Gallery

Are friends electric?

Posted on 28 Jan 2009 at 16:59

Jon Honeyball puts his spellcheck to good use, reveals one of the nastiest examples of malware seen so far, and tries to remain upbeat about the future.

And it gets better: "On 21 October, a new Sinowal variant was submitted to VirusTotal.com, which scans incoming files against nearly three dozen commercial antivirus programs and maintains a historical record of those results. Only ten out of 35 of those security programs - or 28.5% - identified it as such or even flagged it as suspicious." As a 6ft 8in tall (and 6ft 8in round) Texan friend of mine would say: "Don't that just make u wanna puke?" Things are better on the latest Vista, but that's true only if you take notice of the UAC warnings and act appropriately, which most people don't - they just hit OK. And it won't be better under Windows 7, where Microsoft has promised us the ability to get rid of that pesky UAC warning dialog by toning down the warnings so they don't bother us.

It makes me want to cry. Here we are at the turn of the year and finally the authors of this evil stuff have managed to get right down beneath the OS, and the OS lets them get away with it. Can anyone give me a good reason why XP would allow any user mode code at all to rewrite the MBR? Is there any possible reason why any application should ever be allowed to do that? Is there any valid reason why any app should be able to do this under Vista, or why Vista should rely solely on the "protection" of UAC to warn the user against allowing it to happen?

What can we do about this? Well, don't visit dodgy websites, but it appears that this nasty is on a whole pile of seemingly innocuous websites, too. We could say: "Make sure all your applications and OS are fully patched", but it's clear that many users aren't doing this. We could say: "Make sure you have a full disaster recovery solution in place and make sure that important data is backed up onto multiple drives, DVD-R and a spare memory stick, too", but we know that people won't do that either. And we know that, despite all its good intentions and making all the right noises, Microsoft will never lock down Windows, either Vista or 7, tightly enough to stop this happening. That's because it's afraid of the loud squawking it will hear from third-party vendors of poor-quality code and those behemoths who make up the AV industry.

We need to take an overview that's quite simply this, that computing shouldn't be this hard and we shouldn't need to keep nailing planks over our windows to keep the buckshot out. No-one wants to prevent users visiting whatever websites they want to visit within reason, but it's hard to see how you can give users unfettered access to the outside world. A filtering, caching server that cleans everything on-the-fly would be a good start, but should we really need to keep doing this? The OS is where this problem needs to be tackled, and it isn't good enough to keep out the nasties at the moment...

Virtually clean

There is a way forward and the more I look at it, the more attractive it becomes - run everyone's desktop from a virtual server that serves up their desktop at runtime via a VM, and the apps get plugged into it from a separate application server. The user gets what they're used to seeing, but it's a fiction that's being built on-the-fly. Every time the user logs out that whole session is shredded, and a new one is provisioned on-the-fly for their next login. There's been an explosion of technology around this topic, and it's very reliant upon virtual machines, hypervisors and application servers such as Microsoft's install-and-run-on-demand technology, which used to be called Softricity and is now called APV Version 4.5. Indeed, I'm determined to move my entire Windows application infrastructure over to a set of these streaming and virtualisation servers, which will then let me project a composite and streamed virtual desktop onto a range of machine types. That might mean a terminal server window running full screen on a desktop; it might be an RDP client from a non-Windows machine; it might be a thin-client box; or it might use the partial streaming capabilities to run applications right out onto the desktop itself. All this is possible right now, and it makes something of a mockery of the concept that the Windows desktop is somehow "your machine". Of course, we have to differentiate between well-staffed IT departments in corporations, those things you can manage in an SME and what's possible for home users.