- Tools & Templates
- Security Jobs
- Data Protection
- Identity & Access
- Business Continuity
- Physical Security
- Security Leadership
Windows 8: Security pros and cons
Here's a look at various writings I'm seeing on the subject this morning.
Corporate Vice President of Windows Planning and Ecosystem Michael Angiulo demonstrated some of the security bits earlier this week at the Microsoft BUILD conference in Anaheim, Calif. In The Register, Dan Goodin described the scene:
Angiulo demonstrated an early version of Windows 8 that automatically scanned an infected USB drive used to boot the next generation operating system. Before the OS was able to load, the computer stopped the process and displayed a warning that the boot volume contained an "invalid signature" indicating it had been compromised. He was able to get the valid version of Windows to load by turning off the system and turning it back on.
Former Network World colleague Jon Brodkin recently wrote about the plan for facial recognition as a way to move beyond passwords:
By 2012 sensors such as microphones, cameras, GPS, accelerometers, and temperature and magnetic sensors will be common in most PCs, allowing Windows 8 to interact with the user's environment in new and interesting ways.
One scenario uses facial recognition software to verify a user's identity.
"Amish walks into his home office," Microsoft writes in one of many fictional scenarios outlined in the Windows 8 slide decks. "The proximity sensor on his PC detects motion, and wakes the PC. By the time Amish sits down, his PC is powered up. It scans his face and logs him in. finally, when Amish gets up and leaves, his PC notices that he's gone and locks itself and powers down."
Windows 8 may also eliminate the need for remembering passwords across multiple websites.
"Password pain has reached a tipping point," Microsoft says. "Windows 8 could include a way to securely store usernames and passwords, simplifying the online experience"
It all sounds terrific to me. But Sophos' Graham Cluley is raising the red flag on how the Windows 8 interface could herald a new era of full-screen scareware.
In Sophos' Naked Security blog he writes:
One of the interesting features of the Metro user interface is that apps are designed to be full-screen, without any surrounding furniture. That means you won't see scroll bars and the like, unless you interact with the interface.
One has to wonder whether this will lead to a wave of new scareware/fake anti-virus attacks.
Currently, malicious hackers poison webpages to display what appears to be a warning about malware found on your computer - tricking users into downloading software. The initial alert pops up in your web browser.
These phony alerts have proven to be a very effective way for cybercriminals to fool users into installing their malicious scareware. And it's very likely we'll continue to see hackers trick your browser into displaying bogus warning messages
But, with Windows 8, these browser-based fake anti-virus warnings will be shown full-screen, without the tell-tale signs that you're in a browser, meaning it may be even easier to convince a victim into believing he is viewing genuine security alert from the operating system rather than simply a webpage pretending to be one.
This won't be the last of the security concerns we hear about. Windows 8 still has a way to go before it's released to the general public. When new features are created to improve the user experience, new security threats appear.
That said, at first glance the new security features are impressive. And I'm holding out hope that with Windows 8 being put through the machinery of Microsoft's Security Development Lifecycle, we'll see far fewer vulnerabilities than we've seen in past versions of Windows.
CSO's Daily Dashboard gives you a one-stop view of latest business threats. We created it for you! Bookmark it! Use it!
Thanks to cloud computing, your business data is everywhere and being accessed by everyone. Making the wrong decision to protect your data can result in high costs, increased risk and executive exposure. View this live webinar on cloud security and the evolving data center, and learn why a data-centric approach to security is the best bet for today's virtual environment.