Skip navigation

Microsoft Takes Action Against Malware

Last week, I discussed malicious software (malware) and how enterprises and businesses of all sizes need to tackle this growing problem (see the first URL below). I received a lot of feedback about this crucial topic, much of it related to what actions Microsoft is taking to combat it. This week, I examine what Microsoft is doing both this year and next to deal with spyware, adware, and similar types of electronic attacks.

First, I want to address a few responses that seemed to suggest I was making a mountain out of a molehill. Some people believe that spyware's success is simply the result of user error. That is, if users follow good computing practices, they'll be safe. Not true. Much malware silently installs itself as you browse the Web with Microsoft Internet Explorer (IE). And the effects of such software can be devastating: Spyware can collect personal data, record keystrokes, or even auto-dial toll numbers. Therefore, spyware overlaps very nicely with phishing attacks, which malicious intruders often use for identity theft and fraud.

According to Microsoft, malware caused more than one-third of all Windows XP crashes in early 2004, and because that data is a year old, today's figure is probably much higher. IDC and TruSecure say that up to 80 percent of all consumer PCs have malware installed on them.

Microsoft realizes that it needs to protect users against these and similar threats. One might argue, as I have, that architectural weaknesses in Windows are at the heart of the malware threat--after all, one robs banks because that's where the money is--but no matter. In both the short term and long term, Microsoft is taking steps to eradicate malware.

In the short term, the company has implemented various security technologies in XP Service Pack 2 (SP2) that help mitigate spyware, has purchased GIANT Company Software to obtain its excellent GIANT AntiSpyware product, and will ship IE 7.0 later this year.

For now, XP SP2 includes a new version of IE that features a pop-up blocker, a Manage Add-ons UI for disabling unwanted Browser Help Objects (BHOs) and similar electronic programs, and better warnings to alert users who attempt to download potentially unsafe executables. XP SP2 also includes many new Group Policy Objects (GPOs) that make this release more manageable than previous XP versions. IE 7.0 will build on this functionality and include antiphishing capabilities, network traffic encryption, and more secure machine zone settings.

Microsoft Windows AntiSpyware--free to consumers, but eventually a subscription offering for businesses--is an excellent tool for helping to find, remove, and protect systems against spyware. But the current product--which is still in beta--is woefully inadequate for the enterprise, popping up potentially confusing and unwanted notifications every time there's a configuration change or threat. Microsoft recognizes the need for an enterprise version of Windows AntiSpyware and will ship such a product by the end of this year, although it might be just a beta version.

What will this product entail? The enterprise version of Windows AntiSpyware will feature central deployment of the client application, signatures, and settings and provide a centralized reporting engine that aggregates information from the clients and lets administrators drill down to specific PCs when needed. It will feature the ability to disable the client-side UI so that desktop users aren't surprised by notifications. And administrators will be able to control at a companywide level which software users can download and run.

These efforts are all stop-gap measures, of course. But by the time Longhorn ships in mid-2006, Microsoft will have begun to address some of the core security problems that have bedeviled Windows users for years. That sounds a bit vague, but we should know more by the time Longhorn Beta 1 ships in May.

First, Longhorn PCs will start and run in a known-good state that features secure startup protection and full-volume encryption to protect files when the system is offline. When Longhorn is running, code integrity technology will protect the OS against attacks. These two technologies will also attempt to prevent malicious intruders from physically taking a Longhorn-formatted hard disk and accessing it from another PC, via another OS. Longhorn will optionally support the Trusted Platform Module (TPM) technologies that are designed to help protect notebooks from theft-related data loss.

Second, Limited User accounts will finally work properly in Longhorn. All users--even those with administrative privileges--will run normally in Limited User mode. The system will force legacy Win32 applications to run under the lowest possible privilege level and prompt the user for administrative credentials when required. Longhorn-savvy applications will be written to follow this requirement by default, and Microsoft will include UI functionality (typically an Unlock/Unlocked button) in key places in Windows so that power users can unlock administrator-level functionality as needed. When you want to install an application, you'll be prompted for an Administrator password.

Third, Longhorn will optionally support the Palladium security technologies and will integrate with certain Longhorn Server features to provide an interesting Network Access Protection (NAP) service that many enterprises will want to take advantage of. For malware specifically, Longhorn will include integrated software resiliency for spyware detection and cleaning. This software will be based on the GIANT AntiSpyware technology that Microsoft purchased last year.

Related Resources

Spyware: the Greatest Threat Yet to the Corporate Desktop?

Updated: A Flurry of Enterprise Spyware Solutions

Microsoft Enters the War on Spyware

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.