Story image

ESET gives the lowdown on 'promising' Windows 10 security

26 May 2015

While mobile malware is on the rise, and the fragmented marketplace makes it a tough world for cybercriminals to dominate, the world of desktop and laptop computing is far more clear-cut. According to Net Marketshare, as of last month, just over 90 percent of computers run some form of Windows, making Microsoft’s dominant OS the single most attractive market for cybercriminals to target.

And in the world of Windows threats, there are few experts as knowledgeable as Aryeh Goretsky, distinguished researcher at ESET. So how is the landscape of Windows threats looking as we near the halfway point of 2015? Fairly steady worldwide, Goretsky explains, though the raw data would indicate a few minor fluctuations: A quick data mining through some of our raw data showed that emerging markets in a number of African countries seemed to have the highest level of reported infections, while Japan was amongst the lowest. Of course, raw data such as this needs error checking and normalization, but it is interesting to note how infection rates mirror not just economic growth, but software piracy rates as well.  For the most part the global threat level seems steady, barring a minor uptick in March – time will tell if this is a new trend, or merely a statistical aberration.

One group of Windows users especially liable to malware threats is Windows XP users, following Microsoft ending support for the venerable operating system last year. Despite this, Net Marketshare reports that around 17 percent of users worldwide like to live dangerously and have stubbornly refused to upgrade. What sort of threats have they been subject to? “Largely the same as those targeting newer versions of Windows, with RBot, Zbot, Sirefef, Dorkbot and Delf being among the most commonly-seen threats,” answers Goretsky.

“I did note a significant but declining number of AUTORUN.INF infections, which is interesting as AutoRun is disabled on newer versions of Windows as well as fully-patched versions of Windows XP. This means that there is still a population of computers out there running unpatched versions of XP.”

So are criminals targeting the small but dedicated group of people who stick with Windows XP, then? Goretsky thinks that’s unlikely – at least as an overall trend. “While malware authors frequently update their creations to avoid detection, from an attack perspective I would speculate that the need to do original vulnerability research for attacking Windows XP has diminished,” he explained. “If a patch is released for a vulnerability in a newer operating system such as Windows Vista or 7 which is also present in XP, the malware author can make use of exploit code for the vulnerability without having to worry about it being patched in XP.”

But what about those Windows XP owners that have paid for extended support? These tend to be corporations and governments where the need to update the infrastructure requires a longer game – are these patched versions of Windows XP as safe as the newer actively supported versions of Windows? Not really. As Goretsky puts it, “every version of Windows is more secure than the previous version, because each new version builds on Microsoft’s experience of defending and building threat models for the previous version.”

But just because the OS you’re running is more secure than the previous version doesn’t mean you can get complacent. “That doesn’t prevent someone from disabling security features in a newer version of Windows to make it less secure, or taking steps to increase the security in an older version of Windows in order to make it more resilient to attacks,” he explains.

“The majority of attacks we see targeting Microsoft Windows are financially-motivated, and this means those attacks are going to target the most frequently-used versions of Microsoft Windows. As of right now, that’s Windows 7.”

He’s right. Net Marketshare reports the six year old operating system as running on over half (58.04 percent) of computers worldwide. That should be of special concern, as Windows 7 has now passed out of mainstream support, as reported by We Live Security here. Extended support will be in place until 2020, but for those looking to the future, Windows 10 is in beta and offering built-in security features that Goretsky describes as “very promising.”

“For consumers, I think Windows Hello will be a very interesting authentication device, allowing a computer to recognise the user when they sit down in front of it,” he explains. “On the enterprise side, I think businesses will be interested in Device Guard, a technology that Microsoft just announced a few days ago to control whether programs are allowed to run, backed up by the computer’s own hardware to prevent the mechanisms from being bypassed in software.”

However both of these are only as good as they hardware they’re deployed on, Goretsky explains that they “rely on technologies which are either not yet widely-available or not deployed because the management tools are not yet publicly available.”

Still, as it’s not a final build, there could be more security tricks up Microsoft’s sleeves too, and we know that two factor authentication is to be ‘baked in’ to the operating system from the ground up, which is an excellent start. Could this change how cybercriminals have to go about their business?

“Malware authors, criminal hackers and the like may have to come up with some different approaches for infecting computers, they may even come up with some new types of threats which have not been seen before on the PC.”

But as promising as the early build of Windows 10 looks, Goretsky treats the new OS with the same caution you’d expect of someone with 26 years of professional computer security experience: “The criminals who have been making money off of malware are unlikely to stop doing so just because a new version of Microsoft Windows has come out.”

By Alan Martin, ESET

For more information on ESET, please visit their website.

New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.
Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.