back to article It's 2015 and Microsoft has figured out anything can break Windows

Microsoft head software engineer Lee Holmes says Windows 10 applications will now be able to plug into installed anti-virus platforms to better combat malicious scripts. Holmes says the Windows 10 Antimalware Scan Interface (AMSI) will allow apps and services to use anti-virus to find badness operating in memory. He says most …

  1. Charles Manning

    Surely...

    The effort going into malware fixing is obscene (without even mentioning all the runtime resources).

    Surely it would be easier to just start again and write a robust OS from the ground up? I can't think the Windows API is that stuffed that it could not be done simpler than what we've seen.

    1. Trevor_Pott Gold badge

      Re: Surely...

      I seem to recall Microsoft started a project on that a few years back. Complete rewrite of the kernel, new design...but it takes rather a lot of time, and may never see the light of day.

      1. Anonymous Coward
        Anonymous Coward

        Re: Surely...

        @trev

        Wasn't that Midori ?

        1. Trevor_Pott Gold badge

          Re: Surely...

          Sounds about right, yeah. Singularity I think the OS, and Midori the kernel? http://en.wikipedia.org/wiki/Midori_(operating_system)

    2. h4rm0ny

      Re: Surely...

      >>"Surely it would be easier to just start again and write a robust OS from the ground up?"

      Like how Mozilla decided to throw out the Netscape code and do a clean slate approach to a browser - with near disastrous consequences and leading directly to IE6 being the dominant browser for so long? Because an OS isn't already several orders of magnitude more complex than a browser.

      If there's one thing that modern software development has learned, it's that you don't start from scratch without a very good reason. But let's ignore that you put "easy" and "write a robust OS from the ground up" in the same sentence. What is it you would do differently in a new OS that current Windows doesn't do (or vice versa) which would make your new OS inherently more secure? I would like a genuine answer to that as I am curious.

      1. Roo
        Windows

        Re: Surely...

        "If there's one thing that modern software development has learned, it's that you don't start from scratch without a very good reason."

        I take issue with you scoping things down to "modern software development", it was true when I started hacking 6502 assembler >30 years ago. It's common sense. :)

        With that said the original poster may have a valid point because some vulnerabilities stem from the design and usage of an OS, and in some cases you may well *have* to start from scratch because there is a design fault that simply can't be worked around effectively. To MS's credit they have taken this approach in the past.

        However, in this case MS have added code that will have privileged access to the address space of any app that makes use of the API. In addition that code's behavior will be driven by a bunch of virus signatures so the security & safety of that complex code will be a function of the signatures and time. In essence they've added another set of attack vectors are a function of an arbitrary opaque dictionary of virus definitions that changes over time. They've made AV software more invasive, when they really should be working to make it obsolete.

        Personally I would have preferred MS to have looked at the known attack vectors and tried to design them out of the OS (ie: re-write bits of it or the whole thing). :)

      2. Roland6 Silver badge

        Re: Surely...

        "What is it you would do differently in a new OS that current Windows doesn't do (or vice versa) which would make your new OS inherently more secure? "

        Well, actually use the security features that have been present on all Intel chips since the 286...

        However, I expect that would break backwards compatibility...

      3. icesenshi

        Re: Surely...

        Surely bundling ie with windows had absolutely nothing to do with market share, not at all. Because then the eu would not have forced ms to unbundle ie from windows. Oh wait..

    3. John Sanders
      Trollface

      Re: Surely...

      It is easier not to run Windows.

      1. Anonymous Coward
        Anonymous Coward

        Re: Surely...

        "It is easier not to run Windows."

        Well no, for most use cases it's harder not to run Windows. And the major alternatives like OS-X and Linux have vastly more security holes in than current versions of Windows.

        1. Trevor_Pott Gold badge

          Re: Surely...

          "And the major alternatives like OS-X and Linux have vastly more security holes in than current versions of Windows."

          Except they don't. Because - again, like a goddamned broken record - you are counting every security issue in every package of a distro against the core Windows OS, without regard to vulnerability type or severity.

          Linux distributions include hundreds if not thousands of applications whereas the Windows operating system only includes dozens to low hundreds. Windows does not, for example, include a full productivity suite nor a full suite of vulnerability assessment tools, multiple web servers and databases, multiple development environments and IDEs and so forth.

          Windows' issues tend to be far more severe, and they take far longer to get fixed. Open source's issues are mostly that issues can (and do) go unnoticed (sometimes for years) because there simply aren't enough penetration testers willing to test open source. (Bounties are paid by proprietary companies!) Of course, Microsoft will gleefully discover a bug then sit on the damned thing for years, so that is somewhat moot.

          You are correct in that it is harder to not run Windows in the specific circumstance where you are already deeply wedded to the Windows ecosystem and have critical Windows only applications. It's been a long time since that was a universal experience for all businesses, and more and more are getting out...and staying out of Microsoft's clutches.

          Microsoft and Windows absolutely have their advantages. But you, sir, purposefully and knowingly distort statistics and facts to turn complex - but quantifiable - truths into blatant lies.

          1. Uffe Seerup

            Re: Surely...

            "Except they don't. Because - again, like a goddamned broken record - you are counting every security issue in every package of a distro against the core Windows OS, without regard to vulnerability type or severity."

            Sorry, Trevor, but you are wrong. Let's take the latest full year (2014) . And let's take Windows 8.1 and compare to *just* the Linux kernel. From there on you can add X, Gnome/KDE to get to the same functional level as Windows 8.1. But just the kernel:

            Linux kernel: http://www.cvedetails.com/vulnerability-list/vendor_id-33/year-2014/Linux.html

            Windows 8.1: http://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-26434/year-2014/Microsoft-Windows-8.1.html

            Linux kernel, year 2014: 135

            Windows 8.1, year 2014: 38

            For the the year 2015 so far the numbers are 60/40 in Linux favor but keep in mind that it is not a full year and that it counts only KERNEL vulnerabilities for Linux versus ALL vulnerabilities for Windows 8.1

            Let's go back to 2012-2013 then. Windows 8.1 did not have a full year of 2013, so let's compare Windows 7 to Linux (kernel only again) for 2013:

            Linux kernel for year 2013: 189 vulns

            Windows 7 for year 2013: 100 vulns.

            Linux kernel for year 2012: 116 vulns

            Windows 7 for year 2012: 44 vulns.

            Again, contrary to your claims this is counting only Linux KERNEL vulns against a fully functional Windows.

            So it would appear that you are incorrect, Trevor.

            1. Solmyr ibn Wali Barad

              Re: Surely...

              "Linux kernel, year 2014: 135"

              "Windows 8.1, year 2014: 38"

              Nice set of numbers you've got there. Shame if anything happened to them...like discovering CVE-2014-8439 among the "Linux kernel" vulnerabilities, and being absent from the Windows 8.1 list.

              It's none other than our good friend Adobe Flash.

          2. azaks

            Re: Surely...

            >> you are counting every security issue in every package of a distro against the core Windows OS, without regard to vulnerability type or severity. Linux distributions include hundreds if not thousands of applications whereas the Windows operating system only includes dozens to low hundreds.

            You have this somewhat backward Trevor. Most stats do exactly the opposite - compare "linux kernel" against whole distros of windows.

            Check out http://www.cvedetails.com/top-50-products.php. From 2004 - 2015, "Linux kernel" has had more vulns than any version of windows every year except 2011 and 2015 (which isn't over) and has not been in the top 5 offenders only 3 out of the 12 years. You are just fabricating nonsense based on your unshakable belief that Linux is inherently more secure than anything else.

            >> Windows' issues tend to be far more severe, and they take far longer to get fixed

            More hand waving. Any facts to support that?

            >> Open source's issues are mostly that issues can (and do) go unnoticed (sometimes for years) because there simply aren't enough penetration testers willing to test open source

            So the "many eyes" argument can finally be layed to rest? May it R.I.P.

  2. Ian Bush
    Facepalm

    Finally the truth is revealed ...

    "Microsoft head software engineer Lee Holmes says Windows 10 applications will now be able to plug into installed anti-virus platforms to better malicious scripts."

    The Evil Empire is back!

    1. Pascal Monett Silver badge

      And it is going to borgify all existing anti-virus applications.

      Then if will "plug into" any app that starts up, "for security reasons".

      Then it will "plug into" your mail, to do preemptive security.

      Finally, it will "plug into" your bank account, for your security obviously, but there it can more conveniently send itself money every month. Because it would be so bad if something happened to your data, wouldn't it ?

      All of that, of course, at the disposal of any US judge who thinks that the data might be relevant to the case he is presiding.

  3. Anonymous Coward
    Holmes

    Not so fast Mr Holmes !

    What about next gen firmware nasties ?

    Are you going to do something about the fact that firmware can be flashed from the OS with such ease ?

    1. Sandtitz Silver badge

      Re: Not so fast Mr Guinness!

      Firmware flashing is just as easy with e.g. Linux as it is with Windows. You just need root/admin privileges and that's it.

  4. kryptylomese

    Just Use Linux

    Come on Microsoft - just give up with this rubbish and make a Linux distro and open source anything you have that is propitiatory so that everyone can run software than ran previously.

    Microsoft must have the most stubborn and pig headed management team (They need to have their minds changed).

    Then the IT landscape would welcome Microsoft whole heartedly instead of replacing their products at every opportunity as is the current trend!

    1. Anonymous Coward
      WTF?

      Re: Just Use Linux

      Yes I know, we'll give up our extremely successful multi-billion pound business, write a Linux distro from scratch and give it away for free.

      Yup sounds like a great idea.

      Really are people on this forum that naive / stupid?

      1. kryptylomese

        Re: Just Use Linux

        Why would they have to give up their multibillion pound business? Microsoft already gives software for free - doesn't mean that businesses don't also use their paid for services!

        Can all you Windows people please stop thinking like blacksmiths about to lose their jobs because the car has been invented?

      2. Lars Silver badge
        Linux

        Re: Just Use Linux

        @ Lost all faith...

        I am not taking part in the "should MS use Linux or not" but I would like to point out that you don't have to give Linux away for free at all. You can charge as much as you want, the free is not free as in beer. I think you know that very well. As I recall Linus suggested about 15 years ago that Microsoft could sell Windows with a Linux kernel. I don't think they will but they could and who knows, perhaps they should, but that is all up to them.

        That would not become a Linux desktop but Windows with a Linux kernel.

        1. h4rm0ny

          Re: Just Use Linux

          Actually, Microsoft do sell GNU/Linux. You can pay for GNU/Linux instances on Azure and MS also provide some tools of their own to manage configuration of them. What they don't do, is publish their own distro which is probably sensible given that RedHat and others provide good enterprise-focused distros themselves.

          1. azaks

            Re: Just Use Linux

            >> What they don't do, is publish their own distro which is probably sensible given that RedHat and others provide good enterprise-focused distros themselves.

            But isnt the whole point of linux to spin up a new distro rather than agree on anything, and create a mindbending dependency mess for everyone that uses it? Wow... I misread that one

        2. Anonymous Coward
          Anonymous Coward

          Re: Just Use Linux

          So for the billion windows users worldwide, all of their software will need to be rewritten to work on this new windows. Hang on a sec - I think I might have just spotted a teeny chink in your brilliant plan...

        3. Anonymous Coward
          Anonymous Coward

          Re: Just Use Linux

          "Microsoft could sell Windows with a Linux kernel"

          Why would they want to though. The Windows kernel has a number of architecture advantages as a hybrid microkernel over legacy monolithic designs...

      3. John Sanders
        Trollface

        Re: Just Use Linux

        Sarcasm my friend, sarcasm.

        1. Peter2 Silver badge

          Re: Just Use Linux

          "Can all you Windows people please stop thinking like blacksmiths about to lose their jobs because the car has been invented?"

          The "windows people" are actually IT Professionals who are paid to deliver (generally) the cheapest solution to a requirement handed to us by the people who pay our saleries. Frankly, our jobs won't change much if we are using Windows or *nix because the job of the OS is to Operate Systems and we build and maintain those systems.

          The businesses we work for tend to want particular bits of software, not windows. In my particular enviroment to run any currently available flavour of *nix on the desktop would entail accepting the loss of a huge swathe of boring, mundane tools that improve the productivity of the people who make money in the business. (As in, it would cost us money because our productivity would drop)

          The business exists for the sole purpose of making money, and the IT exists for the sole purpose of supporting the business in it's objectives, which dictates that we use the OS those tools work on. For the most part, we *really* DO NOT CARE which OS we use.

          Incidentally, the biggest thing that Linux fans could do to help increase the utilisation of Linux would be to cease harming the the "Linux" name by making any proponent of Linux look like a stark raving madman or a frothing zealot. These idiots have done, and continue to do far more damage to Linux's name than Microsoft's FUD tactics with patent threats etc ever aspired to cause.

          As a result it is vastly more difficult (and in some cases utterly impossible) to get Linux into deployments where it makes commercial sense. If you really want to do Linux a favour, stop making yourself, and everybody else proposing a solution based on it look like an unprofessional hippie with the reasoning skills of a five year old.

          1. kryptylomese

            Re: Just Use Linux

            You cannot stop the tide. Linux is the most common operating system in the world. It is only on Desktops that Windows still dominates. I am saying that Microsoft should use Linux as the basis for Windows and if you really do not care what operating system you use then what is your problem?

            1. h4rm0ny

              Re: Just Use Linux

              >>"I am saying that Microsoft should use Linux as the basis for Windows and if you really do not care what operating system you use then what is your problem?"

              What are you suggesting, specifically. That Linux should form the kernel of Windows? That is a very big ask from an engineering point of view and I'm uncertain what the point would be.

              What exactly do you think should be done and what do you imagine the benefit would be? Please give at least some detail in the answer because with something as massive a task as I think you may be suggesting, discussing it without specifics is meaningless.

            2. Charles 9 Silver badge

              Re: Just Use Linux

              Even the tide has a problem against a cliff. Desktops are still too useful and too powerful which is why they remain the baseline for performance gaming.

            3. Jamie Jones Silver badge
              Devil

              Re: Just Use Linux

              " You cannot stop the tide. Linux is the most common operating system in the world. It is only on Desktops that Windows still dominates. I am saying that Microsoft should use Linux as the basis for Windows and if you really do not care what operating system you use then what is your problem?"

              Why? If they were really going to go down that route, they'd opt for a BSD system, not the legal GNU minefield.

              There is precident. Google "Apple OS X"

              HTH

          2. Cynic_999 Silver badge

            Re: Just Use Linux

            I would honestly love to use Linux and ditch Windows. In fact I try a latest Linux install regularly about 4 times a year just to see whether it is yet suitable. Every single time I am balked because Linux cannot do something that I want to use my PC for, or it would take a significant learning curve for me to configure it to do something that I can get running on my Windows PC in 10 minutes. Then there's the fact that when I have a problem with a new bit of USB hardware I've just bought and I call the company's support staff, they won't have a clue about Linux. A lot of it is of course chicken-and-egg. Until Linux desktops are more prevalent, manufacturers are really not interested in providing drivers & support etc. and so people like myself cannot use it.

            My very latest attempt was a couple of weeks ago when I tried to use my SDR on Linux. Now I am sure that GnuRadio is a fantastic bit of software that will do everything I would want and much more besides - but unfortunately it looks like it needs several weeks of study followed by hours of custom programming (after learning Python) before I could get it to even receive my local FM radio station in mono. On Windows I was listening to full stereo FM within seconds, and receiving satellite images and decoding pager transmissions within an hour of downloading a few suitable applications, and I did not have to write so much as a .bat file or know the difference between a local oscillator and a first stage mixer. I have not even found a way to get Linux to provide me with a way to watch movies without either buying new expensive video & audio hardware or putting up with significant compromises that I simply don't have to make using Windows.

            1. Roo
              Windows

              Re: Just Use Linux

              "Every single time I am balked because Linux cannot do something that I want to use my PC for, or it would take a significant learning curve for me to configure it to do something that I can get running on my Windows PC in 10 minutes"

              I have had the same problem with both Windows and Linux down the years, but in latter times I'm finding that it happens with Linux far more rarely that Windows. Installing Windows 8.1 (on 3 different machines) 3 months back took over double your 20 minutes to install (excluding the mandatory massive update & reboot), and I was unable to watch a DVD at the end of it. To watch the DVD I had to install a bunch of third party drivers to make the motherboard, network hardware and graphics hardware work. By contrast a Linux Mint default desktop install came up roses without any third party guff (on the same boxes) and let me watch a DVD straight away in under 10 minutes.

              IMO your point about hardware support is valid for Linux and Windows, but in Windows land because it's only a tiny proportion of the user-base who has to go through that pain because vendors do it for them. Windows bare metal installs really haven't changed much since XP: you still have to install a bunch of 3rd party drivers for motherboards, chipsets, graphics, audio, network interfaces and USB ports. Personally I find this intolerable because I don't see any reason to trust code I don't have the source code for and can't build, so there is no way I want that code running with Admin/Kernel/Root type privilege.

              I believe that the current state of affairs with opaque 3rd party binaries running at ring 0 is NOT sustainable in a connected world where criminals, companies & nations trojan machines as SOP. MS have some smart people working for them, I'm sure they're aware of the drawbacks and the risks they force Windows to take, the question is whether they'll fix it or not. Extending the reach of AV software really doesn't fix the fundamental security problems at the lower levels of the stack.

              1. Cynic_999 Silver badge

                Re: Just Use Linux

                "To watch the DVD I had to install a bunch of third party drivers to make the motherboard, network hardware and graphics hardware work. By contrast a Linux Mint default desktop install came up roses without any third party guff (on the same boxes) and let me watch a DVD straight away in under 10 minutes.

                "

                I would hope so. DVD is very old technology, and Linux is usually able to cope adequately with old technology. These days my minimum AV requirement is 3D Blu-ray and 5.1 sound. The last Linux distro I tried would not drive my 5 year old sound card in anything better than 2 channel and did not have the 3D support that I've had on my Win 7 machine for the past 2 years. The Linux community predictably blamed the card manufacturers for not supplying Linux drivers for their products, but that really doesn't help me.

          3. Roo
            Windows

            Re: Just Use Linux

            "If you really want to do Linux a favour, stop making yourself, and everybody else proposing a solution based on it look like an unprofessional hippie with the reasoning skills of a five year old."

            That approach has worked brilliantly for Microsoft (and Apple).

      4. Anonymous Coward
        Anonymous Coward

        Re: Just Use Linux

        >> Really are people on this forum that naive / stupid?

        you forgot "zealous"

    2. dogged

      Re: Just Use Linux

      >> Assumes linux is invulnerable to malware.

      moron detected. opinion dismissed.

      1. kryptylomese

        Re: Just Use Linux

        Of course it is vulnerable but FAR less and with the correct configuration almost impervious!

        Name calling really makes your point more valid though right?

        1. dogged

          Re: Just Use Linux

          > Of course it is vulnerable but FAR less and with the correct configuration almost impervious!

          Try a thought experiment for a moment. Assume that every single Windows desktop and server in the world magically became a linux desktop or server last night. Assume all Windows software - including Office, java and Flash - were migrated along with the OS.

          Now tell me, what is every single malware author in the world doing right this second?

          Yeah.

          Now go away.

          1. kryptylomese

            Re: Just Use Linux

            Here is a thought experiment - Linux is run on more computers than any other operating system. I am not talking about just desktop PC's where the current majority runs Windows, I am talking about ALL computers including TV's, phones (android is a kind of Linux and iOS is BSD which is similar), network switches as well as 99% of the Top 500 list of super computers!

            1. dogged

              Re: Just Use Linux

              Very few people do online banking through their dishwasher.

              Please, just stop. You're not helping your case at all.

              1. kryptylomese

                Re: Just Use Linux

                But the clever ones do it with Linux or through their phone. And remember the backend (the servers etc) of the online banking system will be running Linux too.

                1. h4rm0ny

                  Re: Just Use Linux

                  >>"But the clever ones do it with Linux or through their phone. And remember the backend (the servers etc) of the online banking system will be running Linux too."

                  And maintained by professionals who know what they're doing. Here's something that is true - compromising a GNU/Linux system that is kept up to date by knowledgeable people who are unlikely to fall for common tricks or link their server up to disreputable websites, is hard to do. Here is something else that is true - compromising a current Windows system that is kept up to date by knowledgeable people who are unlikely to fall for common tricks or link their server up to disreputable websites, is hard to do

                  See the points of comparison? Now here is something else - compromising end user installations of Windows run by people who have no understanding of keeping software up to date, who connect it to disreputable sites, who download software from untrusted places and ignore bright yellow warnings and proceed to give it free reign to do what it wants to their OS, is much easier.

                  Notice the difference between these two scenarios is not the OS, but the environment it finds itself in.

                  1. Curious

                    Re: Just Use Linux

                    >> compromising a current Windows system that is kept up to date by knowledgeable people who are unlikely to fall for common tricks... is hard to do

                    Yes. And Valve steam, apt / yum, ninite etc demonstrate that the update process for applications and windows update itself could be far more friendly and less fault-prone if Microsoft put effort into it; instead we have every company with their own second-rate update service, changing your home page in the process; scheduled to fight with each other at boot time.

                    It's windows app store effort is poor in comparison. Can't even record and redeploy our OEM / Retail MS Office licenses from it; that's yet another website mess.

                    Windows home and SBE licensing up to now has compounded the problem.

                    You bought a pretty laptop with Windows vista ultimate / Pro? No affordable upgrade to an windows 7 home for you without a complete wipe. So will not be done.

                    - Microsoft loses potential upgrade revenue for 8 years, (OS followed by Office, services, apps)

                    - the affected customer associates Microsoft with obsolescence and viruses, when one of their 300 windows updates fails and breaks the windows update service, blocking the rest.

                    - Developers end up with the costs of supporting XP for 20% of the market.

                    Can't that SKU stuff just be an aftermarket feature like media centre, downgradable as well as upgradable?

                    And even the supported upgrades for 8 and 10 are so horribly fault prone, with hours wasted on the "Reverting" process. Wouldn't it be nice if the old and new OS could sit side-by-side with the old as a reserve for a week. In theory it can be done, at the expense of diskspace.

                    1. h4rm0ny

                      Re: Just Use Linux

                      >>"Yes. And Valve steam, apt / yum, ninite etc demonstrate that the update process for applications and windows update itself could be far more friendly and less fault-prone if Microsoft put effort into it; instead we have every company with their own second-rate update service, changing your home page in the process; scheduled to fight with each other at boot time."

                      Then prepare to be happy. MS are producing a full package manager for Windows with an API.

                  2. Anonymous Coward
                    Anonymous Coward

                    Re: Just Use Linux

                    "Here's something that is true - compromising a GNU/Linux system that is kept up to date by knowledgeable people who are unlikely to fall for common tricks or link their server up to disreputable websites, is hard to do. "

                    It should be. But then it does not explain this: http://arstechnica.com/information-technology/2011/09/linux-kernel-archives-host-compromised-by-attacker/

                    One should think that kernel.org was maintained by "knowledgeable people".

                    At roughly the same time, linuxfoundation and linux.com was compromised as well: http://thehackernews.com/2011/09/linux-foundation-linuxcom-multiple.html

                    Again, one should think that it would be hard to find anyone more knowledgeable on Linux than the people who oversee the development, and who would know full well how a embarrassing a successful attack would be to the cause.

                    1. h4rm0ny

                      Re: Just Use Linux

                      >>"It should be. But then it does not explain this"

                      Does it need to? Of course some systems get compromised, whether that is GNU/Linux or Windows. What I wrote that it is much harder to do this than with a non-professional end user who doesn't keep things up to date and doesn't understand security. Meaning that you can't simply compare the amount of malware or rate of infections between two different OSs across different environments. You can only fairly compare them within the same environment. The odd high-profile hack doesn't change that.

            2. Doctor Syntax Silver badge

              Here is a thought experiment. Was Re: Just Use Linux

              Where's the experiment? All you say is that there's a lot of Linux about. No experiment, thought or otherwise

              And then you trip up by the comment about BSD being like Linux. You've got the resemblances in the wrong order. BSD is a Unix variant. Linux is a Unix-like OS - and one that's rapidly becoming less Unix-like in the estimation of many of us.

              1. kryptylomese

                Re: Here is a thought experiment. Was Just Use Linux

                OK, so I was stating what I was responding to "Here is a thought experiment" and I meant that BSD is similar to Linux - I am not really interested in arguing the differences between the two in this forum.

                It is a shame that you have to resort to semantic arguments but at least you are no longer trolling me with non facts now....

              2. dogged

                @Dcotor Syntax

                He's probably recently emerged from Eadon having grown from a tumour.

                Let's all just let it go.

                Honestly, this is the kind of dickwad commenting we get on the Reg these days. Article about MS producing a new thing to find and destroy malware? Quick, log on, suggest they burn their entire business, write a new OS based on a kernel they have ~(little) in-house expertise with and then confidently declare that this would be more more secure?!?

                The depressing part is that this kind of disconnection from reality is so common around here and it's purely limited to frothing linux fanboys of little experience and almost no technical ability.

                Nobody jumps onto Red Hat or ubuntu threads and suggests they pack it all in and use OSX.

                1. John Sanders
                  Trollface

                  Re: @Dcotor Syntax

                  @dogged,

                  What can we Linuxtards say?, we have been saying for years that this will become a common scenario due to Windows architecture and business model.

                  MS being MS will try to solve this with more and more layers of complexity like they always do, while trying to screw open standards and muddying the water.

                  We have been making reasonable arguments for years, and we have been telling tales of sane design, environments that hardly ever go down, and that are quite hard to compromise.

                  In response we get the classic LA LA LA LA Linux is not secure either LA LA LA LA Windows, Windows, Windows, ra-ra-ra.

                  Enjoy your malware infestations.

                  Troll face! because it's Friday and I'm already drunk!

                  1. dogged

                    Re: @Dcotor Syntax

                    > Enjoy your malware infestations.

                    I am a debian user, for preference. However, I'm also a professional developer/architect and I (currently and frequently) use Windows for work and this has taught me in several painful and non-painful lessons that a well-secured Windows system is as secure as a well-secured linux system and that a poorly secured linux system is only more secure than a poorly secured Windows system because Windows has a larger predator population.

                    The short version is that you are wrong, and while you continue to be partisan about operating systems (operating systems?!? ffs how sad is that? Tribalism over preferred window launcher? Even football supporters make more sense) you will remain both wrong and deliberately stupid.

                    I can abide natural stupidity but deliberate stupidity is unforgivable.

              3. 's water music

                Re: Here is a thought experiment. Was Just Use Linux

                Where's the experiment?

                Perhaps the PP is experimenting with thinking? Professor piehead (no relation) would be able to eloquently summarise the results so far.

              4. Jamie Jones Silver badge
                Happy

                Re: Here is a thought experiment. Was Just Use Linux

                " And then you trip up by the comment about BSD being like Linux. You've got the resemblances in the wrong order. BSD is a Unix variant. Linux is a Unix-like OS -and one that's rapidly becoming less Unix-like in the estimation of many of us."

                Agree totally!

                Definitely a newbie linux 'fashion' follower than a Unix hacker!

            3. Anonymous Coward
              Anonymous Coward

              Re: Just Use Linux

              And where Linux is actually popular like Android phones, there are high levels of malware...

        2. Anonymous Coward
          Anonymous Coward

          Re: Just Use Linux

          "Of course it is vulnerable but FAR less"

          Erm, but you know Windows had fewer security vulnerabilities than enterprise Linux distributions - that were on average fixed faster every single year for the last decade?

          "and with the correct configuration almost impervious!"

          So why when you look at website defacement statistics and adjust for market share, Linux based servers are about 4 times more likely to be hacked than Windows based ones?

    3. Amorous Cowherder
      Facepalm

      Re: Just Use Linux

      Oh dear Lord!

      Look don't get me wrong, I love using Linux, it's my desktop of choice 9 hours a day, 5 days week but Windows has been MS flagship product for almost 30 years, they've invested the same amount of money into it's R&D as that of a small European country, do you honestly think for a single second that MS would consider releasing a Linux distro? I'd put money down that they have one buried somewhere in their R&D labs in the back-of-beyond at the Redmond campus, they'd have to so they can understand how it works but it's going to be full-on "mushroom" ( kept in the dark and fed with shit! ).

    4. Anonymous Coward
      Anonymous Coward

      Re: Just Use Linux

      >> Come on Microsoft - just give up with this rubbish and make a Linux distro and open source anything you have that is propitiatory so that everyone can run software than ran previously.

      With a somewhat-dissappointing <2% share of the desktop OS market, wouldnt it be more productive to just stop creating endless clones of linux distros and just use windows?

      1. kryptylomese

        Re: Just Use Linux

        <2% share of desktop OS market = correct. However, Linux is the most common (as well as being able to scale and secure and performant) operating system in the world so surely you can see why we would want it on the desktop too?

        1. Anonymous Coward
          Anonymous Coward

          Re: Just Use Linux

          "as well as being able to scale and secure and performant"

          Azure is the fastest major cloud OS platform according to several independent benchmarks, and has had lower vulnerability counts than it's major rivals, and that runs on a version of Microsoft Hyper-V Server, not Linux!

  5. Christian Berger

    So all it does...

    ...is to scan the memory for certain byte patterns... that means you need a list of those patterns... which essentially turns it into a virus scanner for memory.

    That sounds like a disaster. Not only will it not help against targeted attacks or attacks from governments/DRM companies, it will open a whole new set of security vulnerabilities. You will have software trying to parse even more data.

    1. h4rm0ny

      Re: So all it does...

      "All it does", "only", "just", people throw these words around so casually. This is useful and not trivial. And as machines increasingly exist as VMs which means they can be run without restarting from their point of view even if the underlying physical hardware is turned on and off again with the memory restoring, malware living only in memory is increasingly viable. The fact that OSs can now be patched in real time without actually restarting makes this even more viable.

      Existing malware acts as a gatekeeper, attempting to stop it gaining access in the first place. But as we've seen with some recent malware, that is not enough. So the next logical stage is combatting actual running malware in memory.

      Tell you what, if you think this is so "all it does," why don't you go away and come back with your own API standard that is vendor agnostic, supports file, memory and stream scanning with the same API calls, has URL/IP reputation checks for all of these and even lets you correlate different sessions so that malware vendors can take actions based on multiple different memory fragments to deal with more dynamic malware.

      But no, you as per usual have thought in your benighted wisdom that writing something which goes through a list of ones and noughts and checks them against a list of other ones and noughts is trivial and that therefore this is trivial. As to how you twist having this capability to "sounds ilke a disaster" and open up "a whole new set of security vulnerabilities", I have no idea. You appear to be an idiot with no real understanding of what you're talking about.

      1. Charles 9 Silver badge

        Re: So all it does...

        "But no, you as per usual have thought in your benighted wisdom that writing something which goes through a list of ones and noughts and checks them against a list of other ones and noughts is trivial and that therefore this is trivial. "

        Because it IS trivial. What's to stop a malware from altering the list so that its blacklist includes useful programs? AVs produce false positives by accident all the time; what's to stop them being done intentionally? As for the scanning process itself, it's still software, and software can be subverted.

        1. This post has been deleted by its author

        2. h4rm0ny

          Re: So all it does...

          >>>>But no, you as per usual have thought in your benighted wisdom that writing something which goes through a list of ones and noughts and checks them against a list of other ones and noughts is trivial and that therefore this is trivial. "

          >>Because it IS trivial

          You seem to have skipped over the preceding paragraph which explained that this does more than that. You haven't understood the point. Poster sees something that does X,Y and Z. Responds that it is rubbish because Z "is easy". I point out that it saying Z is trivial doesn't mean the project is trivial or useless. You respond, missing the point completely, saying "but Z IS trivial".

          At least read what I have written, not just select out some part in isolation.

          >>What's to stop a malware from altering the list so that its blacklist includes useful programs? AVs produce false positives by accident all the time; what's to stop them being done intentionally? As for the scanning process itself, it's still software, and software can be subverted.

          The same things that stop malware from subverting anti-malware software today. This is an API that vendors like Kapersky can plug into. It enhances the range of their capabilities if they choose to use it. You seem to be taking an argumentative tack that if you can make some vague generalization such as "software can be subverted", it is good to dismiss these new features. Whereas I take the tack that giving anti-malware vendors more capabilities such as in-memory scanning and source-reputation scoring is a good thing.

          If you're upset that the anti-malware software or OS, is "software", then perhaps you would be interested in the tool MS announced a couple of months ago that runs security from a separate Hyper-V instance that exists in parallel running directly from the hardware. There is not only one security measure in place. This is one part of a security in depth approach.

          1. Charles 9 Silver badge

            Re: So all it does...

            "The same things that stop malware from subverting anti-malware software today. This is an API that vendors like Kapersky can plug into. It enhances the range of their capabilities if they choose to use it."

            So what's to stop a malware from posing as an anti-malware, hooking into THE SAME APIs, and subverting them. "Who watches the watchers," IOW?

            "If you're upset that the anti-malware software or OS, is "software", then perhaps you would be interested in the tool MS announced a couple of months ago that runs security from a separate Hyper-V instance that exists in parallel running directly from the hardware."

            Hyper-V is a VM hypervisor. I'll grant you no one's been able to pull off a Red Pill to date, but since it's still software it can't be ruled out. Particularly if cyber-warfare really does go to the next level and hardware starts becoming compromised. It may seem paranoid, but given all the news we've had lately, we're almost in DTA territory as it is.

            1. h4rm0ny

              Re: So all it does...

              >>"So what's to stop a malware from posing as an anti-malware, hooking into THE SAME APIs, and subverting them. "Who watches the watchers," IOW?"

              This is the question you just asked and the answer is no different the second time: the same things that prevent it from pretending to be anti-malware software now.

              "Hyper-V is a VM hypervisor. I'll grant you no one's been able to pull off a Red Pill to date, but since it's still software it can't be ruled out..."

              This too is the same thing you said previously with an answer already given. But to be clear, the Device Guard feature is a separate, headerless instance of Windows running on the same machine and separate to the main instance. It checks the signatures of all packages on Windows and even if the main OS were compromised at a very low level, it would not be. That's an example of why I'm objecting to your repeated 'but it's software so it can be subverted'. It's one of those vague statements that is both too vague to be meaningful and seems to imply nothing is good enough for you, no matter how useful or clever, because one cannot guarantee 100% success forever into the future. It's a reasoning that suggests we should turn off all anti-malware because 'software can be subverted', just as your suggestion that someone could pretend to be an anti-malware package also suggests this. But plainly turning off our anti-malware software today is nonsense. You don't seem to recognize that the arguments you are making that something is not good enough / not worth doing are arguments that apply to all security software today, right now. And that if followed would lead to unprecedented levels of infection.

              1. Roo
                Windows

                Re: So all it does...

                "But plainly turning off our anti-malware software today is nonsense."

                That's way too broad. There are situations where "anti-malware" software is counterproductive and it is in fact more sensible to switch it off rather than suffer the consequences... The most obvious example being when bad AV updates are crippling otherwise perfectly healthy systems.

  6. westlake

    Rewrite!

    This story reads like a reporter's unedited dump from OneNote.

    Linux on the desktop has a market share of about 1.5%. Pathetic even by Win 8 standards and little changed since the dawn of time.

    What happens there impacts almost no one.

    1. kryptylomese

      Re: Rewrite!

      Desktop PC share is currently dominated by Windows (Linux is the most common operating system in the world though - literally runs on more computers/phones/network switches etc than Windows). I am not saying kill off Windows, I am saying that Microsoft should release a Linux distro that has the proprietary stuff in it e.g. DirectX (obliviously open sourced) and it would be a much better product.

      1. Test Man

        Re: Rewrite!

        LOL another moronic Linux comment. Give it up, no matter how you spin it, Microsoft aren't going to give up Windows for Linux (whether that is ultimately good or not is not the point). Stop being a total utter wishful fanboy with stupid uninformed comments.

        1. kryptylomese

          Re: Rewrite!

          I am an IT professional with a career that spans 37 years of experience. Perhaps I am being only wishful, but I most definitely can say why I am making this wish and what you have failed to do is state, in a sensible way, why we should not wish that to happen. I mean honestly, do you have enough technical insight to be able tell me why it would actually be a bad thing?

          1. dogged

            Re: Rewrite!

            > I am an IT professional with a career that spans 37 years of experience.

            In that case, thank you for posting. It's okay, we understand all this stuff and it's bound to happen sometimes - some days are better than others, right? Even Terry Pratchett himself suffered from your embuggerance and I for one will support your right to die as you choose.

            Or you're 14 and you made that up. Seriously, if you started in 1978 you'd have a better clue.

            1. kryptylomese

              Re: Rewrite!

              Troll me all you want - my career spans decades, and I have watched the growth of Linux and it has been glorious. Microsoft take note - Linux is the best operating system in the world so instead of trying to compete with it, use it!

              1. Anonymous Coward
                Anonymous Coward

                Re: Rewrite!

                "my career spans decades", there's a difference between age and maturity. Sadly there's a difference between dreaming of a better world and the cold hard reality of making a living in this game.

                I'm 43 I've been been using and working computers since I was 6 years old when my Dad bought our first 8bit home. The 8 bit market back in the 80's was fragmented, it eventually came down to 2 rival camps ( with some stragglers who just about managed to stay in the game for various reasons, like Amstrad and BBC ). Names like ORIC, Mattel, Jupiter and countless others, all went to the wall as they didn't capture the imagination, it's not that they were crap ( Mattel being the exception, it was a utter shit! ). The ZX Spectrum was pretty naff machine but it captured the imagination and it sold in droves to parents eager to get kids into computers. VHS was supposedly pretty poor in quality compared to the likes of BetaMax and Philips V2000 systems, but VHS got in first, it caught the imagination. We had a V2000 system, double sided video cassettes with 8 hours of record time and excellent quality, VHS couldn't come close but it didn't need to, it simply saturated the market and killed Beta and V2000. Windows caught the imagination, despite GEM Desktop having got a WIMP interface on average punters PCs way before WIndows came out. Windows v1.0 was nothing more than a glorified GUI file manager, GEM Desktop was fully featured for it's time and had apps like Ventura DTP running on it, the premier ( for it's time ) DTP package. DR-DOS was far superior to MS-DOS right up to version 6, better memory management, better utilities but DR-DOS would not always be able to run DOS software properly and it failed to sell. It took MS another 2 years to better DR-DOS. WordPerfect was one of the best Word Proc packages on DOS, MS Word v1.0 on Windows was utter shite by comparison. WordPerfect left it too late to move to Windows hoping their DOS fanbase would save them and keep them going, where are WP now? Gone to the wall 'cos they simply assumed their fans would save them. It doesn't matter who good a product is, people will make do if they get most of what they want from something, they will tolerate the bad points to get mostly good things. I couldn't agree more that Linux is stunning, and it's come a very long way and it's making huge strides. I remember fighting to install Yddragsill kernal v0.93 and it was just awful, I had to raid the stores at the place I worked for compatible hardware to be able to just install it. Now look, you can pull down an ISO and be up and running in minutes, actually using the O/S while it installs itself in the background, Windows can't match that. It doesn't have to. Kids are taught that PC = WIndows. The average punter goes up the local college to learn some computer skill, it's a dead cert it's Windows ( Mac at a push ). No it's not really fair but it's a fact of life that Windows dominates and will continue to for quite a while as it's the number one choice as it's often the first experience and people don't like change. Jumping from Windows to Gnome or KDE would be like someone moving from England to France having to go to work on the day they arrive with only a few secondary school French phrases, they'll muddle along but it will be painful and they might consider packing it in and going back home.

                History is written by the winners, but the winners are not always the best of breed, they're simply those who happen to be in the right place at the right time.

                1. Roo
                  Windows

                  Re: Rewrite!

                  "History is written by the winners, but the winners are not always the best of breed, they're simply those who happen to be in the right place at the right time."

                  In that case Microsoft have already lost, legends of Sir Tim and HTML will outlive .doc. ;)

          2. This post has been deleted by its author

          3. nk

            Re: Rewrite!

            >Perhaps I am being only wishful, but I most definitely can say why I am making this wish and what you have failed to do is state, in a sensible way, why we should not wish that to happen.

            You can wish all you like but unrealistic wishes are irrelevant.

            The advantage MS has is all those other products that run on windows, and their main source of income is large organizations that run on MS software, paying for licenses.

            This is their bread and butter. Still their dominant business model despite all their efforts to make a dent on other markets. And the main cash cow that makes all their other endeavors possible.

            The whole home user desktop thing is a side-show by now, mostly useful for people to be familiar with their products and therefore ask for them in the workplace.

            And you think that somehow, MS should spend a huge amount of effort to give everything away, adopt linux and open source their technologies so that every other vendor and their dog can rebrand them and bundle them with their own products (such as hardware and support or cloud services).

            Because the linux kernel is superior...right!

            You'd better drop this dream for something more attainable, like world peace for example.

            1. kryptylomese

              Re: Rewrite!

              Linux is absolutely superior and scales WAY beyond anything that Windows can dream of and that is why Super computers run it - go and check the top 500 list!

              Blacksmith's bread and butter was putting shoes on horses - guess they had to find something else to do.....

              1. dogged

                Re: Rewrite!

                I see you once posted something that didn't tell people to use linux (which you insist on capitalizing, for some reason) but it was only drivel about Internet of Toasters.

                Can we have that /ignore button now please, @gazthejourno?

          4. Anonymous Coward
            Anonymous Coward

            Re: Rewrite!

            " I mean honestly, do you have enough technical insight to be able tell me why it would actually be a bad thing?"

            Well for starters the Linux kernel alone has had more security holes than any complete Windows OS distribution. Then you have the architectural limitations of a monolithic kernel (Windows is fully modular) Then the numerous security advantages of auditing and ACLs being baked into the kernel level in Windows rather than being a file system dependent afterthought.

            1. Charles 9 Silver badge

              Re: Rewrite!

              "Then you have the architectural limitations of a monolithic kernel."

              You do know that Linux is a hybrid kernel, too? Been that way for a long time? Otherwise, why would Linux have kernel modules?

  7. jason 7

    Why not just integrate EMET into Windows 10?

    I don't get why they still leave this functionality out. Or is this part of EMET rebranded?

    Well even if they did they would hide it and make sure it was all switched off by default.

    Can't have Old man Withers in Armpit Arizona annoyed cos his obsolete 2002 shareware spam filter software no longer works.

    1. Roland6 Silver badge

      Re: Why not just integrate EMET into Windows 10?

      Also what happened to SteadyState?

      A rather useful XP lockdown technology that was ditched before XP reached end-of-life.

      1. Anonymous Coward
        Anonymous Coward

        Re: Why not just integrate EMET into Windows 10?

        It probably broke stuff. Just as EMET can break things.

        1. Roland6 Silver badge

          Re: Why not just integrate EMET into Windows 10?

          >It probably broke stuff.

          But then MS deliberately broke stuff with Win8 eg. new printer driver system...

          Suspect a consideration isn't that it probably broke stuff but that MS were uncertain as to whether it would break it's own stuff...

          1. Charles 9 Silver badge

            Re: Why not just integrate EMET into Windows 10?

            Other way around, I think. They feared breaking other people's essential software and getting blackmailed for it.

            1. Roland6 Silver badge

              Re: Why not just integrate EMET into Windows 10? @Charles 9

              From the press reports over the years, you are right, I was just being provocative :)

              However, given EMET was originally developed for XP, it is a little perplexing that MS having publicly made the commitment to making Windows more secure did not make any forward announcements concerning EMET functionality being rolled into Windows 'n' (where 'n' is a version greater than Vista/7).

              Similar could be said about SteadyState which seems to have no MS successor.

              1. Charles 9 Silver badge

                Re: Why not just integrate EMET into Windows 10? @Charles 9

                Probably because you simply can't fix stupid, and any fault of the OS is NEVER the user's fault in the minds of the users.I mean, they bitch and moan about UAC as it is. Now you're going to break MORE stuff with SteadyState and EMET? Sound to me like a bridge too far and an excuse to not budge from where you are. Better to face the dragons you know than the ones you don't.

  8. Schlimnitz
    Headmaster

    Microsoft obliviously open-sourcing their propitiatory software?

    Phonefingers, or do you go so far as to suspect them of blood sacrifice? :)

    1. kryptylomese

      Do you really think that open source software does not have a market value?

      1. Anonymous Coward
        Anonymous Coward

        Well there are certainly costs with using it. Depends what magnitude they are.

  9. Doctor Syntax Silver badge

    How long before we see a generation of malware that actually makes use of this?

    1. h4rm0ny

      >>"How long before we see a generation of malware that actually makes use of this?"

      I'm not quite sure how to parse your sentence but if you mean malware that exists solely in memory and propagates from there, it's already happened. Check out the recently uncovered attack on Kapersky by Israel whoever is behind Duqu and how they did it. How long before we see this done by none APT actors? Not sure.

      1. Pascal Monett Silver badge

        What he means is "how long before somebody hacks this memory-scanning thing to turn it into his tool ?".

        And that is a valid question.

  10. Alan Denman

    You had Windows 8 with Bing and now...

    .. we have Windows 10 with Gobbledygook.

    If it all seems gobbledygook users will obviously feel much safer in not understanding anything.

  11. Boris the Cockroach Silver badge
    Windows

    Goody

    windows 10 can cope with a xor'ed script/file

    What about some mal ware thats been bit shifted right 2 times?

    And will it still block the result from linking to SVCHost and running ?

    1. MiguelC Silver badge

      Re: Goody

      RTFA

      (...)"While the malicious script might go through several passes of de-obfuscation, it ultimately needs to supply the scripting engine with plain, un-obfuscated code. When it gets to this point, the application can now call the new Windows AMSI APIs to request a scan of this unprotected content"(...)

      1. Roland6 Silver badge

        Re: Goody

        " When it gets to this point, the application can now call the new Windows AMSI APIs to request a scan of this unprotected content"

        Too late!!

        There are already versions of malware that will probably get pass this! There are web based attacks where the downloaded script is 'innocent', only it includes calls to remote code that is only provided when invoked...

        Hence we caan expect an application to merely see a 'handle'/agent which it passes to AMSI, and which in all likelihood AMSI will deem to be okay and hence instruct the application it is okay to run, the 'handle'/agent now executes and loads whatever payload it wants without calling AMSI...

        1. Charles 9 Silver badge

          Re: Goody

          "There are already versions of malware that will probably get pass this! There are web based attacks where the downloaded script is 'innocent', only it includes calls to remote code that is only provided when invoked..."

          But wouldn't the kit detect that remote code is needed (since it would have to be "included" at some point) and demand that code be loaded up (and thus scanned) BEFORE the script is allowed to run or continue?

    2. Anonymous Coward
      Anonymous Coward

      Re: Goody

      >> What about some mal ware thats been bit shifted right 2 times?

      you must have missed the bit about detecting it AFTER decoding and just before the nastiness begins...

  12. Cwrw

    Ladies, put down your Linux and Windows handbags ...

    and concentrate on the real problem. Direct injection of malware code into memory is easily done, and eludes both traditional anti-malware applications running on end points as well as application whitelisting. An application like a browser is whitelisted to execute but it doesn't stop a website drive-by infecting it and then chaining a command string to subvert the machine.

    This is a real and active problem for enterprises that is only recently being addressed comprehensively, using edge, network, device and application behaviour to detect, isolate and remediate the infection that may be sending information from your PC without any obvious symptoms.

    So any improvement in consumer endpoint security, that starts to recognise and address the impact of advanced and persistent threats, should be applauded, regardless of the OS or the vendor.

    1. kryptylomese

      Re: Ladies, put down your Linux and Windows handbags ...

      Can't we fix more than one problem at once?

  13. Curious

    Maybe there's someone high up in Microsoft that thinks that free as in freedom software means every thread is entitled to a right to totally control it's environment.

    I'll believe it when they provide a windows SKU that gives home and small businesses a best practice system without needing 6 months study, trial and error of MDT2013.

    Don't think that there are any 3rd parties that offer this either.

    Will they separate the NTFS "deny execute" from the "traverse folder" permission, add a no-exec flag?

    Partitioning of file system and memory, so windows system, windows system temp, applications, applications temp, users, users temp, and the registry for each are not one blob that developers do not have the knowledge to filter? Maybe each user and each application should have to get it's own virtual sub-partition to ease the antivirus' job of looking for suspicious behaviour. And a queue for moving from one to another. Like OS-X "drag to Applications folder" procedure that everyone seems to manage.

    Microsoft Exchange Online Protection, and outlook 2013, in default behaviour, allows zipped exe, scr to sail right through. (these are not password protected zips, which might be excused).

    Home users and small businesses nearly need a second machine / tablet to vet all the internet facing stuff before trusting an antivirus protected windows installation to touch it,

    Can Internet facing IE, Chrome, Adobe, Java, .NET be run in a single machine VDI that is more responsive and lightweight than Hyper-V? Pushing IE Edge to everyone including older OS might be a start.

    1. Anonymous Coward
      Anonymous Coward

      "Will they separate the NTFS "deny execute" from the "traverse folder" permission, add a no-exec flag?"

      They do and always have in NTFS. Click the advanced button. The permissions with multiple uses, for example the deny execute/traverse folder have that permission based upon whether the permission is applied to a file or folder. The permission can be restricted to current / current and sub / sub only / files and or folders. So applying that permission with the current and sub folders only will only allow traversing folders, no execute. Where as applying to files it will allow executing (or deny if you pick deny) of the files but not allow you to traverse the folders if not set.

      So if you want to stop execution of files in a folder, with default permissions, add a deny for traverse folders/execute and restrict it to sub files only, then you can browse the folders but not execute anything.

    2. John Sanders
      Trollface

      Will they separate the NTFS...

      Will they separate the NTFS "deny execute" from the "traverse folder" permission, add a no-exec flag?

      Don't be silly of course not, Linux can be infected too.

      Making reasonable proposals on the interwebs... in the "El Reg" forums, how dare you!?

      1. Anonymous Coward
        Anonymous Coward

        Re: Will they separate the NTFS...

        If it was reasonable then I would agree, but its not as its based upon lack of knowledge, that is already and has always been available with NTFS.

        This is where the problem lies, people in the linux camp don't know enough about about windows and spread the FUD created by others in the linux camp. The same with people in the windows camp, they spread the FUD created by other. All because they do not have enough knowledge of each OS.

        1. Curious

          Re: Will they separate the NTFS...

          Thank you,

          you're right.

          As for the anon above (might be the same person or not),

          my problem was with this person (me) in windows camp not knowing enough about windows?

          Slight mitigation, that it's under

          properties \ security \ Advanced \ Add Permission entry \ Show advanced permissions

          so hadn't visited that area of dialog boxes before, nor heard of icacls, and not a clue how to implement in powershell.

          Contrast that to the execute bit, which is up front and obvious, off by default, taught in the first day to anyone learning any scripting on other file systems and web servers, and is harder to set remotely than a file extension.

          Might at least cut down on the old

          filename.docx <space space space>.exe

          compromises for certain old people, and get them to ask for help.

          1. Anonymous Coward
            Anonymous Coward

            Re: Will they separate the NTFS...

            You can also get to it by going to (in windows explorer in windows 8) share (kind of logical) at the top, advanced security.

            Both post were me. Even though you are in the windows camp, and knowing features of other OS's, it still applies. You thought that you knew it didnt have this feature, but it did, and then some one else agreed with you and then joked about what someone in the windows camp would / have said about linux. Now there is someone else who thinks this is fact now, which could go on to spread this and then it could become internet fact. Bright side to that is you could claim hey that was me who started that :)

            But i do agree, everything should not be executable until specified, which was implemented in a way by blocking the execution of files from untrusted sources when copied from other systems. So you needed to go to properties and click unblock, or use the unblock-file commandlet.

            One way to also do it, but requires windows pro or above is applocker, block execution of applications from all but windows and program files folders, make sure that only the administrator accounts have write permission, then run as a none admin, now only files installed by the admin accounts can run on the computer, as they are the only ones with write permission to the locations that files can be executed from.

            Problem with that is, there are / have been ways around applocker.

  14. Will Godfrey Silver badge

    A possible (expensive) solution to a small part

    A core piece of code is in actual fixed, socketed ROM. This is the only thing that can access all areas.

    It calls primary firmware that is updateable, but only when a physical switch is set (during which time it can't actually run).

    These blocks of firmware allocate memory in two groups Read-Only program space and R/W data space.

    NO code can run in data space. No code can directly access program space outside its own tree - so it can spawn other programs but can't touch anyone else's nor even rewrite itself.

    1. Charles 9 Silver badge

      Re: A possible (expensive) solution to a small part

      The ROM can ITSELF hold the flaw.

      And the Harvard approach kills JIT compilers which are needed in performance-intensive applications.

  15. Greg D

    Do people still think Linux is invulnerable?

    I thought we stamped out that moronic thinking a while ago.

    Any OS/Kernel/software/code is vulnerable. It's just a question as to which platform/vector will yield the most results for a malware developer scumbag.

    Usually that question boils down to ONE thing, and one thing only: market penetration.

    Anyone that tells you Windows is inherently insecure and anything else isn't, is an outright liar.

  16. Chairo

    Interesting concept

    So in a nutshell, each application supporting AMSI, hands over every to be opened content to this interface for verification before the content is executed.

    Sounds like a kind of extended input check to me. Probably useful. However I am not sure, how this is supposed to stop already running malware. Especially malware that is executed before the OS is even loaded.

    Also if this interface is taken over by malware, it could become a tool to break encrypted documents. The data has to be sent to the AMSI interface AFTER decryption, right? Btw: I wonder how DRMed content will be handled. It probably cannot be scanned, as there could be some DRM removal Software hooking in that interface, pretending to be a AV scanner.

  17. kryptylomese

    I date back a little further than you to the 70's and my first computer was a TRS80 Level 1. I agree with most of what you say except the part about switching from Windows to Gnome - Linux can be configured to look and behave exactly like any other GUI. Also Linux is the most common operating system in the world so Linux is the winner. It is only a matter of time before it becomes more common on the desktop and Microsoft have nothing to lose by utilising it.

    1. azaks

      Have you given even a moments thought to the ramifications of what you are proposing, or has your religious fervor trumped your every last rational thought? 37 years is a long time to have learned nothing about how our industry works - you should get out of your cubicle more often...

      Your proposing that MS build an API layer to make all of the existing windows APIs developed over decades work with a linux kernel? This herculean undertaking would take years, and cause an indeterminate (but undoubtedly large) number of app compat issues for the millions of apps that are already happily working on windows. Plus any hand-wavy performance gains from moving to such a vastly superior kernel would be completely outstripped by calls having to wade through all of the extra kludge.

      We understand the rapturous moment that this would be for you and your merry little band of fanatics, but what is in it for the rest of the world?

  18. h4rm0ny
    Alert

    Well...

    I think Eadon's back.

  19. lucki bstard

    So in conclusion..

    Good sys admins provide secure machines regardless of the OS

    Bad sys admins provide insecure machines regardless of the OS

    Maybe how about focussing on the training requirements of the bad sys admins to make them good sysadmins would help improve security more.

    Incidentally still not a AutoDesk AutoCAD version out for Linux, that would be an issue for the great desktop upgrade to Linux and a huge cost alone. And then we can talk about embedded controllers that require specific OS etc.....

    1. kryptylomese

      You are still not getting my point - I said that Microsoft should release a Linux distro with all of the Windows stuff in it so that wine is not required. However, you can run Autocad under Linux right now with wine.

      1. Charles 9 Silver badge

        OUR point can be summed up in three words: IN YOUR DREAMS.

        Just because you're better doesn't mean you'll win. Beta max was better than VHS but LOST the VTR war. Microsoft has nothing to lose by doubling down. If Linux overtakes, they'll be as insignificant as Blackberry is now, and switching kernels would be seen as an act of surrender much like again Blackberry.

        Plus ask yourself this. If Linux is so superior, why isn't professional workstation software coming out for Linux more often? Why can't Valve convince more developers to embrace Linux and Vulkan?

        1. kryptylomese

          What, you mean like Microsoft Visual Studio that they have released for Linux?

          Linux is the most common operating system in the world - deal with it!

          1. h4rm0ny

            >>"Linux is the most common operating system in the world - deal with it!"

            You really are one of the worst types of zealot - little technical argument but constant, repeated assertions without support that something is better. If you really want to use the fallacy of appeal to popularity, then you'd also be arguing that Windows is a superior desktop OS because it's vastly more popular on the desktop than GNU/Linux. But in fact it has little actual bearing on whether or not this is true.

            If you really want to make a case amongst technical people, then explain what technically makes GNU/Linux the better OS because spamming this and other stories (which you have been doing) with comments that Linux is more widely used and that people should "deal with it", just annoys people on the whole. The only remotely technical argument I recall you making is about Linux scaling to be used on super computers. That is true, but it doesn't mean it is better than Windows unless you're looking for an OS for your supercomputer - which 99.999% of the world are not. It's a great thing about GNU/Linux, but it's not a reason to spam comments in a story about malware on desktop and server machines.

            1. Anonymous Coward
              Anonymous Coward

              "The only remotely technical argument I recall you making is about Linux scaling to be used on super computers."

              And the primary reason for that likely isn't because it's better but because it's open-source and thus MUCH easier to customize: a key benefit for unique classes of hardware where you're pretty much making things up as you go along. It removes the middleman in the software layer for your HPC machine.

              In any event, customization is a niche boon: useful for specific needs (tinkerers) but not for others (KISS and turnkey demands).

      2. Anonymous Coward
        Anonymous Coward

        or you could just do what everyone else does and use windows :-)

    2. Roo
      Windows

      "So in conclusion..

      Good sys admins provide secure machines regardless of the OS"

      Good sys admins will provide insecure machines if the hardware and/or OS is insecure by design.

      1. h4rm0ny

        >>"Good sys admins will provide insecure machines if the hardware and/or OS is insecure by design."

        Yes, but are you arguing that Windows is insecure by design? Because otherwise the above is a hypothetical. The point I originally was making with this was that one cannot compare the whole of Windows security scene with the whole of the GNU/Linux security scene because whilst Windows has a user base that is made up of both IT experts and the tech-unaware, GNU/Linux overwhelmingly is used ONLY by the professionals and tech enthusiasts.

  20. ben_myers

    Oh, this warms the cockles of my heart

    And what happens when malware plugs itself into the Windows 10 Antimalware Scan Interface (AMSI)????

    1. azaks

      Re: Oh, this warms the cockles of my heart

      Then the malware is already running as system, at which point no antimalware or security product can defend itself or your machine.The whole point of antimalware is to prevent nastiness before your machine gets pwned.

      1. Charles 9 Silver badge

        Re: Oh, this warms the cockles of my heart

        But then you run into that nasty problem of "Who Watches the Watchers?" What protects the anti-malware since its limit on perspective means it can't reliably scan itself (because anything that can subvert the anti-malware can subvert the checks on the anti-malware) AND any external agent repeats the question ad nauseum? In fact, I think you can tie this to Turing's Halting Problem to prove it's impossible.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022