Feeds

Build malware protection into operating systems

Security guru calls for integrity

Choosing a cloud hosting partner with confidence

Malware protection needs to be built into operating systems rather than bolted on as an afterthought if the industry stands any chance of dealing with the evolving threat of targeted attacks, according to a senior security researcher.

Joanna Rutkowska, chief exec of Invisible Things Lab, who is best known for her research on rootkits and Vista security, told delegates to the Gartner security conference in London on Monday that user stupidity was only part of the security problem.

She said competent users who, for example, used the privilege separation features built into Vista, were still not safe from security exploits. Better auto-exploit protection technology needs to be developed. In order to work properly this needs to built into operating systems.

"Third party prevention uses tricks and hacks. And that's no good," she said.

Rutkowska has been prominent in the industry for exposing the security shortcomings of Vista's kernel protection technology.

While recognising the general importance of security protection technologies, Rutkowska also noted their shortcomings. "Current technology is not reliable in detecting stealth malware. Protection solutions fail so we need detection. The two need to go together.

"Detection technologies are currently immature and even as the approach develops it will not replace prevention technologies, which are far more mature, despite their shortcomings," she said.

"Detection can never replace prevention. It's too late to do anything if, for example, you detect that your data has been stolen. You can't do anything to make an attacker forget what he has discovered."

Anti-virus vendors have found themselves locked in a perpetual arms race with virus writers, who are increasingly looking to make money from malware. Advances in rootkit development and obfuscation are accompanied by counter-responses from security vendors. Rutkowska argues that we need to move beyond this approach and develop an "automated way to check system integrity".

"The difficulty is that operating systems are too complex. We can't even reliably read system memory," Rutkowska pointed out. "It's not exactly a question of starting from scratch, but some code will need to be rewritten from the start," she added. ®

Internet Security Threat Report 2014

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
NOT OK GOOGLE: Android images can conceal code
It's been fixed, but hordes won't have applied the upgrade
Apple grapple: Congress kills FBI's Cupertino crypto kybosh plan
Encryption would lead us all into a 'dark place', claim G-Men
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.