Ask Microsoft: Virus scanners and the 'no update' option

By Staff report 03 Nov 2004 | SearchWindowsSecurity.com

Digg This!     StumbleUpon     Del.icio.us

On an occasional basis, Microsoft executives answer your questions through SearchWindowsSecurity.com's "Ask Microsoft …" These questions were answered by the software maker's Security Business Unit Team.

If security is such a hot topic with your company, why don't you have a virus scanner built into your operating system? I know other people have asked this, but I have yet to see an answer from Microsoft. -- Jeff Heiden

We are committed to providing software and services that will help better protect our customers and the industry. One of the things that our own internal research shows is that there is still a large minority of PCs where customers aren't running antivirus software with the latest signatures. As a result, we recently released Windows XP Service Pack 2 that includes the Windows Security Center, in which antivirus technologies from third-party antivirus vendors become seamlessly integrated for the customer and customers can quickly monitor the status of their AV software. We continue to work with industry partners on this where appropriate. As for developing our own antivirus software, we did acquire the assets of GeCAD last year and have used this know-how to help develop cleaner tools for some of the major viruses and worms such as Blaster and Sasser. We are not in a position to announce our plans around developing our own antivirus offering. -- Gytis Barzdukas, director of product management, Microsoft Security Business & Technology Unit

Why can't you make a switch that says, "No system updates allowed"? This way, a virus could not make changes to your system. When you want to update something -- like add/remove programs -- you could choose "allow updates" or "turn off updates." -- Tobe Perry

For Microsoft, it is always a balance between security and functionality. What you describe would severely limit the ability for applications to do some of the neat and cool things that PCs can do. Still, in some ways with Windows XP SP2 we have done what you describe, though at a slightly more complex level. We have used multiple layers of isolation and resiliency to insulate a system and limit the impact of malicious software. A good way to understand this is to use an attack such as Blaster as an example. First of all, let's be clear that SP2 protects against Blaster, as the update for the vulnerability is included in the service pack. But in order for Blaster to be successive it needed to exploit multiple vulnerabilities, and SP2 was designed to close off these vulnerabilities for Blaster or other similar attacks. For example, even if the update weren't included, the Windows Firewall is on by default in SP2. This change blocks the ports required to exploit such vulnerability. However, even if the firewall weren't on, the configuration changes to RPC/DCOM that were implemented in SP2 would have protected the PC by denying unauthenticated request DCOM, and this exploit would have been mitigated. But even if we hadn't made this configuration change to DCOM, the GS flag change in SP2 would have prevented Blaster by preventing the unchecked buffer from being exploited. In this way, SP2 provides multiple layers of defense against attacks. -- Gytis Barzdukas, director of product management, Microsoft Security Business & Technology Unit

How can products continue to roll out your doors with buffer overflow vulnerabilities? Setting a sentinel to guard boundaries should have been learned in Programming 101! -- Gene Mountjoy

Security is not a quick-fix solution -- we realize that improving security requires fundamental shifts in the way we develop code and build products internally. Microsoft has invested in internal training and we are mandating ongoing process changes, which have begun to pay off with measurable improvements in the security of newer versions of our software. For example, the GS flag change we instituted in Windows XP SP2 should limit the impact of buffer overruns that still exist. We have also done security reviews of all our software to root out any buffer overruns that still may exist. However, because no software will ever be 100% secure, processes and awareness of new developments and procedures are a key part of an overall security strategy. We are helping customers through prescriptive guidance, education, training and responsiveness to their issues. This is a long-term initiative, but we have every confidence that our efforts will result in helping our customers and the industry be more secure. -- Gytis Barzdukas, director of product management, Microsoft Security Business & Technology Unit

Tags: Network intrusion detection and prevention and malware removal,  Microsoft Windows XP Pro,  Patches, alerts and critical updates,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Network intrusion detection and prevention and malware removal 20 days to a more secure enterprise Improvements to offline file synchronization in Windows 7 Underlying causes of inconsistent patch management Windows security tools for the busy desktop administrator Check IT List: Five steps for rootkit detection Top Windows client security tools for end users Hacking Exposed Windows: Windows security features and tools Tools for virus removal and detection Windows security testing: Five tips for the summer Buffer overflows can be prevented by GS cookies Microsoft Windows XP Pro Guide to converting from Windows XP to Windows 7 Top 5 registry keys for Windows XP Manage the desktop image lifecycle to limit work, ensure security Secure Windows XP before a Windows 7 upgrade Microsoft's August patches run the gamut Hold on to Windows XP at your peril XP stragglers blame hardware costs, new features Your questions answered: The Windows 7 upgrade quandary Windows Vista users get little pricing relief on Windows 7 Vista shops eye quick path to Windows 7, XP shops likely to resist Patches, alerts and critical updates Microsoft releases six patches for November Structuring patch management in seven steps Underlying causes of inconsistent patch management Microsoft's Online Desktop Manager caters to small IT shops Microsoft's Patch Tuesday brings a bumper crop of security fixes Act fast with five critical September patches Microsoft's August patches run the gamut Patching third-party browsers adds more work in Windows shops Troubleshooting Microsoft WSUS connectivity issues Windows security tools for the busy desktop administrator

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Error messages for Windows XP Pro  (SearchEnterpriseDesktop.com) XP key changer  (SearchEnterpriseDesktop.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary