Windows 8 SmartScreen application control - what more could you ask for?

Ilya Rabinovich SoftSphere
Randy Abrams NSS

  download slides (PDF)

Windows 8 is arguably Microsoft's most secure consumer operating system to date. Microsoft's SmartScreen application control will certainly thwart many current attacks, but history teaches us that criminals will find and exploit vulnerabilities. Early independent testing has demonstrated that Windows 8 SmartScreen does make a significant difference in many attack scenarios, however, when all technical approaches fail, the criminal can rely upon the user to ensure execution of malware through social engineering tricks.

Attackers do not need to rely on social engineering to evade SmartScreen. There are technical attacks that are viable and will defeat the latest protection mechanisms found in Windows 8. In this paper the authors will begin by exploring how Windows SmartScreen works. SmartScreen has some strengths, however the inherent weaknesses cannot be ignored. There are additional technologies that can bolster operating system and application security. The authors will discuss three approaches that can be used to enhance security. Behaviour blocking, sandboxing, and policy-based application control are techniques that enjoy varying levels of success. The authors will explain, in comprehensible language, how these approaches work, the advantages and the disadvantages of each.

VB2013 takes place 2-4 October 2013 in Berlin, Germany.

The full programme for VB2013, including abstracts for each paper, can be viewed here.

Click here for more details about the conference.



twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.