrates better with the operating system. This is supposedly because OneCare utilizes undocumented possibilities in Vista, whereas independent vendors are unable to do this.
In fact, this is a myth. Everything that Microsoft develops can be divided into two groups – the platform or operating system and applications that run on this platform. In terms of applications, both Microsoft developers and independent software developers have access to the same libraries and functions and the same documentation. These conditions are described in detail in the Windows Principles section of the Microsoft website. Moreover, Microsoft’s phenomenal success is due in part to its well-developed partnership model. The company has always provided developers with a wide range of opportunities to develop applications.
The fact that Microsoft occasionally chooses to compete with its partners for a share of existing markets is another story. But from a technical point of view, Microsoft application developers and independent developers work under the same conditions.
A few words about OneCare
I am often asked about OneCare, Microsoft’s commercial antivirus solution. How does this product compare to solutions from other vendors? The best way to answer this question is to look at results of comparative tests from independent laboratories. I am aware of two tests that have been conducted on the commercial version of OneCare, which is currently only available in the USA. The product has been tested twice by the AV-Test GmbH team, which is based at the University of Magdeburg in Germany and is one of the most respected independent test laboratories in the world. These tests have provided some initial findings about the quality of detection provided by OneCare.
From my point of view, there are three significant factors that make Microsoft’s competition with today’s leading antivirus vendors complex.
1. Microsoft’s reputation in the security field. Microsoft still does not have a good reputation in this area. By default, Microsoft solutions are perceived as being insecure or full of security loopholes. These loopholes in Windows and MS Office applications are due, above all, to extraordinary popularity – hackers across the world are going to hack programs used by the majority. Given this, I am afraid that Microsoft’s new antivirus solutions may suffer the same fate; virus writers will create malware that is designed primarily to evade detection by OneCare.
2. Another important factor is the speed at which vendors have to respond to new threats. All vendors face the same dilemma – either detect the maximum possible number of malicious programs (even at the risk of false positives) or avoid false positives at the risk of failing to detect malicious programs. Just remember the media fuss which broke out when Microsoft's antivirus detected Gmail as being malicious, with only a few journalists failing to pick up on the story. Another slightly less well-known case was when a Microsoft product detected the Russian antivirus product Dr. Web. Given Microsoft’s brand and reputation, the company simply cannot allow itself to make such mistakes. As Microsoft will need to check each potential false positive with its legal department, response to new threats will inevitably be slow.
3. The detection rate is an important characteristic of any antivirus. AV-Test GmbH at the University of Magdeburg tested OneCare in September and November 2006. The results from both tests indicated a detection rate that would be considered fairly low for your average antivirus product (the most recent – 81.22%).
In conclusion, I will risk making the following prediction. Microsoft’s antivirus will improve its detection rates and take its place among its competitors. OneCare will offer good user features (something Microsoft has always been good at). However, OneCare is unlikely to become a leader either in terms of response time to new threats or in terms of detection rates.
What should you do?
First. Windows Vista does have a number of features that improve security, but it still cannot guarantee protection against malware. A standalone antivirus solution is therefore a must.
Second. Consumers can protect their computers by choosing either a Microsoft solution or one from an independent antivirus company.
Which solution should you choose?
• A solution from a vendor that you trust
• A solution that you believe will reliably protect you against malware – if you can find the time to read the results of comparative, independent tests, that’s great!
• And last but not least, you need a solution that’s Vista-compatible. A reputable antivirus vendor will include this information in the system requirements.
Enjoy Vista and Safe Surfing!
1. Estratto del comunicato in lingua italiana
2. Comunicato in lingua inglese