Malware’s commercialisation drives security

Redmond is taking action against web nasties. Paul Krill reports

As long as there’s money to be made, computer security will be an issue, said panellists at Microsoft’s Tech Ed 2006 conference in Boston in June. Security remains a problem because of commercial incentives to build malicious software, but progress is being made and the fight will continue, Microsoft says. “The biggest trend I think we hear talked about is the move towards kinds of commercial malicious software,” such as spyware and software to harvest passwords, says Adam Overton, a group manager on the Microsoft Anti-Malware Team. The chance for monetary gain means there will be a lot more of this software, he said at the panel session.

Other panellists agree. “There’s a growing trend on getting on a machine and staying [hidden] on the machine,” so people cannot detect that the software is there, says Mark Russinovich, chief software architect and co-founder of Winternals Software.

Responding to a question on the perception that malicious software is Microsoft’s fault, Matthew Braverman, also a programme manager for Microsoft’s Anti-Malware Team, cited social engineering as a cause of attacks. These attacks can enter a system through email, instant messaging or peer-to-peer networking. Social engineering, says Russinovich, tries to get people to consent to having malware installed on their machines.

Malware, he says, will be adapted to live in a limited environment, not needing a rootkit, for example.

Despite the dire predictions of security remaining an issue, panellists noted progress and cited possible solutions. Offline scanning, for example, is an effective tool for a system infected with a rootkit, Braverman says.

Companies, meanwhile, need to enforce restriction policies on software being installed on their computers, Russinovich says. “The trend that I see here in a corporate environment is the only way to really remain safe, [which] is to enforce application execution policy across your desktops.” He acknowledges his company offers products for this purpose and that his remarks may be viewed as self-promoting.

Microsoft’s Anti-Malware Team recognises that given the amount of malware in existence, it is not feasible to look into every variant. For example, the company has seen 2,000 variants of the Win32/Rbot per month, Braverman says. But Microsoft is working on signatures to combat Rbots.

Fighting malicious software is a battle that can be won, says Christopher Budd, a Microsoft security programme manager. Braverman says that progress is being made but more needs to be done. The company is seeing an average decrease of malware variants that it knows about, he says. Tools that are already available are having an impact, he says.

Malware authors, meanwhile, are being forced into a smaller box, Russinovich says. “Before, they could write whatever kind of crap and it would detect people’s machines,” Russinovich says. “Now, that’s becoming much more difficult.”

Join the newsletter!

Error: Please check your email address.

Tags MicrosoftSpecial IDmalware

More about MicrosoftWinternalsWinternals Software

Show Comments
[]