The Empire [Microsoft] Strikes Back…
Well what do you know, Microsoft have now spoken about Vista and MSH [Monad], and guess what? They have ‘decided’ not to include MSH in the ‘first’ version of Vista after all. Of course this has absolutely nothing ‘what-so-ever’ to do with the discovery of MSH malware, of course not and NASA have just sent a cow to jump over the moon! 
However, they go on to say that they will be including MSH in the next update of Exchange, currently code-named ‘Exchange 12′ will contain MSH as will future versions of Vista [nee Longhorn]. Don’t believe me? Well here are the words from their own mouths:
In an interview Friday, Microsoft Director of Product Management Eric Berg said Monad [MSH] will not be included in the first commercial version of Windows Vista, expected in the second half of 2006. But the product is expected to be included in Windows over the next “three to five years,” he said. “Our intention is to synchronize it with both client and server operating systems.”
The first Microsoft product to use Monad [MSH] will be the next release of Microsoft’s Exchange messaging server, code-named “Exchange 12,” which is due in 2006, Berg said.
On the operating system side of things, Monad is then expected to be included in the Windows Server “Longhorn,” expected in 2007, and then could be available in a future Windows Vista release, said Rob Helm, director of research with Directions on Microsoft. “Presumably, as time goes on, all of Microsoft’s products will have Monad scripting interfaces,” he said.
So, there you have it. And Microsoft went of to say that:
“These reports pose no risk for Microsoft customers,” said the firm’s Stephen Toulouse in a blog posting and he went on to state “The viruses do not attempt to exploit a software vulnerability and do not encompass a new method of attack”
Since when have malware depended on exploits? Most malware uses ‘features’ of the OS or application to function or ‘clueless’ users who fall for social engineering rather than vulnerabilities in the OS, scripting language or application.
Remember that when Word Macro Viruses first appeared Microsoft claimed it was a ‘Prank’ and was most certainly NOT a virus…..Yeah right, where’s my squadron of flying pigs?
By that flawed ‘logic’ we have thousands of ‘pranks’ still out there ‘infecting’ Office documents just like a macro virus does.
When asked if the emergence of MSH viruses had led to MSH being ‘pulled’ out of Vista he said:
“One had nothing to do with the other”
Give that man an inhaler…..It is his destiny! I can almost hear him saying “I find your lack of faith disturbing“…..Whilst wearing a black bucket on his head.
Links:
http://www.networkworld.com/news/2005/080505-vista-monad.html?fsrc=rss-virusworms
http://news.bbc.co.uk/1/hi/technology/4131080.stm
Please note that this blog has now moved to my own hosted domain here: http://momusings.com/momusings/.
A full RSS/ATOM feed can be found there.
All the data up to the end of December 2006 will be left here, however all postings from the 1st of January 2007 onwards will only be available at this blogs new home.
ALL future postings will only be available at the new site.
If you read Stephen Toulouse’s post, you will see that he never says that malware depends on system exploits, only that the non-default nature of Monad (you have to install it, you have to create a file association for scripts, etc.) means that most users will not be affected by it. I am not a “Microsoft apologist,” and I agree with you that if Monad becomes a part of Windows in the future, it could be a problem, but one proof of concept does not a virus storm make. If Microsoft makes it sufficently difficult to attack Monad, malware writers will ignore it in favor of softer targets. Are thousands of macro viruses being written today, or do malware writers opt for easier vectors like RPC?
Comment by Martey — Wednesday 10th August, 2005 @ 2:20
Thanks for your feedback. Stephen didn’t state that in his blog posting, but if you check the BBC article I have a link to, you will find that he is quoted as saying this, and that’s why I felt that it needed to be covered.
As to your other points:
“but one proof of concept does not a virus storm make”
Agreed, however the Austrian malware author created 5 MSH viruses. Also, the research by Eric Chien clearly shows that it [MSH] will be a ‘real’ threat as far as malware is concerned if it is ever installed as a default in Vista or Exchange [or indeed any Microsoft product or OS].
“Are thousands of macro viruses being written today, or do malware writers opt for easier vectors like RPC?”
No and virus writing in general is on the decline in favour of bots, worms, droppers and trojans, but they are still being written. A small core of malware authors will not take the ‘path-of-least-resistance’ and will create ‘proof-of-concept’ malware which will then be used as the ‘blueprint’ for new malware for that specific target.
Comment by Martin — Wednesday 10th August, 2005 @ 8:35