I love new technology probably more than I love beer – and I love beer. When I hear rumor of new tech products coming out or even updates to existing solutions, I get really energized. I mean, we live in a world where so many problems can be solved with technology and the resulting opportunities are endless. This is what makes me want to get up for work every day.
But, I also see the world from a very different perspective – one that makes me realize that with every exciting new technology released there are risks. Exploits are being developed almost in lock-step with new releases and upgrades. This is why I have mixed emotions around the new Windows 8 and Windows Server 2012 release that’s coming out on October 26.
Yes, Microsoft is rolling out an extensive array of new features and Windows 8 is also including “mitigation enhancements that further reduce the likelihood of common attacks.” But, here’s the catch: these are complex operating systems and we anticipate they will exhibit critical vulnerabilities that will be exploited by malware writers.
Take signed drivers for example. Signed drivers are one of the most significant security innovations in Windows 8 and may also be the biggest target for future attacks. Attackers have discovered that if they sign their malicious payloads with stolen or rogue certificates they can defeat some file scanning and filtering products as well as white listing products. According to the McAfee Q2 Threats Report, the number of known signed malware samples nearly doubled in Q2 – which is especially unnerving in this context.
So, with great power comes great responsibility. Even with these enhancements, Microsoft has stated that “all Windows 8 users should be protected by traditional anti-malware software.” This is where McAfee comes in. Our developers have been working closely with Microsoft to ensure that our products are designed to support Windows 8 and Windows Server 2012 – offering consumers and enterprises the tools and security necessary to protect against all threat vectors and subsequent data loss.
To that end, it’s important to know that McAfee’s protection extends beyond the endpoint and starts with the network. McAfee Network Integrity Agent (NIA) has the ability to send connection information from Windows 8 machines to the McAfee Firewall Enterprise that can then be used for policy decision making and auditing. NIA monitors the system for outgoing connections such as zero-day malware on the new Windows 8 Windows Runtime (WinRT) environment. McAfee Network Security Platform can also detect attacks targeted at the new Windows 8 Runtime environment. Signatures written by McAfee Labs will have the ability to detect these targeted attacks and block or log them to a SIEM.
Another thing to consider is that the new OS is capable of determining whether a download, application or executable is allowed. My experience, however, is that by then, perimeter security has already been compromised. At McAfee, we believe in a security connected philosophy which also includes a Web Protection solution. Validating the payload, filtering the malicious software, and controlling all types of web applications and media downloads should be done as far away from the network as possible. By using McAfee products, our customers can feel confident that they are using a comprehensive, multilayer security system that offers strong protection against known and unknown threats.