Daily Archives: November 5, 2009

security, windows, windows 7

Sophos Windows 7 anti-virus test tells us nothing we don’t already know

1 Comment

Sophos is getting good publicity for its latest sales pitch virus test on Windows 7. This tells us:

We grabbed the next 10 unique samples that arrived in the SophosLabs feed to see how well the newer, more secure version of Windows and UAC held up. Unfortunately, despite Microsoft’s claims, Windows 7 disappointed just like earlier versions of Windows. The good news is that, of the freshest 10 samples that arrived, 2 would not operate correctly under Windows 7.

Unfortunately Chester Wisniewski from Sophos is vague about his methodology, though he does say that Windows 7 was set up in its default state and without anti-virus installed. The UAC setting was on its new default, which is less secure (and intrusive) than the default in Windows Vista.

My presumption is that he copied each virus to the machine and executed it – and was apparently disappointed (or more likely elated) to discover that 8 out of 10 examples infected the machine.

It might be more accurate to say that he infected the machine, when he copied the virus to it and executed it.

I am not sure what operating system would pass this test. What about a script, for example, that deleted all a user’s documents? UAC would not attempt to prevent that; users have the right do delete their own documents if they wish. Would that count as a failure?

Now, it may be that Wisniewski means that these executables successfully escalated their permissions. This means, for example, that they might have written to system locations which are meant to be protected unless the user passes the UAC prompt. That would count as some sort of failure – although Microsoft has never claimed that UAC will prevent it, particularly if the user is logged on with administrative rights.

If this were a serious study, we would be told what the results were if the user is logged on with standard user rights (Microsoft’s long-term goal), and what the results were if UAC is wound up to its highest level (which I recommend).

Even in that case, it would not surprise me if some of the malware succeeded in escalating its permissions and infecting system areas, though it would make a more interesting study. The better way to protect your machine is not to execute the malware in the first place. Unfortunately, social engineering means that even skilled users make mistakes; or sometimes a bug in the web browser enables a malicious web site to install malware (that would also be a more interesting study). Sometimes a user will even agree to elevate the malware’s rights – UAC cannot prevent that.

My point: the malware problem is too important to trivialise with this sort of headline-grabbing, meaningless test.

Nor do I believe the implicit message in Wisniewski’s post, that buying and installing Sophos will make a machine secure. Anti-virus software has by and large failed to protect us, though undoubtedly it will prevent some infections.

See also this earlier post about UAC and Windows security, which has links to some Microsoft statements about it.

Technorati Tags: ,,,
cloud computing, google, microsoft, windows

The cloud in education: Google Apps vs Live@Edu

1 Comment

I’ve been researching the use of cloud apps in education for a talk I am giving next week. I’m normally more business-focused, and it’s been interesting to uncover another area where Microsoft and Google are in hot competition. Both companies are happy to give educational institutions free cloud email and collaboration services; and the offer is being snapped up by colleges and universities hard-pressed for money and tired of fighting spam-clogged inboxes. 

Microsoft has first mover advantage here: Live@Edu has been around since March 2005 as a service based on hotmail, though its evolution into a fuller collaboration system is more recent, whereas Google Apps for Education did not appear until October 2006. They are both generous schemes – of course the providers want to get students hooked on their stuff – and as far as I can tell both are well liked.

What is interesting is to look at the points of differentiation, which show the contrasting approach of these two companies. Microsoft is pursuing its “software plus services” strategy, which means desktop applications still play an important role. The email is Exchange-based, so you can use other email clients, but only Outlook on Windows will deliver full features. Document collaboration is based primarily on cloud storage rather then editing, though when Office Web Apps appear next year users will have some lightweight editing tools.

Google on the other hand is primarily web based, with desktop support as an add-on. Google has the lead when it comes to online document editing, since it has had Google Docs for some time, whereas Office Web Apps are still in beta. Google has no bias towards Windows and Office. With Google, a document’s primary existence is in the cloud, although you can export and import with possible loss of data or formatting.

Something else I noticed is that Google has big plans for integration with mobile devices, whereas Microsoft seems mainly concerned with Exchange synchronisation.

Microsoft’s pitch is that if you live in Windows anyway, with Exchange and SharePoint on the server, and Windows and Office on the client, then its cloud service integrates nicely. Google on the other hand is more revolutionary, not caring about what you run as long as you can connect to its services.

Although the software plus services idea has attractions, it sounds more like a transitional strategy than one for the long term. Over time, as the web platform gets more powerful, and as rich internet applications take over from pure desktop applications, the services part will grow absolutely dominant.

Google is a cooler brand than Microsoft, which helps its case when students are asked which platform they prefer.

Has anyone tried both platforms? Or even just one of them? I’d be interested in hearing your comments.