Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

Could Microsoft solve the scareware problem?

Could Microsoft solve the scareware problem?

  • Comments 2
  • Likes

This morning I read the following article: Microsoft can help kill fake antivirus threat. And interesting approach. The proposal is that we could white-list all the legitimate security software within the OS in order to make it harder to trick the user. Well, would this work? I am not so sure:

  • First of all, what is Security Software and how do you find out? All the the security vendors can play by the rules and make sure it is detectable. But sacreware (fake anti-malware software) will probably not – or will for sure not. So, what is the difference between any legitimate application, any application which interacts with the desktop and presents a GUI vs. scareware? Scareware just show scary windows and makes you install their software – which is typically malware.
  • The base technology is in Windows but it would have to be applied to security software only.
  • What is legitimate security software? There are obvious ones like Symantec’s, McAfee’s, TrendMicros’, F-Secure’s, Microsoft's solutions. That’s easy. But I am sure (just an experience from the past) that there will be a pretty big gray zone which makes it very hard to decide and who decides then – us?
  • Last but not least, let’s talk about the regulators. Do they (and does the market) really want us to take this decision and “certify” anti-malware solutions? This would come with a price – and reading the comments in the article below, this is one of the issues.

To me, the problem is wider spread than “just” fake anti-malware solutions. I understand that this is a problem – definitely and I understand that the thoughts of white-listing security software is attractive. But the problem is malware in general and how the criminals trick the user into installing something they do not want. This leads back to the question of the trusted stack which we address in our End to End Trust vision. To me, that’s the only approach which can be successful

Roger

Digg This
Comments
  • How about adding a new way of security in Internet Explorer?

    Not thinking to the neccisary cpu or gpu power, but isn't it technicly possible for IE to check how adds or websites look like?

    Ok, dream scenario here, but what if...

    what if IE checks all pictures and looks if it looks familiar to windows in windows. Classic, xp-style or aero glass, IE recognizes it.

    However, before just killing the picture, it's using text recognition techniques to find keywords saying something like warning, security issue, virus etc.

    With a huge filter database running trough the web, IE checks if the picture/site contains flagged things, and warns the user if neccisary.

    So lets say this is build into IE, how will it help? I mean, what if using techniques like captcha (displacing words etc) make IE unable to recognise the words / layout? Well, then you have wierd looking alerts/windows and thats something you can learn people not to click on!

    But their still tons of ways for Windows to learn people to do the right thing, without having to do any verification stuff that people wouldn't understand anyway.

    Think about the logon screen, it's clean and simple, with lot's of space not being used. What if it contained info about my security status?

    For example, in the bottomleft I get the Windows logo, and in the bottom right it's saying "You've installed Mcafee Security.... and it's up to date. Your next sheduled scan is on Sunday 3AM.

    Such box informs me about my security and if I want it or not, I will be seeing it. I don't have to know about action center, security center of whatever it will be named in future versions, I just read it when I need to login.

    So what if I'm not running antivirus? Then add a warning, that i'm able to "check" so when I login, it automaticly opens up a windows application informing me, like you already doing about antivirus software and why I need it.

    So either way, people know if they are already running an antivirus product or not, and how it's status is. Or they will be forwarded to (indepented) antivirus websites with real software.

    So to answer your question, yes Microsoft can, without having to invest that much, solve the scareware issue for a big part.

  • I really appreciate Peter van Dam's approach.  Seems simple, but I just keep wondering about just how many checking the checkers gets to be so much.

    Excellent discourse.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment