微软安全人员Mark Russinovich 最近声称,恶意软件不可能像现在这样肆无忌惮地满地打滚--根据他们对系统安全模型进行的修正,恶意软件的发展很可能走入"优胜劣汰",是个人就能写恶意代码的时代即将过去.并且用户的安全防护也正在变得日益简单, ASLR, 服务安全加固, Defender, SDL, 和其它安全增强正在武装Vista,希望能把恶意软件终结在Vista平台上.
说到现在有的Vista安全就不得不提到UAC,现有的UAC可以有效减少恶意软件对系统进行的更改,但这并不是一个完整的安全解决方案,因为不保证恶意软件会强行拔高自己的优先级进而"号令天下".因此微软正在开发的上述安全功能也就是我们所说的一整套恶意软件终结者,非常受人期待.
原文如下:
Microsoft's guru: malware and viruses will evolve on Vista
Better late than never, here's a fascinating tidbit from Microsoft's own Mark Russinovich (how odd is it to write that!): malware may very well be subject to a kind of digital survival of the fittest. Despite its much-overhauled security model, Vista will still fall victim to malware and viruses and will even spur the development of new attack methods. Sayeth the man who knows Windows like no other: "malware will evolve to run as standard user, where it can accomplish many of its goals, not that Vista somehow enables malware—in fact, ASLR, service security hardening, Defender, SDL, and other security enhancements raise the security bar in Vista."
Related StoriesMicrosoft: UAC approach is so good, other OSes should follow suit Microsoft issues Vista compatibility update Vista's twofold sales boost: Microsoft should thank PC market growth Microsoft redefines "Vista Capable"
Russinovich's statement that malware will evolve on Vista came in response to an angle Ryan Naraine took on a talk Russinovich gave recently at the CanSecWest security conference in Vancouver. Naraine seems to have understood Russinovich as saying that Vista can't stop malware, whereas Russinovich was really commenting on how he expects to see malware react to Vista's improved security.
A good portion of the talk sized up the controversial UAC feature and whether or not it is a worthy attempt to improve things on Windows. Russinovich said that UAC is "a best effort to raise the bar and stop malware from making changes to the operating system, but it's not a security boundary." He explained that "there is no guarantee that malware can't hijack the elevation process or compromise an elevated application."