Microsoft will improve its security user interface to help clamp down on Trojan-based cyber-attacks, the company's product security manager says.
Data released today by Australia's peak not-for-profit IT security organisation, AusCERT, showed Trojan software is gaining a foothold in enterprise computing environments. One in five respondents to AusCERT's annual IT security survey claimed their workstations had been infected by Trojan or rootkit software in the last 12 months.
Trojan software, which installs itself on a target machine -- usually through browser vulnerabilities -- often comes equipped with sophisticated spyware capable of capturing users' most sensitive information, including Internet banking login details.
The survey, which was sponsored by the Attorney-General's office, quizzed 389 organisations this year, a two-fold increase in sample size since the last poll. Despite AusCERT's assertion the survey is not statistically valid from a mathematical perspective, Microsoft's product security manager George Stathakopoulos has acknowledged the results.
"The homework that I've seen from AusCERT tends to be right on," he told ZDNet Australia at AusCERT's conference on the Gold Coast. "The days of the big worms and viruses ... seems to be going away. We're seeing smaller chunks of malware [affecting] 5,000 or 10,000 machines."
It's counter intuitive, but Stathakopoulos says the smaller number of infections is making life hard. "Because of the scale it's easy for them to slip under the radar," he says.
To combat the trend, Microsoft will work on its security user interface. The company's aim is to provide high-quality information to users of its software so they can make informed decisions. Many Trojan infections are successful because a user opens a bad attachment or visits a suspect Web site -- bad decisions that lead to the infection.
"Every time a user has to make a trust decision right now there are ... three or four dialog boxes asking 'do you want to do this?'," he says. "[We want to] connect emotionally with the user in the security user interface. Give them the appropriate information and don't fatigue them by putting too many dialogs in front of their face."
That means rationalising and unifying the security user interface, Stathakopoulos says. "If you rationalise the user interface ... using colour and the right context then you're solving the problem," he says.
Security bug-hunter Steve Manzuik, of US-based eEye digital security, says a switch to a more overt style of warning is a move in the right direction. "A lot of users eventually learn to ignore dialog boxes and just blindly click without reading them," he says. "It needs to be a little more overt, something that gets the user's attention."
Manzuik has also noticed malware writers targeting applications.
"We're seeing more active application bugs," he says.
Some malware is even being distributed through vulnerabilities in Microsoft Word, Manzuik added. "They're definitely moving to the applications because it's a lot easier, and you are getting more of the workstations instead of trying to go after the bigger, more secure servers," he says.
RE: Trojan attacks spur Microsoft security UI changesGray, By Patrick Gray.ZDNet Australia
Your article paraphrases Mr Microsoft as saying
"Many Trojan infections are successful because a user opens a bad attachment or visits a suspect Web site -- bad decisions that lead to the infection."
Situation normal - blame the victim.
No, trojan infections are successful because of the tight integration of OS and Applications, making it horrendously difficult to eliminate bugs, and equally difficult to replace bug-riddled Applications.
The Windows architecture and Microsoft practices are to blame.