{"id":14986,"date":"2014-07-30T17:31:17","date_gmt":"2014-07-30T17:31:17","guid":{"rendered":"http:\/\/kasperskydaily.com\/b2b\/?p=2298"},"modified":"2019-11-15T07:14:57","modified_gmt":"2019-11-15T12:14:57","slug":"windows-merge-same-base-same-malware","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/windows-merge-same-base-same-malware\/14986\/","title":{"rendered":"Windows merge: same base, same malware?"},"content":{"rendered":"

Reflecting on a previous post, the merging of all Windows versions, as promised by new Microsoft CEO Satya Nadella, will most likely mean a unified code base for all Windows versions.<\/p>\n

Apparently, this unification will not go beyond hardware abstractions. However, essentially all (or at least, most of) applications written for the PC version of Windows will more or less run on other devices, such as the Surface tablet family, Windows-based smartphones (whatever share they will have in the market), XBox gaming consoles and, possibly, even more obscure and exotic products such as the Razer Edge Pro, a Windows-based high-performance gaming tablet.<\/p>\n

Among other things this means that malware exploiting hardware-independent vulnerabilities in Windows will be able to attack all of the Windows-based devices.<\/p>\n

The same code base, the same vulns?<\/p>Tweet<\/a><\/blockquote>\n

This concept is particularly daunting when considering banking Trojans such as the hated ZeuS and SpyEye. It is widely known that these trojans also have their mobile \u201csymbionts\u201d. For example, if an individual\u2019s PC is infected with ZeuS or SpyEye, they would serve a mobile device owned by the same individual with their mobile counterparts \u2013 ZitMo or SPitMo, which will intercept all SMS, including those sent by banks as a measure of two-factor authorization. It is one of the most nefarious \u2013 and efficient \u2013 methods of robbing users of their unprotected transactions.<\/p>\n

For now malware writers must write executables for both Windows and the mobile OS (most often it\u2019s Android, although ZeuS attacks others too). With essentially the same operating system on all users\u2019 devices, there is no need for any separate \u201cmobile\u201d malware \u2013 as soon as it is spread all over the users\u2019 devices, it can do everything its authors need.<\/p>\n

On the brighter side, this may also mean that the users will require just one security solution to protect all of their devices.<\/p>\n

Apple ensured a high degree of security for its iOS devices by creating a single App Store. Here all incoming apps are checked and rechecked for their security compliance. It is extremely rare that any malware slips through there. Of course, a user may choose to jailbreak their device, but then they\u2019re on their own: install anything at your own risk, don\u2019t complain if anything happens.<\/p>\n

Microsoft has its own app store now too, but frankly, it\u2019s difficult to imagine that it may limit PC users\u2019 possibilities to install software from other sources. What approach would it take, however, remains to be seen.<\/p>\n

No more ZitMO is necessary, ZeuS does its all itself.<\/p>Tweet<\/a><\/blockquote>\n

Moving forward it will be interesting to see whether the unification of Windows makes business IT staff\u2019s life any easier: dealing with the same platform on various devices sounds simple enough, but it is clear that Windows-based mobile devices will not take ground from Android, iOS smartphones, and tablets all at once. For Android it took a few years to become as popular as it is now (for weal or for woe), so overgrowing it won\u2019t be an easy task, even if Windows-based handhelds will be next to perfect.<\/p>\n

\u00a0<\/p>\n

\u00a0<\/p>\n

\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"

The same code base of Windows for various devices means also that the same malware can hypothetically attack all of them.<\/p>\n","protected":false},"author":209,"featured_media":16047,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3052],"tags":[36,113],"class_list":{"0":"post-14986","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-malware-2","10":"tag-windows"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/windows-merge-same-base-same-malware\/14986\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/windows-merge-same-base-same-malware\/14986\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/windows-merge-same-base-same-malware\/14986\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/malware-2\/","name":"malware"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/14986","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/209"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=14986"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/14986\/revisions"}],"predecessor-version":[{"id":30783,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/14986\/revisions\/30783"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/16047"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=14986"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=14986"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=14986"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}