Security firm Bitdefender says Windows Defender is to blame
By Lee Bell
Fri Nov 09 2012, 13:34
MICROSOFT'S WINDOWS 8 operating system (OS) is prone to infection by 15 percent of the most popular malware used by cyber criminals this year, security firm Bitdefender has found.
According to the Romanian security company, Windows 8 was infected by 61 malware threats out of 385 of the most popular malware samples in its most recent test, even with Microsoft's own built-in anti-malware software, Widnows Defender running.
Bitdefender's senior e-threat analyst, Bogdan Botezatu said that this is because Windows Defender isn't very good at detecting the major malware threats at the moment.
"In a cyber-world where missing a single infection can have catastrophic results for the user, the 61 incidents we logged with Windows Defender installed is a serious concern," Botezatu told The INQUIRER.
"It may be true that, compared to the lack of antivirus software, the overall security has improved considerably, but if 61 pieces of malware that have been known for the last [six] months pierce right through Windows Defender, we wonder what the success rate would be for freshly-discovered threats or polymorphic malware."
Botezatu told us that the sample set found was largely built of Trojans, including password stealers, adware planters, backdoor applications and generic bots, as well as worms, file infectors and two rootkit based pieces of malware.
"By far, the best performing categories were Trojans, as most of them are obfuscated enough to prevent initial detection, and some of them do not require UAC elevation, which allows them to sneak into the system without getting blocked or spotted," he said.
When carrying it out its examinations, Bitdefender performed an automated test set up on three physical machines each running Windows 7, Windows 8 and Windows 8 with Windows Defender disabled. The machines were booted from a network boot server, copied each sample of malware from the network FTP server and tried to execute it locally.
"After the execution attempt, we compared the process and registry differences between the initial state of the machine and the post-execution state to see if the sample that got executed spawned its own process, modified another process and / or created additional registry entries and files," Botezatu said. "These differences got logged into a database, then the machine got rebooted to its clean state pending another round of tests."
At least Windows Defender seems to be doing some good though, as when Bitdefender tested without Windows Defender activated, it said the results were worse. Of the 385 samples, 234 ran successfully.
Bitdefender's tests come just days before Microsoft delivers its first Windows 8 patch, set for next week's scheduled Patch Tuesday security update. It will include fixes for vulnerabilities in Windows, Internet Explorer, Office and the .NET framework. Perhaps this will help protect against some of the vulnerabilities Bitdefender discovered in Windows 8.
By Lee Bell
Fri Nov 09 2012, 13:34
MICROSOFT'S WINDOWS 8 operating system (OS) is prone to infection by 15 percent of the most popular malware used by cyber criminals this year, security firm Bitdefender has found.
According to the Romanian security company, Windows 8 was infected by 61 malware threats out of 385 of the most popular malware samples in its most recent test, even with Microsoft's own built-in anti-malware software, Widnows Defender running.
Bitdefender's senior e-threat analyst, Bogdan Botezatu said that this is because Windows Defender isn't very good at detecting the major malware threats at the moment.
"In a cyber-world where missing a single infection can have catastrophic results for the user, the 61 incidents we logged with Windows Defender installed is a serious concern," Botezatu told The INQUIRER.
"It may be true that, compared to the lack of antivirus software, the overall security has improved considerably, but if 61 pieces of malware that have been known for the last [six] months pierce right through Windows Defender, we wonder what the success rate would be for freshly-discovered threats or polymorphic malware."
Botezatu told us that the sample set found was largely built of Trojans, including password stealers, adware planters, backdoor applications and generic bots, as well as worms, file infectors and two rootkit based pieces of malware.
"By far, the best performing categories were Trojans, as most of them are obfuscated enough to prevent initial detection, and some of them do not require UAC elevation, which allows them to sneak into the system without getting blocked or spotted," he said.
When carrying it out its examinations, Bitdefender performed an automated test set up on three physical machines each running Windows 7, Windows 8 and Windows 8 with Windows Defender disabled. The machines were booted from a network boot server, copied each sample of malware from the network FTP server and tried to execute it locally.
"After the execution attempt, we compared the process and registry differences between the initial state of the machine and the post-execution state to see if the sample that got executed spawned its own process, modified another process and / or created additional registry entries and files," Botezatu said. "These differences got logged into a database, then the machine got rebooted to its clean state pending another round of tests."
At least Windows Defender seems to be doing some good though, as when Bitdefender tested without Windows Defender activated, it said the results were worse. Of the 385 samples, 234 ran successfully.
Bitdefender's tests come just days before Microsoft delivers its first Windows 8 patch, set for next week's scheduled Patch Tuesday security update. It will include fixes for vulnerabilities in Windows, Internet Explorer, Office and the .NET framework. Perhaps this will help protect against some of the vulnerabilities Bitdefender discovered in Windows 8.
