Windows is tougher to hack than you think

A fully patched Windows environment is harder to hack than it used to be -- and end-users remain the weakest security link

Page 2 of 2

It's not just my lack of leet skillz. I worked with several vulnerability testing vendors, and they all grudgingly agreed it's difficult to hack Windows these days.

Microsoft's own Security Intelligence reports say the same thing: The latest versions of Microsoft Windows are harder to hack than their predecessors (see page four of the Key Findings Summary). To be honest, I never trust those sorts of self-serving statements. But having done the tests myself, I'm a converted believer: The software is getting harder and harder to break.

This is not to say that Microsoft software is impossible to hack. Of course not. Further, zero-day exploits are appearing more frequently, and nearly everyone continues to have unpatched software. But it's more obvious than ever that the biggest threat to any environment is the end-user. Users installing socially engineered Trojans have long been the No. 1 vulnerability in today's computer security policy.

Even the Mac Defender scareware problem affecting Mac users wouldn't be a huge problem if people simply didn't install questionable items. In the course of a given year, a normal installation of OS X will have hundreds of vulnerabilities patched. But none of those matter in this instance.

Software and antimalware vendors need to do a better job of preventing users from shooting themselves in the foot. Internet Explorer 9's improved Smartscreen Filter feature is a fantastic step in the right direction, and I assume other browsers have followed suit or will do so in the near future. Smartscreen Filter has an Application Reputation feature that works fairly well. It looks at files being downloaded; for those that are recognized as popular and legitimate, it removes additional warnings (if so configured). If it finds a high-risk application, it warns the user.

This is a great service, as Microsoft is detecting that one in every 14 Internet downloads is malicious. Better yet, 90 percent of users who get a warning from IE9 don't run those high-risk programs. I had to turn off IE9's Smartscreen Filter feature to get any of the exploits to work.

The list of computer defenses I had to disable to get a working exploit demo working numbered more than 10, and that, my friends, is progress.

This story, "Windows is tougher to hack than you think," was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes' Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.

| 1 2 Page 2
From CIO: 8 Free Online Courses to Grow Your Tech Skills
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.