Consumerization of IT–How to address this
Bring Your Own Device or Consumerization of IT are fairly hot themes in a lot of customer organizations. When I talk to customers, there are typically different reactions, once we bring this up. Some tell us, that it is not part of their strategy; some tell us that they plan to do it but that they have a hard time figuring out, how to secure such an environment; very, very ...
10 Years of Trustworthy Computing at Microsoft
Before joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this was 2001). Mainly they were along two lines: Oh, you are joining a desktop company? ...
10 Reasons to migrate off Windows XP
I would like you to sit back, close your eyes and think about the year 2001. Think about how you used technology back then, how you used the Internet. Now, let’s take it a little bit further back in history and think of the year 2000. Just after we realized that the Year-2000-Problem was handled very well by the industry. How you used technology, how you used the Internet, the ...
Office 365 Becomes First and Only Major Cloud Productivity Service to Comply With Leading EU and U.S. Standards for Data Protection and Security
A long title but this was the title of the official press statement yesterday. Compliance is always a key question in the public cloud space. Therefore it is very important for us that we now achieved three things: Office 365 is compliant with EU Model Clauses, Data Processing Agreements and ISO 27001 among other standards. Office 365 is the first and only major ...
Could Microsoft solve the scareware problem? By Roger Halbheer, on October 22nd, 2009 This morning I read the following article: Microsoft can help kill fake antivirus threat. And interesting approach. The proposal is that we could white-list all the legitimate security software within the OS in order to make it harder to trick the user. Well, would this work? I am not so sure:
- First of all, what is Security Software and how do you find out? All the the security vendors can play by the rules and make sure it is detectable. But sacreware (fake anti-malware software) will probably not – or will for sure not. So, what is the difference between any legitimate application, any application which interacts with the desktop and presents a GUI vs. scareware? Scareware just show scary windows and makes you install their software – which is typically malware.
- The base technology is in Windows but it would have to be applied to security software only.
- What is legitimate security software? There are obvious ones like Symantec’s, McAfee’s, TrendMicros’, F-Secure’s, Microsoft’s solutions. That’s easy. But I am sure (just an experience from the past) that there will be a pretty big gray zone which makes it very hard to decide and who decides then – us?
- Last but not least, let’s talk about the regulators. Do they (and does the market) really want us to take this decision and “certify” anti-malware solutions? This would come with a price – and reading the comments in the article below, this is one of the issues.
To me, the problem is wider spread than “just” fake anti-malware solutions. I understand that this is a problem – definitely and I understand that the thoughts of white-listing security software is attractive. But the problem is malware in general and how the criminals trick the user into installing something they do not want. This leads back to the question of the trusted stack which we address in our End to End Trust vision. To me, that’s the only approach which can be successful
Roger
Related posts:
- Vulnerability in Internet Explorer Could Allow Remote Code Execution
- Both Sides of the Windows 7 UAC Problem
- Security Intelligence Report: "Scareware" on the Raise
- Conficker and Microsoft Anti-Malware Software
- The Africa Cable – A Chance for Africa! – A Threat for the Internet?
Leave a Reply
|
|
|
