Ilya Rabinovich SoftSphere
Randy Abrams NSS
download slides (PDF)
Windows 8 is arguably Microsoft's most secure consumer operating system to date. Microsoft's SmartScreen application control will certainly thwart many current attacks, but history teaches us that criminals will find and exploit vulnerabilities. Early independent testing has demonstrated that Windows 8 SmartScreen does make a significant difference in many attack scenarios, however, when all technical approaches fail, the criminal can rely upon the user to ensure execution of malware through social engineering tricks.
Attackers do not need to rely on social engineering to evade SmartScreen. There are technical attacks that are viable and will defeat the latest protection mechanisms found in Windows 8. In this paper the authors will begin by exploring how Windows SmartScreen works. SmartScreen has some strengths, however the inherent weaknesses cannot be ignored. There are additional technologies that can bolster operating system and application security. The authors will discuss three approaches that can be used to enhance security. Behaviour blocking, sandboxing, and policy-based application control are techniques that enjoy varying levels of success. The authors will explain, in comprehensible language, how these approaches work, the advantages and the disadvantages of each.
VB2013 takes place 2-4 October 2013 in Berlin, Germany.
The full programme for VB2013, including abstracts for each paper, can be viewed here.