This morning I read the following article: Microsoft can help kill fake antivirus threat. And interesting approach. The proposal is that we could white-list all the legitimate security software within the OS in order to make it harder to trick the user. Well, would this work? I am not so sure:

• First of all, what is Security Software and how do you find out? All the the security vendors can play by the rules and make sure it is detectable. But sacreware (fake anti-malware software) will probably not – or will for sure not. So, what is the difference between any legitimate application, any application which interacts with the desktop and presents a GUI vs. scareware? Scareware just show scary windows and makes you install their software – which is typically malware.
• The base technology is in Windows but it would have to be applied to security software only.
• What is legitimate security software? There are obvious ones like Symantec’s, McAfee’s, TrendMicros’, F-Secure’s, Microsoft's solutions. That’s easy. But I am sure (just an experience from the past) that there will be a pretty big gray zone which makes it very hard to decide and who decides then – us?
• Last but not least, let’s talk about the regulators. Do they (and does the market) really want us to take this decision and “certify” anti-malware solutions? This would come with a price – and reading the comments in the article below, this is one of the issues.

To me, the problem is wider spread than “just” fake anti-malware solutions. I understand that this is a problem – definitely and I understand that the thoughts of white-listing security software is attractive. But the problem is malware in general and how the criminals trick the user into installing something they do not want. This leads back to the question of the trusted stack which we address in our End to End Trust vision. To me, that’s the only approach which can be successful

Roger

Get ready for the swineflu:

Roger

Quite a while ago I blogged about the SharePoint External Collaboration Toolkit. I just wanted to make you aware that this toolkit is now moved to Codeplex and can be found here: http://cks.codeplex.com/

Roger

At the moment I invest a lot of my time in a Whitepaper on Client and Cloud Security. There are a few fundamentals, which are already clear to me:

• You will not be able to run a trusted cloud ecosystem without a trusted client and trusted interactions. So, the End to End Trust model is needed in the cloud as well.
• A strong, federated identity metasystem is at the base of any cloud security
• Process transparency as an absolute need if you move to the cloud. If the provider tells you “you should not care about that, we take care of your security” – walk away from the deal.

This morning I read a blog post by Theresa Carlson. She is a Vice President in the Public Sector at Microsoft Us and blogged about Secure the Datacenter, Secure the Cloud. She raises the issue of process transparency as well and it is a post which is definitely worth readying.

Roger

COFEE is a tool available to Law Enforcement only to capture online evidence with a little training as possible. The idea behind the tool is, that there is little need for high-trained staff to be available during e.g. house searches and that a normal, much less trained officer can capture all the data. Until today, Interpol was the only channel for distribution. Now, the US National White Collar Crime Center is the second organization being able to distribute it.

If you are a Law Enforcement Agency/Officer and want access to the tool, you may contact Interpol or NW3C

Roger