MIT and Stanford researchers develop operating system with one major promise: Resisting ransomware

https://cyberscoop.com/database-oriented-operating-system-rsa/

 

I have always found it weird that Windows isn't designed in a way that could block or mitigate ransomware. Is it perhaps because companies, including M$, are making way too much money selling security tools?

I'm actually a bit surprised about the approach that these guys have taken though, it seems to be more like a rollback system. What about simply sandboxing apps, so that they don't have access to just about ALL of the file system?

 

UWP apps (i.e. apps downloaded from the Microsoft Store) are sandboxed, but no one uses them.

 

"I have always found it weird that Windows isn't designed in a way that could block or mitigate ransomware."

Windows Security Policies

 

I don't think that there is an economic reason behind it. The user wants easy access to all his/her data, so the OS is happy to oblige. This means that ransomware has an easy way to access and modify that data as well.

 

Correct, but you should also be able to do this with Win32 apps from a technical point of view. The OS should enforce this.

I'm sorry, but I'm not buying this. We can put people on the moon, but we can't design an OS that mitigates ransomware attacks? If sandboxing isn't enough, then at least design some kind of rollback system.

 

Forget the OS mitigating ransomware attacks.

Next time you buy a new PC, ensure it contains an Intel vPro processor $$$. As shown in this test using 300 ransomware samples: https://selabs.uk/reports/enterpris...re-intel-threat-detection-technology-2023-02/ , Intel vPro processors were quite effective in mitigating ransomware attacks w/o any security software installed. The addition of EDR software only marginally; 2 - 3%, improved detection capability.

Eset also has now partnered with Intel to allow interfacing with non-vPro Intel processors to detect ransomware. However, I don't expect that to be near anywhere as effective as native vPro processor protection.

 

Wow, nice find. Didn't know about this feature in Intel CPU's. But I still think the OS should be able to tackle ransomware. And I wonder why Intel and AMD don't release this technology to all consumer CPU's, since apparently it's quite effective.

 

BTW, here is some more info, this Intel CPU feature was apparently introduced in 2021. The question remains how many attacks has it actually stopped in the last 2 years, and it seems like it will always need to work in conjunction with security software.

https://www.bleepingcomputer.com/ne...-based-ransomware-detection-to-11th-gen-cpus/