This morning I read the following article: Microsoft can help kill fake antivirus threat. And interesting approach. The proposal is that we could white-list all the legitimate security software within the OS in order to make it harder to trick the user. Well, would this work? I am not so sure:
To me, the problem is wider spread than “just” fake anti-malware solutions. I understand that this is a problem – definitely and I understand that the thoughts of white-listing security software is attractive. But the problem is malware in general and how the criminals trick the user into installing something they do not want. This leads back to the question of the trusted stack which we address in our End to End Trust vision. To me, that’s the only approach which can be successful
How about adding a new way of security in Internet Explorer?
Not thinking to the neccisary cpu or gpu power, but isn't it technicly possible for IE to check how adds or websites look like?
Ok, dream scenario here, but what if...
what if IE checks all pictures and looks if it looks familiar to windows in windows. Classic, xp-style or aero glass, IE recognizes it.
However, before just killing the picture, it's using text recognition techniques to find keywords saying something like warning, security issue, virus etc.
With a huge filter database running trough the web, IE checks if the picture/site contains flagged things, and warns the user if neccisary.
So lets say this is build into IE, how will it help? I mean, what if using techniques like captcha (displacing words etc) make IE unable to recognise the words / layout? Well, then you have wierd looking alerts/windows and thats something you can learn people not to click on!
But their still tons of ways for Windows to learn people to do the right thing, without having to do any verification stuff that people wouldn't understand anyway.
Think about the logon screen, it's clean and simple, with lot's of space not being used. What if it contained info about my security status?
For example, in the bottomleft I get the Windows logo, and in the bottom right it's saying "You've installed Mcafee Security.... and it's up to date. Your next sheduled scan is on Sunday 3AM.
Such box informs me about my security and if I want it or not, I will be seeing it. I don't have to know about action center, security center of whatever it will be named in future versions, I just read it when I need to login.
So what if I'm not running antivirus? Then add a warning, that i'm able to "check" so when I login, it automaticly opens up a windows application informing me, like you already doing about antivirus software and why I need it.
So either way, people know if they are already running an antivirus product or not, and how it's status is. Or they will be forwarded to (indepented) antivirus websites with real software.
So to answer your question, yes Microsoft can, without having to invest that much, solve the scareware issue for a big part.
I really appreciate Peter van Dam's approach. Seems simple, but I just keep wondering about just how many checking the checkers gets to be so much.