One year of Windows 8: A comprehensive security review

Anish Kuruvilla, Technical Support Engineer - ESET Middle East

Anish Kuruvilla, Technical Support Engineer – ESET Middle East

Expert Article Author: Anish Kuruvilla, Technical Support Engineer, ESET Middle East

Microsoft Windows 8 was launched in the Middle East in mid-November 2012 and now, almost a year down the line, we at ESET® thought it would be a good time to review where things stand with the latest incarnation of Microsoft’s flagship operating system. In terms of uptake, Windows 8′s 10-month user share was larger than Vista’s, but was far behind Windows 7′s at the same point in the latter’s roll-out. This is perhaps due more to Windows 7’s widespread adoption compared to the comparatively unpopular Windows Vista. In the meantime, Windows 8 continues to slowly grow its presence, especially as more touch-screen-capable devices arrive in the marketplace.

Presentation Problems

While many of the most interesting improvements in Windows 8 relate to manageability, networking and security, these are largely “under-the-hood” features for most users, in the sense that they do not have many parts readily accessible from either the Start Screen or the Desktop. They may be buried deep in the operating system where they can only be managed from the command-line or via Group Policy. For many people, the graphic user interface provided by the Desktop, which they essentially perceive to be the operating system, remains one of the biggest changes there is given the replacement of the very desktop-centric Start Menu, with the more tablet-centric Start Screen.

Safety of the Store

Another major change with Windows 8 was the introduction of the Windows Store. It is encouraging to note that when ESET investigated this for malicious Modern Windows apps, no actual malicious apps were found. However a variety of applications have been removed for a number of reasons. What does the Windows Store mean for BYOD however? Under Windows 8, the controls available for managing admittance to the Windows Store are not particularly stringent: Access to the Windows Store can be toggled via Group Policy, and companies can publish their enterprise line of business (LOB) apps through a private instance of the Windows Store. This current “on or off” level of granularity may be off-putting to businesses wishing to extend BYOD support to employees with Windows 8 devices.

The Developers Dilemma

Windows 8, the version that runs on PCs, is the direct linear descendent of Windows 7. For most part, it runs on the same hardware as Windows 7 and even the system requirements are almost identical. Although Windows 8 does support the new Windows Store and WinRT API, it also allows users to install software using traditional methods and supports the “legacy” Win32 and Win64 APIs. While the requirement that Modern Windows apps install only through the store is not a stumbling point for developing anti-malware software, it is the differences between the Win32/Win64 and WinRT APIs, and the classic desktop and Modern Windows apps they allow you to create, that forego the development of certain types of software.

Anti-malware software needs to interact with computers at a lower level than most other programs, a trait they share with several classes of other applications. Examples of such software include backup, defragmentation, encryption, firewall and VPN programs, all of which need to interact with a computer’s CPU or network connection in various ways. Unfortunately, while Modern Windows applications do have the ability to interact via the GUI and perform most types of file-related functions such as reading, writing, updating and deleting files, and so forth, they are isolated from accessing the lower levels of the system.

While the goal behind “sandboxing” or limiting the WinRT API’s access to the operating system is a good thing, since it makes it more difficult for attackers to target the underlying operating system, it also means certain types of applications will not be developed by third parties as Modern Windows apps.

A small surprise for tablet security

Because of the reason mentioned above, there are no third-party security apps for Windows RT, such as anti-malware programs or firewalls. This however does not mean that the system is without defenses. Windows RT was derived from Windows 8 and as such has many of the same security features as Windows 8, such as UEFI Secure Boot, and entirely new ones, such as only allowing signed code from Microsoft being allowed to run on its desktop. Since Windows RT is based on Windows 8, that means it comes with the same antimalware software- Microsoft’s Windows Defender. If WinRT/ARM-based threats were to appear however, it will be interesting to see if Microsoft will open up Windows RT to allow development of third-party security applications.

Rootkit Protection

One of the major advances in Windows security was the introduction of UEFI Secure Boot in 64-bit editions of Windows 8 designed to prevent a class of rootkits called bootkits. It should be noted, though, that despite Windows 8’s protections against rootkits, many conventional file-based forms of malicious software, such as viruses, worms, trojan horses, bots and fake AV programs, do indeed work under it, although often with a lower chance of success. These programs do not necessarily make use of the same types of functions as their stealthier bootkit brethren, but if they do, they are more likely to be blocked by the vulnerability mitigations introduced in Windows 8, especially when compared to an earlier operating system, such as Windows XP.

Conclusion

Despite some predictions that Microsoft Windows 8 would be “doomed” from a security standpoint, Windows 8 is on track with ESET’s earlier prediction that it would be the most secure version of Windows ever. In the year on the market, no major security vulnerabilities have been exploited.

eset logo (2)While labeled by some as a transitional operating system between the PC and the tablet, Windows 8 seems to provide a rock-solid foundation from a security perspective, and switching to more frequent release cycles will allow Microsoft to update the operating system’s kernel and core security features more frequently to adapt to new threats, as well as more rapid deprecation of older, more insecure features.

More Information:

www.eset.com/me

Leave a Comment

You must be logged in to post a comment.