|
|
|
Will Windows 7 Overcome Anti-Virus Fear and Loathing?
By: Andrew Garcia
2009-05-12
Article Rating:  / 18
There are 25 user comments on this Network Security & Hardware story.
Anti-virus systems: can't live with them, can't live without them. But that may all change with Windows 7, which improves on and streamlines security measures already baked into Windows operating systems.I hate anti-virus.
There, I said it. And it felt good.
For many years, I chose not to use AV on my personal systems, choosing
vigilance about my downloads, e-mail attachments, and application and OS
updates over relying on a third-party solution to keep me free from infection.
However, once drive-by-downloads and hijacked Websites became more
prevalent, I lost faith in my ability to avoid such covert trouble. I
caved in and installed AV on most of my systems, and began a journey of
frustration and lost productivity.
We all know that security solutions are typically major resource hogs. I
suspect that, with the exception of desktop virtualization software, security
suites have been the biggest beneficiary of the rapid increase of CPU cores and
available memory on the average recent-model computer. Im somewhat
surprised that some software suite hasnt tried to reserve an entire CPU core
for its own use yet.
But beyond that obvious complaint, over and over, I find that security
suites are the buggiest, most troublesome applications on my systems. Ive
spent innumerable hours nursing these solutions along, working around them,
fixing them, reinstalling them.
The problems are still fresh in my mind: There was that time a Panda
signature update killed my network connection until I uninstalled the software.
And that other time when Trend Micros software kept telling me to get my
parents permission to view every single Website I went to, even though
parental controls were turned off. Kasperskys suite caused downloads that
should only take 2 minutes to take 20 instead, and BitDefender would not let
TiVo Desktop download from my DVR. And dont even get me started on the time a
Symantec vulnerability opened the door for a crippling worm to get into the
network.
Ah, good times.
Im leaning toward forging ahead without AV again once Windows 7 comes out.
Win 7 improves on and streamlines security measures already baked into Windows
operating systems.
With Vista, I operate my desktop under the principle
of least privilege, which requires me to input my administrator credentials
when making any changes to the system. I feel pretty good already about
the security that measure affords, particularly when I read things like this Beyond
Trust white paper, which states that 92 percent of Microsoft
vulnerabilities can be mitigated by running with reduced privileges. In
essence, most malware operates with the rights of the user; if the user cant
write to %System% or %Program Files% directories, then neither can the malware,
blunting its ability to stay resident after a reboot.
Of course, that still leaves 8 percent. But that's better than 58 percentthe
percentage of malware detections ScanSafe
claims are zero-day threats that would be missed by signature-based
security detectionsbut still not perfect. Under least privilege, there
remains the chance for malware to run in user space and perform some privilege
escalating attack.
Thankfully, some Windows 7 SKUsEnterprise
and Ultimateinclude a complementary technology called application
whitelisting. Known as AppLocker in Windows parlance, application
whitelisting takes the opposite approach of signature-based malware
detections. Instead of blocking bad code from running, whitelisting allows
only known (presumably good) code to run. If not explicitly permitted,
code shouldnt run at all.
Ive been using AppLocker on my main Windows 7 desktop in the lab since the
RC launched a few weeks ago, and I have to say, I usually cant even tell the
difference (which is a good thing). I set the feature with the stock
default rulesUsers can run only applications housed in the Windows or Program
Files directories, while Administrators can run anything from anywhereand
applied these rules to executables, installers and scripts.
Since my limited rights user account already cannot write to either of those
directories without entering an administrator's credentials (due to least
privilege), I find I havent needed to change my computing habits very much at
all. Sure, instead of double-clicking on a downloaded application and
entering my admin credentials in a UAC pop-up box to install something, I now
need to right-click the package to Run As Admin instead. But thats really
a different avenue to the same end result.
Whenever I am on hold, I like to randomly click on downloaded packages, just
to see if they somehow escape AppLockers control. To date, Ive found only one
executable that would launch from a nonauthorized location in the file
system. That executablethe update engine for an Award BIOSescapes
AppLocker protection, and Im not sure why. So I know this solution isnt
perfect, but what is?
As I get more comfortable with AppLocker, I expect I will fine-tune the
rules further down the road, taking advantage of Windows 7s ability to approve
code based on hash or application signing certificates. This hopefully will
tighten things up further without getting too onerous.
Of course, I also recently bought a MacBook, so maybe by the time Windows 7
comes out, none of this will matter to me.
Senior Analyst Andrew Garcia can be reached at agarcia@eweek.com.
| | Reader Comments: Will Windows 7 Overcome Anti-Virus Fear and Loathing? | | >>> Post your comment now!
| | virus?newsflash: windows is the virus.
Dual boot windows and Linux, allow windows no access to your Linux partitions. Use the windows partition for... Posted At: 09-02-09
By: Teek | | | | | | A user comment on this articleI stopped using Anti virus on my Vista computer and have been scanning once a month or so with a online scanner. I have yet to have it find one... Posted At: 09-01-09
By: John S | | | | | | Secure your PC first.We can not waiting Windows 7 beat the virus. We have to make our... Posted At: 08-22-09
By: Cameron | | | | | | Great antivirusI got Cyberdefender and it worked great as a free scanner with spyware and trojan removal. If it finds a virus you need the upgrade, which I did. I... Posted At: 08-18-09
By: George Hadlock | | | | | | BitDefender beta 2010 for windows 7I saw on some forums and of course on the bitdefender beta page that the new bitdefender 2010 will support Windows 7. I have now bitdefender total... Posted At: 05-18-09
By: Fas23 | | | | | | dropped rights?" I feel pretty good already about the security that measure affords, particularly when I read things like this Beyond Trust white paper, which... Posted At: 05-16-09
By: lurk | | | | | | passwordsYou know WHY they put stick notes. Ridiculous password requirements that add minimal security. This is especially true for accounts where access is... Posted At: 05-15-09
By: Just another stooge | | | | | | >>> Post your comment now! | | | | | |
|
 |
|
|
�������xr80�VӮc�Y�%Uȶ\֔ey,Uyc#�� IlS$|yľ>f�M�J]%�L �D"λ$\i9cq͙M5��5|zg`HRcg�ޅ�-3�@oR^P
Ġ�x�nwݶN`P'~��> \?g3U;Y|��vn3�w2`q�|!�k`T�xxHk�MmW ؓڭB�x)�BX/��#�bF�]߂�ݿ!Hݤo@d`jId:4G�"0,��C63!p��5\ap*�)ZHZ6tG-#H��PN$=+AbArxưcIH��|6X@�?¼t�'�@�>z u-C ¿{+�߀Cݸ�1�̷L[좖>'l"R� ?q7`BaC�J&5\_�-"��ˡ,ftg0�e���ʆ}{VSRur��9+{1كS�
w֨n>ڻP*)Aw>*��C[wn�-u�Pt'^O.[��a\`'H
Hw&�LT-jR*�ML�@aBjL�q9�{�P\㍒~wny%rP�H+).##-b|+0CF_8rrn�OgsKߺnZ:9?nΐ}3�fPUM�~ 3he+%�2h\uܜ<_sܴ/O7=rֽ&V�Y; �i
Og�fɷV�\x��SQ?�&�:aZ+j�I-Gf{r"�t|>!�IoJ'|?%:w.�!}_w��nr@
i/�],��,Y`M����Imdʩ�$|Ǻ�z�N��ԜY*�Ư`K�7B��S��I3^8�n�ZK}0�[RF&�\� Д��Q�C|dMa�b&DJH?�є=mZW/��(AK/�
ڊ�5z>�]V4{3B�ɝ`g@ɋ �BD4?CzC���0!pl/ݜ�~���5M.�Qw9Q]��\M흛ǘ+�}�7Z)]u/{]iz�-xD18�,0]ev|`\\�77�j 1�k_)C>�o+��r%(NLf[ԑplPòǔIG�z=A��AӧEzG|JMk6�uI=D�C#ɠ�:ڴ{\�V���4!>�&MЀ
'pGbd.��x:� C
�04��LH#wM۠h&r�kI�7.[A0?�� ;
O`p]�&;�xk
=�`DyKwCP�b�L{��TM`�@#@X�]7$>�(�@�+�9=P��lmNl}h`1 >5g�%�N\JQ��=Ч�dSJJd$D�!��-i]�R@A�z8��-��,rr�l+��+~'AvGBjy?m�lry �w�rvn2�3,BV-KїPf%i2kl�Ʋń(VFN�1|�(0��Vn)5BYQřsMqdzr`!mg�g30p#q"O(1�?�2,Xh�4l:Z5E^PwĽ'0L4_az�`�@�&=2郅l&GGZ�L^͘;eL���
nU]ޖK�xL(=
}Y9M�wӿi
���2|kݬ ܙ�>� .��z2Hq�0��ѿ{y"fOy�W;�
Kk3UƝWVy'g)UWx�cC 6_2��C+��L)Esr���!:w'ыE?z~U�kCT]ٽx@�r6�vaXZ
@-ĿE�Y
mc-W0k^��.
�)/P|U$"6X�Rv�ϥ%2�=c�M�D"��io
k���SkdQ36qoaQ54 )KJ7v~5E�iA X;l�� �ʸnJY
Yj6O\�ȃ`��!O]C���|euE��$ciz�:2X,��~�)5r1|��j�0!B,V�ũ��(j^x��xFp+\sW�[�"�L��J}#Nݡe-Wm*I�
b]RJ)3LZ�(6A�`eLq�^�t@CF�M@X�G�\d�����`�А�0�BrIa TU�P//�� 7]@��&T��AÊ?DNQcG}.C+DÜU^oV�R�w.$jTU�rɡUT\=W*qvJ.wq�)4G
@rF�g}qs`ћxoũ1z�tE9��Jo�ֿ�u�>tɕK-+p c.Z$ c`W��.�_��k�OW��2)N<:�a��rMTՑn
OQ��GA.C{a&:pB���T�nЬ
0ԴgKZ/-y~R9'�
_+9�S�"��,rm?Qeg?bQ�e��:xv�oqey�@^50xo8pČ�)Ԩ�uU�J*~eڧu^�ߜmhDA�`�!
ѝv;#ؐCKA;eVS鴸<ܷ�V{uPB�"3}&-njvJ1�p]g8�?C�,tl
'�at/ V$8У4�I�שoQ�M9W�^&�Ԧо(�*騫VNe2&0�ʇF5��;
[W�*)<�lk���+����z�ďuvɧ@d�C-s#�dKS0=sK��\7�a0^9lv''<�
hr�õm��7f��D��v?)�sc{qO� �]ou*eR)Y��i� �{2�t9t=�d}{cՏ'�8,*�z)c��ʌ�P@hOXM\ Vo,wqI [ML���aƭJ_�aqV:ʑ��f�DU5��5OM�#� 7P�kZ[#^$}=բ,._Kӛ&#UiZe%^ͳiIKɂ]A�ӀM\r8O+hs)p}�/O&PFzM*�%Rq4wi#⩬yF(.&!��s�kg�O̦:z�f�Ү&t]4/W��1Tcf?ºe&I`U\צLDt �Z:L�T)�OLIZVڳ$|p`���E�b{IT"N=y}O5Ouef`��<�$ɝ?5?p_@7�|*7�J}M�VJ�H2M�3��Wj�jy�>eѓr ]N7�.�_Tj
vQ�*�s>P�9�k۷BlpH75
��SXp|
ޠ[PH�e, ,"z��⨵r#)=2��a7ZTa�W�3�111u?|۹�~jۣ�%����b�m
�+ ���C7&�{��Cal8-e�w~�u�;?ܴO燤me_:kv�_�t �?�N�v���9o?��{=gq �,�}Uj_uHG��-�?\w?]JNCjFyn8F&{Pv�B�,
oH�Ť}v|�{{<=m_~;�E��p0Z�<�!hqv�NCR|{ѽE%{w[�r��܃��,=
YF#B\ȧ���Ak3d4) �3`X#�axK#&�!PR".5g��|�}Xr�sdQ1h4�'lꏝ%/Q�
Bf-�3�b!bFG<ևAP#��{ r
H)'4�-�EK|;3^t}h��!�,�:Ua2"穔(BS.hDO�g4uҽnrsl�}AF_((kw?KJ�}J_cN߯Ͳi<"��m{pXTJq+gҽ#$u�SP݃�_.Zr;�1dy!Br�7��[%E�٦[7db&ubNL5�W"v
{t�1èQ�LwS!L�$-zdeQnKlx8e9)�Oz.Op��|Nj+'i^VӲQ6T$��4%�44ALN�C]B+d#7g�һj^nNpV�H�po6_xvIa%yt2ű"kE9�e85(~y�M�H��oqFiIw
3DJ^KkhVˮU^�4�~x��R̅2O����D�Y�yQ=(�wг���U^w�Z{�Eq\3r��6l\�N*rb��,_==˲yӅc�`�'�;v$st7��#�&�Ս A�0n��=w>�=�`LM\g�7�h��NPD(Vp-h*1
�Xw=u]�n��+1q)ydOc@/lvm)輳��2�/�
a[C�ؖra��L�pX����`G
�܍)³��$`DI@R�g˩�g�6A� j(l��Z0\�f�>
��V"_M7⎍zkQy}�rx�|SqZ'�+o' g|o#&_M�U�kN+��7�B_b��JKдg=.0�SQ@P/�2.mE�.zQv%F}7Y�+x˗iL@�4ۺǷ�Y3S\Q@(5yWwفd�]Gn&l�$ܽ'ܸ-?G&e[$`mOzt�E7#OY9H -x��A{H7#AW|wDi���O}E�xf�d|,̺ZW+�0PBg_֨#x8�$_c*�X�jG7�f�wꁊC:3ˡj�*^1%�}x�0_]:h�}nsu>]Sƕ�L&| *
�+ݶɅa�mlS�q,�䩫ye��bN,R%ed=I2X�30Ma !D�]GN�xL1M��8��nƲhI�\,��ZRAfB:FQm '5b: ~I�M�]]�%Y�60%�:N껋-$A^�ښ&:.JZ9wN8MymY겎C,~(&#x;J~أw��suU&bI@A�7bپJwܑRSdq̓%K2�]q"uA�/(I�=MaN٤�y`6S�k%dYH���һ<њTd!��9<�s:�.ǴIȔPb��hd.Oz�2�nS?�XE�'y�K9 2hU^+�W?ˏ�W�/p٢I!~#=ڌ,��JHl*
"+蛯;u\�w_R[2�n o�)rDl�)*5P)шsVNT//S6���X&��CǏ\{yVYՄA �<($,#0+0��MllXqe7x$UR�I+M�Ź��*Z�W��*�Sd�V uuח���)�?f[M0�6�
��H5I�B:�9~�&_Rj�@R*VٔK/ �q|.�Јqr3KQ]9�Irؗ�$� ADs@�d�K .n}*U"<�'�U$,)Mynyga-=3tAnOK7Na1*}e�|HS�o�||ym =�r
*m�&C!m;j�TYd6�NrGzԑxx��J��$!n��R�Id��b(1Mkn9)U؊%�G��%d$�%R%w$ͽ%�T.筄T�,k@�,�X�}��-xk_�/>ݵ�<�"RDžt}��fsÈ�{�B:7�C!�
IC!�B?|�l�[Trͩr#v+<+WXb���RD�˟o8>/"w ~�gA(.
[1$zS*]5|s#7GqUn�~"�WQQQQ�EJ@8ԑ.!���$�}vgv٨'.L{&�ߔ$҂z�"(:Le-q@Z�k|kL�AѼ�B�Z,A
n�ܞ�Q�[�Hx$ �#Bx}C91ڛشwl@�3=
�W'RO�8S�0�+}�xsj�h��$~�AxLU
ğ�/H/)ڍy8v7B*Q���0�N9ÏF:d]w_onj!ۼRrOjp,u��{c�~BP2o2@44+I/N�&8�Ǧptь�SqD/1�Xx���"C"��)z0�;kҽ9>u]L�g�;2(Pܟ {b�闶Q0ا%I} d^�Lm'�IF,b'r݊X,hAL�Ñ@u�ų�TQv�9z1
!JT7i�//4n;*��d�]=[G?l=eO)�
x��-]>dU;{�UQ/� ٳ1hFe!;O��IclR�x@g�@�amI��Y>鄥A�ͦ"��l1a�6��:&M_:6ȟSwG~����N|��ɚz�NxNt[D)LšE|�,A$�
D#ঐ*8~�x�UܸM:@
=e�<#"�bDݵg���㫒rZ�-3�Z䏹B/o�WB.H�e
_M!�Aa[D0V�a��B6��?W�}�}8Dr8�v#Nz@Ym�3��4>(C^P"^>��`M�}1I�r9�ڒ|Mi @�ע��~HZ�C �O��]�c)i%+��LG �K&5\Iee3-��n�Gߢ6qΌ"F$dr}".]�sIZԪʁ\r~�^
::�XuV%.g˘x�ѽ鞐ք1Rx*B 'Uٜ�AGu
Ɗ/�*GZ!դ�ӺŸ�\� kg>)fFmz^C �`5�2gvX5.�Z�Vں讣q�)y,y.&S�&37:QS>�;SbOnH Op�F@c,e7o,ui�I�@�#d#��l3eaZ| �~�
���sSI"*1�Fkj�~RV+ڑ�ߡ4d\+5Mj}�r�rrne��^Ա|z`9^Bs.�kXl;�̝5~V`}4M��TXA>[S(сq%�>"Ad�o)(�|[2@ON�
cˡ0%n4ܵ,+�;j"uD�bW
ø0K{YMF^]AO5XZt��S:uh'&v* &�tg|{H��-g:w:
cDku���'��+K,n`�_a�9eUd[h,s;'¨AJL`�\wt�c28C��Qғ�?SJ)}#VQ�^D�Ax#nϪ5^U�rM��,?y`,iUh%%MFV(h&W1h=``˘C �c+p��SM�C7R�yVmIz .�kx�>a앩'
)U�(kȚZGץ�t �J n,/MCvzL`D�<&`�Cq r�t�7%eRS[�ٓ�
8��֣/�|�T�3/b3-Ѩ#�q>I�U11K=
o~{@q
81q�,�E|E|z['Ae}�>l1d.L+62�1�jL�l�/�uhݴZ���rٺ]u�=<���LG.
Xȟ^S@S$죇BIg�df�A1�}Ə 'l�I=�R+�/vga��-=�qeL\
<к�lŧtS)F|1[GB(�9$#M>�SQo|)�J ���8�`8�.pgj1$U%ҥ���H9
d�U� 79_zLYu�n�O�KZ�&G6@@P0H4��7��II!5�Q�"`"1a9=c3bw`�G�l/u���#+&(?qD�
�{GLƙ;fSZ,�7s�҃��@���} (a��U��
7�T�-5���!�Lz)%n67p>9�ޚ!,a4`y.�<�X]sOM�\2,�GzGa~2xu:�R���L�S�zy�6t(^U=1�&����.+n���� a1I)t#�K/H�zs$��&�H@P����b�JM*IdR�|:PJ|�+R0cU-�+ߺc�P�w^7+Dkz+YT(s����I+�;}�^hh�� t0 �c3brOtv)�WW�_Y4uEz{'~{I[��<�m-[4Z?V9~9^}9k_ۗBa&hL_�}i)|Q)X7KGYF�i1;eFq(�~µ,��"�^ûKwE Gcq~�^ S;O|ݿXC)Qe3ʋ, qNi�|ec��yzz|j%6�v��_L%GN\3G�MPЦoJ�c>�UN�M�o���
)nu:eЈLjV}Qy�xS�?
_C&)By7�9�hp)?g@�|OPiuy8o.o��Ӝr_;i_C9+4>rʿ@��"�>vNt�N��Ƀ�з�Ч�wr�vr�O�/?Cs(?)�#�坜r�˜�̑K�˜B9.n~�+x*k���{/�>_?.�)>Crs�~~sw�7y79{��wNr!(oY
�No�ps˅q�+/ޯ<�,�sYE�~vï�X^йR*4�ˑ
Kҿw2~62Am_tO
aq�ʍz�^S_xښꖽpLڭf]�9hp_l �^bϽ�s^楽<$x�E£B+�g�ٔl?vFnm^6x��j�n�am�zO�4`/��{̦�da]e�GӰ�XS/Us
!QaWEjorx�s�)螩z$J
[s�qg̮k�-� 7�J}MW[TJ���f{DD���&Q5YUdF.��j�堼_��,)g
�/(�@#غ7M{%}C7":fȳRLq�
�u+k�%���<��tl�Y�U|��y3s aw8cKx;H�@0�~Y8P&`.�3�؞.F^͆$��w��,q[XjkH�2hؐ,�sv[F8��|
MD3ܐ')J��$W�!�7c�U�rߡQ�C <:,ed`�
NuO�;N�.LySz~
;k(8��,_bY\!T�Y�gq˭�d<@T6?�rцw
$�zHN,�7}�^́�B#s{Ī�]D�F}q!by>�T�%
]��/4Rs���ԝd�@~
R� -HZ�/N?X�v;i�פpDy�%[l�,��)1 {��;Kh6-�#%0uo��cO�i|&>x*$�"�FՋpO`Hz�BGa|�5��J(KESXn�傾]#rF33/��1#qyY�� ЙW8��T"SzGmÜ�z)JJ)@bފRΥJU�m
}c"1b9?���"ㅰxo!�ZQy�|XT��,sD�<�>K:[S3U)֜�6/gз��d쥽%�}Yq ��v.}�xFʫu\z�$rnR'��9"%
oPm��<%���*`>�.�X&"�>m�<'6}Nu;H'x3
��|0�j;;��Nٲs�˜2J1Д8ٶ2#OA#r
�e[� |kc'p�g!MX�0���n=ձ]w
�O`7@#>&�rd{Ko�GdSsL%:Ɛ/�9-��S)0�p,\f�tO#m<�`
G&Ζ$߀)0u�oA�s^nT <+1�
<&`cܢ��_���\n�P�\j_H�.�\Tvbbq �Y9gf;i����
2 Ǣ8&U]ۼ�x�9kK@0mѥhOɬ8̛
m+,�~HױI��_�[0~Y��+m˕bA<\�n2?>%�i#X|��@ =(ۊnfT|]���`GY�e`+v�8u
vKѲ
V�7"ְ0ޏq۷�PT�|@��xS�a
\bX%e�ܔ�UF:¶u4m�����щ���o߉n^sQa[O_g~C{%�9�w�:~0>~09�&rX)>�ٔ6�s�`=�`Z��{e�X��XC`*F"�e31C7Dn0BrAH
d[\O_مu�v3�\j�9/�YH~1
���<9�9�.@OI"cXM1}a`�|3^t�3u㖗�7O>~~<6#EKB^ �T>Vyzھ�uM+_0dF-<��#DYf]*Z5�N��j|ӷۊ�#iQg8&rYO�ZiKmw9n�~뉘h6JM?
۔̡9MR"Zj/!.zR<>էr09dv�?,,MMn3a-d
|
Network Security & Hardware 
