Microsoft says it is pushing cyber attacks on to the user

By Stuart Sumner
06 Jul 2011 View Comments
Microsoft campus in Redmond

Microsoft claims that hackers are increasingly targeting internet users as a result of the improvements it has made in its software.

Jeb Haber, principal programme manager lead for Smartscreen Internet Explorer at Microsoft, said that tightened security in Windows 7 and Internet Explorer 9 (IE9) was responsible for the increase in social engineering attacks.

Further reading

"We're hardening the browser and the operating system, so it pushes attacks onto the user. You can't resolve social engineering through a patch," said Haber.

Social engineering attacks, such as phishing, involve convincing a user to willingly divulge sensitive information, often by posing as a company they do business with.

"The easiest way to infect a computer is to ask the user to do it," said Haber.

As security holes are found and closed in online systems, in effect meaning that the low-hanging fruit has been picked, attacks have been moving onto users.  Convincing a human to give you his login details means there's no need to hack into a corporate database, you can just enter through the front door.

"Socially engineered attacks take advantage of a user's trust by convincing them to take an action that compromises their computer and/or data," said Haber.

However, he explained that some features within IE9 are designed to help warn users of potential social engineering attempts.

IE9 uses "application reputation" to check the likelihood that a downloaded application is malicious. Traditionally, browsers and operating systems provide the same warning whenever a user attempts to run a downloaded programme. 

Haber stated that this results in users being more prone to ignoring these warnings.

"Users today are often conditioned to ignore the generic warnings that are shown for every download, such as: 'This file type can harm your computer. Are you sure you want to run this file?' This same warning is presented whether the file is an extremely common program or a piece of malware created literally minutes ago."

By checking an application's reputation (using a cloud-based database), IE9 only provides a warning for those applications it believes to be malicious.

Haber stated that shortly after the release of IE9, Microsoft was able to see that users were chosing the safe option when presented with the new warnings 95 per cent of the time.

When this figure was re-checked last week, it was found to be 96 per cent.

Leading security companies such as McAfee also use reputation analysis to determine whether a file is likely to be malicious.  So is IE9 trying to replace traditional anti-virus for its users?

Haber stated that IE9 should work in tandem with anti-virus software rather than replace it.

"Traditional anti-virus does things that we don't do [such as scan the hard disk for existing threats]. There are other vectors that anti-virus software protects.

"My role is to try to help my customers make good decisions, if they have other defences as well, that's even better."

 

 

Reader comments
blog comments powered by Disqus
Newsletters
Is it time to open Windows?

Computing believes that Microsoft will start offering Windows free of charge by 2017. Is this a good thing for the enterprise?

55 %
16 %
7 %
19 %
3 %