Coffeehouse Thread

15 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

does winRT eliminate viruses?

Back to Forum: Coffeehouse
  • User profile image
    SteveRichter

    If winRT apps are sandboxed that means a PC cannot be malwared thru a winRT app, correct? If so, I think it would be a huge step forward for user's to be able to use their PC without the threat of  malware attacks.

     

     

  • User profile image
    raptor3676

    well, provided that it depends on how and what is sandboxed.  My take is that it will not be totally inmune to malware, but certainly more resilient, at any rate, an security improvement.

  • User profile image
    JoshRoss

    I think white listing all the metro apps should help too.

    -Josh

  • User profile image
    figuerres

     

    METRO apps may be better as they get tested before they go on the store.

    but WinRT != Metro

    from what i was picking up one could write a C++ app that uses WinRT and it might be hiding whatever....

    Metro apps that go to the app store get some testing.

    IMHO MS should also offer app store apps that are non-metro but get as much checking as possible.

    but even if the app is C# + .Net + Metro and gets tested they can not promise it will be 100% safe.

    just that they check for well known issues and try to catch stuff.

  • User profile image
    Royal​Schrubber

    It might prevent viruses but it probably won't prevent corporate espionage. Viruses usually try to control the system for which they need admin privileges (unless a bug is used in the OS). An infected pdf file that you got through email would make broken pdf reader steal documents because under current security models (in Windows, Linux or OS X)  documents usually aren't protected from processes running in medium IL, unless special care is taken. If WinRT applications are allowed access to any of user's files without OS interfering with a permission window (similar to UAC) or WinRT allowing access to protected files only through OS provided file Open/Save file dialog then the sandbox protects only the system and not documents.  

  • User profile image
    Larry Osterman

    metro style apps run in something called an appcontainer to prevent them from interacting with other applications on the system.  And I'm sure that all metro style applications will have to enable safe SEH and ASLR to improve their resiliency to threats.  But the appcontainer isn't about stopping malware.  It's about helping ensure that windows 8 end-users won't ever regret installing an application.

  • User profile image
    fanbaby

    One thing that bothers me about a store with an approval stage is how the heck do they know it's safe? There is no way (i'm talking praticality not theory) to check all code paths. So this is just a temporary solution.

  • User profile image
    vesuvius

    @SteveRichter: I have seen a post or two about yours saying how viruses are an issue.

    I cannot remember the last time I had a virus, as Windows Vista and 7 are pretty secure, unless you spend time using cracked software and dodgy p0rn sites you are quite secure

  • User profile image
    Royal​Schrubber

    ,vesuvius wrote

    @SteveRichter: I have seen a post or two abou yours saying how viruses are an issue.

    I cannot remember the last time I have a virus, as Windows Vista and 7 are pretty secure, unless you spend time using cracked software and dodgy p0rn sites you are quite secure

    As loong as it's pretty secure then we should be fine.

     

  • User profile image
    vesuvius

    @RoyalSchrubber: There are no absolutes in security, even Banks are susceptible to this very day.

    If one practices due diligence and updates their machine regularly, things just tend to work, without you comprimising security.

  • User profile image
    AndyC

    ,figuerres wrote

    METRO apps may be better as they get tested before they go on the store.

    but WinRT != Metro

    I think the two labels are being used confusingly at the moment, all WinRT applications run in the full screen sandboxed environment and are deployed via the Windows App Store. Metro is really only the name of the design style used by the system and recommended as the way apps should behave. When people talk about "Metro apps" they are really meaning "WinRT apps".

    ,fanbaby wrote

    One thing that bothers me about a store with an approval stage is how the heck do they know it's safe? There is no way (i'm talking praticality not theory) to check all code paths. So this is just a temporary solution.

    They can, however, scan the application to identify what system calls it's making and ensure they're constrained to those they are supposed to call. Furthermore it means the store knows exactly what the application installs and in the event it is later identified as malware, can much more effectively remove it from a users machines.

  • User profile image
    cbae

    @AndyC: Yup. You can have "Metro applications" that don't use the Metro design language. You can also have desktop applications (i.e. non-Metro applications) that use the Metro design language. I guess you can call the latter "Metro-style applications", but they are not technically "Metro applications".

  • User profile image
    evildictait​or

    ,SteveRichter wrote

    If winRT apps are sandboxed that means a PC cannot be malwared thru a winRT app, correct? If so, I think it would be a huge step forward for user's to be able to use their PC without the threat of  malware attacks.

    No. WinRT apps could still bring malware, it's just an alternative to the Win32 API set (and you can also still get malware through Win32)

  • User profile image
    figuerres

    ,fanbaby wrote

    One thing that bothers me about a store with an approval stage is how the heck do they know it's safe? There is no way (i'm talking praticality not theory) to check all code paths. So this is just a temporary solution.

    very much true,  the best they can ever do is try, if there is a known exploit / hole / rootkit etc... then can try and check for it.  i can imagine that there will be an on-going need for the store to update the tests they do based on what has been seen and as long as they keep a "Reasonable" set of tests going then at least they are trying.  Users will i am sure be required to hold Microsoft harmless in the event a bad app gets into the store.  some fine print will say so i bet.

    one plus is also that when they find a problem they can notify users  and they should be able to disable the bad app on users machines and possibly also give the user a credit and then MSFT legal can go to the author and sue them etc....

  • User profile image
    fanbaby

    ,figuerres wrote

    *snip*

    one plus is also that when they find a problem they can notify users  and they should be able to disable the bad app on users machines and possibly also give the user a credit and then MSFT legal can go to the author and sue them etc....

    I'm sure the Russian mafia thought about it, but then decided to skip since Microsoft legal is a force to reckon with....

    BTW, based on the latest legal shenanigans it is Smiley

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.