Does Microsoft plan to capture the information security market using Windows 8?
The recent Build conference, organized by Microsoft, caused a real sensation in the industry after the announcement of many new useful features in the upcoming release of Windows 8. Although mainly these features are related to the new user interface, performance issues and multi-platform support; The company also introduced a range of security innovations. Today we will ask questions on this topic for Alexey Polyakov, the head of the department for promptly resolving virus incidents, our consulting service, which helps companies in investigating information security incidents and advises on improving corporate policies in this area. Note, he previously worked at Microsoft, where he was at the forefront of developing information security products of the company.
- Alexey, hello! What can you say about the security of Microsoft products in general?
- Microsoft is known primarily as a supplier of the most popular operating system in the world, as well as a set of business applications. Unfortunately, the company's very successful business has always attracted the interest of cybercriminals who are trying to use Microsoft products for their illegal purposes.
As they say, such is life. However, it would be wrong because of this to consider Microsoft as some kind of malicious company that develops bad software; it's more about the popularity of its products, which attracts such a large number of cybercriminals.
At the same time, Microsoft does a lot to enhance the security of its software. I know what I'm talking about. At one time, I was privileged to work in this extremely successful company, as well as with many of its partners. In this regard, Kaspersky Lab is a case in point. We rely on the wisdom of Microsoft solutions, in other words, on their openness and transparency, to be able to better integrate our products with Microsoft software and improve customer protection. I also have to say that Microsoft does a lot to make us (and our customers) feel comfortable.
')
The company continuously improves the built-in security features and does it efficiently and quickly. And, of course, Microsoft is actively improving its solutions, unlike Apple, which claims that it is not bothered by the malware problem, since it cannot exist on Mac OS. Microsoft is very effective and quickly eliminates security breaches as soon as they become apparent, and this is done primarily due to improvements in the Windows automatic updating system and the growing share of Windows 7 installations on personal computers.
- As one of the participants in the development of some of the most important security technologies in Windows 8, what can you say about the main achievements in this area?
- Microsoft has extensive experience in continually improving the security of its products. As for the Windows 8 package, in this case we are not talking about some kind of breakthrough (do not expect this version to solve all problems related to malware). However, the new system has interesting features that will allow us to more effectively deal with cybercriminals. Some of them are offered for the first time, while others have been largely reworked compared to the previous version.
The first line of defense remains the same. Here you can see improvements in both the operation of the Malicious Software Removal Tool (MSRT) and Windows Defender, the latest product now capable of providing real-time protection without intrusive alerts and notifications in the past. Combined with SmartScreen technology (similar to the reputation check service, the Link Checker and Reputation Program in our products) and the improved BitLocker function (a disk encryption tool available for the most complete versions of Windows 8), they provide excellent basic protection.
However, if the malware still gets into the computer, users will be able to restore the operating system using a combination of the Secure Boot secure boot function (Windows’s own boot sequence checks on the Windows system) and the Standalone System Sweeper recovery disk (similar to our Disaster Recovery Disk - clean boot disk for system recovery).
- Something doesn’t seem like an avalanche of new solutions for the market! Why do you think Microsoft is still developing its own built-in security features?
- I believe that in this case we are not talking about Microsoft’s attempt to seize the information security market. The company understands very well that the IT security industry (especially when it comes to protecting against malware) is an industry of highly specialized and flexible specialists. Since the MSAV antivirus program in 1993, Microsoft has made several unsuccessful attempts to enter this market as a solution provider. I do not think that her plans include repeating this error.
Customers prefer solutions offered by specialized companies operating in the field of information security, because they have the necessary specialized experience, which can sometimes take decades to accumulate, and are able to quickly respond to modern computer attacks. As a rule, these companies offer more advanced virus detection and removal, a wide range of products, plus the necessary combinations of solutions for various operating systems and platforms, mobile devices, servers and desktops, not to mention multi-level protection and dedicated support services. Speed ​​is a key factor in this business.
I believe that working to improve the security of Microsoft products is due to two main reasons.
First, customers, government agencies, the press, the industry, etc., all pushed Microsoft to improve the security of their products, and in this regard, the security features of Windows 8 are the answer to these market and public demands.
Secondly, Microsoft does not claim to provide absolute, impenetrable protection by analogy with the impregnable store of US gold reserves at the Fort Knox military base. Instead, the company provides users with a strong basic protection and a well thought out platform for integrating products from information security solution providers.
- Please name the three most important security features in Windows 8.
- Of course.
• It is an updated and advanced Windows Defender, which is tightly integrated with a malware removal tool;
• Disk recovery Standalone System Sweeper;
• And the most interesting, in my opinion, and technologically advanced secure boot Secure Boot. It is very important for third-party security solutions, because it provides useful data in the early stages of booting the OS and allows you to detect and prevent the most sophisticated malware infection such as rootkits and bootkits.
- Your name is mentioned in the list of inventors of the Secure Boot technology, and the patent data file itself is dated back to 2006. What can you say about the reasons why Secure Boot technology is so important, and why did its implementation in Microsoft take so long?
“I’m sure that Secure Boot makes life harder for cybercriminals. Of course, this is not to say that this function is a panacea. However, it will force cybercriminals to rewrite the infection procedures in use and look for new ways to gain control over computers. Sooner or later they will find such a way. The only question is when, and how effective will it be.
And, of course, Microsoft took quite a long time to move from the verification stage of the concept of the Secure Boot technology to the stage of the function ready for use. However, it is necessary to take into account the fact that it was a very complex project, in which many different working groups participated from the initial development stage. Nevertheless, I am very pleased that Microsoft has been given the "green light" for this technology, and it finally appeared in the Windows 8 system.
- Please tell us more about Secure Boot!
- Secure Boot technology is part of the standard operating system boot process. At the same time, at the early stage of loading, each driver of the software is checked and, thus, the use of malicious drivers is initially not allowed.
In fact, Secure Boot is part of the Platform Integrity Architecture (PIA), which also includes two additional components: the Early Launch Anti-Malware driver (ELAM - early anti-malware program) and the Measured Boot Attestation function (MBA) - measured download certification). The PIA architecture works in conjunction with another useful feature, the Standalone System Sweeper Restore Disk, which allows for in-depth system analysis. It can analyze the files and contents of the registry of an infected system when the OS is idle. Overall, this is an excellent solution for eliminating the effects of complex attacks using malware and removing hidden malware from the OS boot sequence.
- What is the position of Microsoft in the issue of transparency of relations and cooperation with independent software vendors, and in particular, with software vendors in the field of information security? Also, how can independent software vendors use new security features in Windows 8?
“I’m particularly impressed by the openness Microsoft shows towards independent software vendors.” For example, we in LK are working very closely with Microsoft to include support for all of the basic Windows 8 security features in our future products. And this is not just some one-off event of such cooperation. We have been working together for a long time and since the beginning of the 2000s we have been cooperating on every new release of Windows.
Regarding the second question, how can independent software vendors use new security features in the Windows 8 system. Our task is to provide support for the PIA architecture immediately after the release of the system in order to enable users to take full advantage of its features.
We started working with Microsoft on securing Windows 8 in 2010. Our developers took part in special trainings and brainstorming seminars to better understand the features of the platform and changes in architecture, directly and personally talked with the guys from Microsoft.
In general, I have to say that Microsoft does a lot to increase the security of its products, and demonstrates a high level of openness and willingness to cooperate with independent software vendors. For this I take my hat off to them.
- What can users expect from future versions of our products in terms of integration with new security features in Windows 8? What are the benefits of such integration?
“We fully support the PIA architecture and also integrate, wherever possible, our products for both home and business with other Windows 8 security features.
For example, we are currently working closely with Microsoft to provide support for the already mentioned Early Launch Anti-Malware (ELAM) function in order to enhance our protection against rootkits, possibly the most well-known and sophisticated technology used in malware. The ELAM feature will allow us to securely block rootkits when booting the OS and significantly increase our ability to clean viruses from already infected computers.
As already mentioned, another useful feature of Windows 8 that we are going to integrate into our products is the Measured Boot Attestation (MBA) certification. This technology acts as a kind of security guarantee at the Windows kernel level, which allows only verified and certified applications to be allowed into the OS boot sequence. However, in the future version of KIS / KAV 2013, we will improve the certification process and connect it to the cloud-based Kaspersky Security Network (video, additional information). Ultimately, this feature will also take advantage of our technology for compiling a list of “white” applications and attain the maximum degree of integration of Windows and Kaspersky Lab products, as well as their protection against various dangers.
- Well! Alexey, thank you very much for this conversation and an interesting story about the future security features of Windows 8 and our plans to support it.
- Alexey, hello! What can you say about the security of Microsoft products in general?
- Microsoft is known primarily as a supplier of the most popular operating system in the world, as well as a set of business applications. Unfortunately, the company's very successful business has always attracted the interest of cybercriminals who are trying to use Microsoft products for their illegal purposes.
As they say, such is life. However, it would be wrong because of this to consider Microsoft as some kind of malicious company that develops bad software; it's more about the popularity of its products, which attracts such a large number of cybercriminals.
At the same time, Microsoft does a lot to enhance the security of its software. I know what I'm talking about. At one time, I was privileged to work in this extremely successful company, as well as with many of its partners. In this regard, Kaspersky Lab is a case in point. We rely on the wisdom of Microsoft solutions, in other words, on their openness and transparency, to be able to better integrate our products with Microsoft software and improve customer protection. I also have to say that Microsoft does a lot to make us (and our customers) feel comfortable.
')
The company continuously improves the built-in security features and does it efficiently and quickly. And, of course, Microsoft is actively improving its solutions, unlike Apple, which claims that it is not bothered by the malware problem, since it cannot exist on Mac OS. Microsoft is very effective and quickly eliminates security breaches as soon as they become apparent, and this is done primarily due to improvements in the Windows automatic updating system and the growing share of Windows 7 installations on personal computers.
- As one of the participants in the development of some of the most important security technologies in Windows 8, what can you say about the main achievements in this area?
- Microsoft has extensive experience in continually improving the security of its products. As for the Windows 8 package, in this case we are not talking about some kind of breakthrough (do not expect this version to solve all problems related to malware). However, the new system has interesting features that will allow us to more effectively deal with cybercriminals. Some of them are offered for the first time, while others have been largely reworked compared to the previous version.
The first line of defense remains the same. Here you can see improvements in both the operation of the Malicious Software Removal Tool (MSRT) and Windows Defender, the latest product now capable of providing real-time protection without intrusive alerts and notifications in the past. Combined with SmartScreen technology (similar to the reputation check service, the Link Checker and Reputation Program in our products) and the improved BitLocker function (a disk encryption tool available for the most complete versions of Windows 8), they provide excellent basic protection.
However, if the malware still gets into the computer, users will be able to restore the operating system using a combination of the Secure Boot secure boot function (Windows’s own boot sequence checks on the Windows system) and the Standalone System Sweeper recovery disk (similar to our Disaster Recovery Disk - clean boot disk for system recovery).
- Something doesn’t seem like an avalanche of new solutions for the market! Why do you think Microsoft is still developing its own built-in security features?
- I believe that in this case we are not talking about Microsoft’s attempt to seize the information security market. The company understands very well that the IT security industry (especially when it comes to protecting against malware) is an industry of highly specialized and flexible specialists. Since the MSAV antivirus program in 1993, Microsoft has made several unsuccessful attempts to enter this market as a solution provider. I do not think that her plans include repeating this error.
Customers prefer solutions offered by specialized companies operating in the field of information security, because they have the necessary specialized experience, which can sometimes take decades to accumulate, and are able to quickly respond to modern computer attacks. As a rule, these companies offer more advanced virus detection and removal, a wide range of products, plus the necessary combinations of solutions for various operating systems and platforms, mobile devices, servers and desktops, not to mention multi-level protection and dedicated support services. Speed ​​is a key factor in this business.
I believe that working to improve the security of Microsoft products is due to two main reasons.
First, customers, government agencies, the press, the industry, etc., all pushed Microsoft to improve the security of their products, and in this regard, the security features of Windows 8 are the answer to these market and public demands.
Secondly, Microsoft does not claim to provide absolute, impenetrable protection by analogy with the impregnable store of US gold reserves at the Fort Knox military base. Instead, the company provides users with a strong basic protection and a well thought out platform for integrating products from information security solution providers.
- Please name the three most important security features in Windows 8.
- Of course.
• It is an updated and advanced Windows Defender, which is tightly integrated with a malware removal tool;
• Disk recovery Standalone System Sweeper;
• And the most interesting, in my opinion, and technologically advanced secure boot Secure Boot. It is very important for third-party security solutions, because it provides useful data in the early stages of booting the OS and allows you to detect and prevent the most sophisticated malware infection such as rootkits and bootkits.
- Your name is mentioned in the list of inventors of the Secure Boot technology, and the patent data file itself is dated back to 2006. What can you say about the reasons why Secure Boot technology is so important, and why did its implementation in Microsoft take so long?
“I’m sure that Secure Boot makes life harder for cybercriminals. Of course, this is not to say that this function is a panacea. However, it will force cybercriminals to rewrite the infection procedures in use and look for new ways to gain control over computers. Sooner or later they will find such a way. The only question is when, and how effective will it be.
And, of course, Microsoft took quite a long time to move from the verification stage of the concept of the Secure Boot technology to the stage of the function ready for use. However, it is necessary to take into account the fact that it was a very complex project, in which many different working groups participated from the initial development stage. Nevertheless, I am very pleased that Microsoft has been given the "green light" for this technology, and it finally appeared in the Windows 8 system.
- Please tell us more about Secure Boot!
- Secure Boot technology is part of the standard operating system boot process. At the same time, at the early stage of loading, each driver of the software is checked and, thus, the use of malicious drivers is initially not allowed.
In fact, Secure Boot is part of the Platform Integrity Architecture (PIA), which also includes two additional components: the Early Launch Anti-Malware driver (ELAM - early anti-malware program) and the Measured Boot Attestation function (MBA) - measured download certification). The PIA architecture works in conjunction with another useful feature, the Standalone System Sweeper Restore Disk, which allows for in-depth system analysis. It can analyze the files and contents of the registry of an infected system when the OS is idle. Overall, this is an excellent solution for eliminating the effects of complex attacks using malware and removing hidden malware from the OS boot sequence.
- What is the position of Microsoft in the issue of transparency of relations and cooperation with independent software vendors, and in particular, with software vendors in the field of information security? Also, how can independent software vendors use new security features in Windows 8?
“I’m particularly impressed by the openness Microsoft shows towards independent software vendors.” For example, we in LK are working very closely with Microsoft to include support for all of the basic Windows 8 security features in our future products. And this is not just some one-off event of such cooperation. We have been working together for a long time and since the beginning of the 2000s we have been cooperating on every new release of Windows.
Regarding the second question, how can independent software vendors use new security features in the Windows 8 system. Our task is to provide support for the PIA architecture immediately after the release of the system in order to enable users to take full advantage of its features.
We started working with Microsoft on securing Windows 8 in 2010. Our developers took part in special trainings and brainstorming seminars to better understand the features of the platform and changes in architecture, directly and personally talked with the guys from Microsoft.
In general, I have to say that Microsoft does a lot to increase the security of its products, and demonstrates a high level of openness and willingness to cooperate with independent software vendors. For this I take my hat off to them.
- What can users expect from future versions of our products in terms of integration with new security features in Windows 8? What are the benefits of such integration?
“We fully support the PIA architecture and also integrate, wherever possible, our products for both home and business with other Windows 8 security features.
For example, we are currently working closely with Microsoft to provide support for the already mentioned Early Launch Anti-Malware (ELAM) function in order to enhance our protection against rootkits, possibly the most well-known and sophisticated technology used in malware. The ELAM feature will allow us to securely block rootkits when booting the OS and significantly increase our ability to clean viruses from already infected computers.
As already mentioned, another useful feature of Windows 8 that we are going to integrate into our products is the Measured Boot Attestation (MBA) certification. This technology acts as a kind of security guarantee at the Windows kernel level, which allows only verified and certified applications to be allowed into the OS boot sequence. However, in the future version of KIS / KAV 2013, we will improve the certification process and connect it to the cloud-based Kaspersky Security Network (video, additional information). Ultimately, this feature will also take advantage of our technology for compiling a list of “white” applications and attain the maximum degree of integration of Windows and Kaspersky Lab products, as well as their protection against various dangers.
- Well! Alexey, thank you very much for this conversation and an interesting story about the future security features of Windows 8 and our plans to support it.
Source: https://habr.com/ru/post/132424/
All Articles