Coffeehouse Thread

15 posts

does winRT eliminate viruses?

Back to Forum: Coffeehouse
  • SteveRichter

    If winRT apps are sandboxed that means a PC cannot be malwared thru a winRT app, correct? If so, I think it would be a huge step forward for user's to be able to use their PC without the threat of  malware attacks.

     

     

  • raptor3676

    well, provided that it depends on how and what is sandboxed.  My take is that it will not be totally inmune to malware, but certainly more resilient, at any rate, an security improvement.

  • JoshRoss

    I think white listing all the metro apps should help too.

    -Josh

  • figuerres

     

    METRO apps may be better as they get tested before they go on the store.

    but WinRT != Metro

    from what i was picking up one could write a C++ app that uses WinRT and it might be hiding whatever....

    Metro apps that go to the app store get some testing.

    IMHO MS should also offer app store apps that are non-metro but get as much checking as possible.

    but even if the app is C# + .Net + Metro and gets tested they can not promise it will be 100% safe.

    just that they check for well known issues and try to catch stuff.

  • Royal​Schrubber

    It might prevent viruses but it probably won't prevent corporate espionage. Viruses usually try to control the system for which they need admin privileges (unless a bug is used in the OS). An infected pdf file that you got through email would make broken pdf reader steal documents because under current security models (in Windows, Linux or OS X)  documents usually aren't protected from processes running in medium IL, unless special care is taken. If WinRT applications are allowed access to any of user's files without OS interfering with a permission window (similar to UAC) or WinRT allowing access to protected files only through OS provided file Open/Save file dialog then the sandbox protects only the system and not documents.  

  • Larry Osterman

    metro style apps run in something called an appcontainer to prevent them from interacting with other applications on the system.  And I'm sure that all metro style applications will have to enable safe SEH and ASLR to improve their resiliency to threats.  But the appcontainer isn't about stopping malware.  It's about helping ensure that windows 8 end-users won't ever regret installing an application.

  • fanbaby

    One thing that bothers me about a store with an approval stage is how the heck do they know it's safe? There is no way (i'm talking praticality not theory) to check all code paths. So this is just a temporary solution.

  • vesuvius

    @SteveRichter: I have seen a post or two about yours saying how viruses are an issue.

    I cannot remember the last time I had a virus, as Windows Vista and 7 are pretty secure, unless you spend time using cracked software and dodgy p0rn sites you are quite secure

  • Royal​Schrubber

    ,vesuvius wrote

    @SteveRichter: I have seen a post or two abou yours saying how viruses are an issue.

    I cannot remember the last time I have a virus, as Windows Vista and 7 are pretty secure, unless you spend time using cracked software and dodgy p0rn sites you are quite secure

    As loong as it's pretty secure then we should be fine.

     

  • vesuvius

    @RoyalSchrubber: There are no absolutes in security, even Banks are susceptible to this very day.

    If one practices due diligence and updates their machine regularly, things just tend to work, without you comprimising security.

  • AndyC

    ,figuerres wrote

    METRO apps may be better as they get tested before they go on the store.

    but WinRT != Metro

    I think the two labels are being used confusingly at the moment, all WinRT applications run in the full screen sandboxed environment and are deployed via the Windows App Store. Metro is really only the name of the design style used by the system and recommended as the way apps should behave. When people talk about "Metro apps" they are really meaning "WinRT apps".

    ,fanbaby wrote

    One thing that bothers me about a store with an approval stage is how the heck do they know it's safe? There is no way (i'm talking praticality not theory) to check all code paths. So this is just a temporary solution.

    They can, however, scan the application to identify what system calls it's making and ensure they're constrained to those they are supposed to call. Furthermore it means the store knows exactly what the application installs and in the event it is later identified as malware, can much more effectively remove it from a users machines.

  • cbae

    @AndyC: Yup. You can have "Metro applications" that don't use the Metro design language. You can also have desktop applications (i.e. non-Metro applications) that use the Metro design language. I guess you can call the latter "Metro-style applications", but they are not technically "Metro applications".

  • evildictait​or

    ,SteveRichter wrote

    If winRT apps are sandboxed that means a PC cannot be malwared thru a winRT app, correct? If so, I think it would be a huge step forward for user's to be able to use their PC without the threat of  malware attacks.

    No. WinRT apps could still bring malware, it's just an alternative to the Win32 API set (and you can also still get malware through Win32)

  • figuerres

    ,fanbaby wrote

    One thing that bothers me about a store with an approval stage is how the heck do they know it's safe? There is no way (i'm talking praticality not theory) to check all code paths. So this is just a temporary solution.

    very much true,  the best they can ever do is try, if there is a known exploit / hole / rootkit etc... then can try and check for it.  i can imagine that there will be an on-going need for the store to update the tests they do based on what has been seen and as long as they keep a "Reasonable" set of tests going then at least they are trying.  Users will i am sure be required to hold Microsoft harmless in the event a bad app gets into the store.  some fine print will say so i bet.

    one plus is also that when they find a problem they can notify users  and they should be able to disable the bad app on users machines and possibly also give the user a credit and then MSFT legal can go to the author and sue them etc....

  • fanbaby

    ,figuerres wrote

    *snip*

    one plus is also that when they find a problem they can notify users  and they should be able to disable the bad app on users machines and possibly also give the user a credit and then MSFT legal can go to the author and sue them etc....

    I'm sure the Russian mafia thought about it, but then decided to skip since Microsoft legal is a force to reckon with....

    BTW, based on the latest legal shenanigans it is Smiley

Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.