Mind the gaps left by Windows 8 security features

Frank Ohlhorst

Despite doubts over enterprise adoption of Microsoft's latest operating system, IT professionals must pay attention to Windows 8's features, such as its support for touch and its tile-based interface. One key question on the mind of desktop administrators is "What about Windows 8 security?"

As more IT shops consider a Windows 8 upgrade, IT managers still need to think twice before shoving the OS into their enterprises. Industry experts recommend that potential Windows 8 adopters first carefully balance expected productivity gains against operational overhead.

For many enterprises, concerns about regulatory compliance outweigh the potential productivity gains. Nowhere is that more true than for organizations bound by laws designed to protect data from fraudulent activity. Those businesses must look at Windows 8 security features.

Third-party component risks

Ian Murphy, an analyst at Creative Intellect Consulting Ltd., urged caution when moving to Windows 8. "The removal of some core components, such as a DVD player, is likely to encourage users to want third-party software on their computers," he said. "Many users will opt for free tools, which have been shown in the past to be major security issues."

More on Windows 8 security

Windows 8 must be part of any desktop vulnerability review

AppLocker and app sideloading provide IT controls for Windows 8

Microsoft tightens security in Windows 8, but IT is still wary

FAQ: Basic facts about Windows 8 and its features

Some financial organizations are also worried about potential vulnerabilities to malware and must implement controls to prevent the use of non-approved apps, said Andrew Schrage, co-owner of Money Crashers Personal Finance.

"In a test recently conducted by Bitdefender, researchers were able to infect a computer running Windows 8 with almost two-thirds of the more rampant forms of malware," Schrage said. "Even after they activated Windows Defender, they were still able to infect the test computer with more than 60 forms of malware."

There are other, less obvious Windows 8 security issues, said Dr. Nand Narain, CEO of S.V. Professional Center in New York. "Our practice uses a variety of third-party applications to support our ob-gyn, pediatrics, dental and cosmetic services -- my biggest concern with Windows 8 is how it will work with each of those specialized applications and preserve HIPAA compliance, as well as protect confidential information," he said, referring to the Health Insurance Portability and Accountability Act.

"I can see the productivity benefits offered by Windows 8, such as allowing staffers to use tablets and touchscreens to input patient data, but those benefits are for naught if they create security concerns," Narain added. "On the other hand, Windows 8's improved encryption and enhanced mobile device support, along with its ease of management, may ultimately improve security and solve some compliance issues."

Windows 8 security improvements

Schrage and Murphy agreed that Windows 8 security features have improved. "Windows 8 has something called Picture Password, a feature that recognizes a series of touch gestures as part of a password, rather than a traditional, typed-in password," Schrage said.

AppLocker was available with previous Windows versions, but the application management tool has been expanded and upgraded in Windows 8 to include a larger list of apps that can be allowed or disallowed for download. "With built-in and revamped BitLocker making it easier to encrypt and protect data, security has also improved substantially," said Murphy.

In addition, DirectAccess has been overhauled, enabling access to servers without the need for virtual private networks. "This has often been a problem for mobile users trying to get connectivity out of hotel rooms," Murphy said. When the next version of InTune ships, Microsoft will be able to manage every version of Windows 8, making policy enforcement easier and enabling enterprises to pursue bring your own device (BYOD) options, he said.

Privacy problems

Windows 8 may offer improved performance, but admins should also think about privacy, said Nadim Kobeissi, a computer security researcher and inventor of a secure open source chat platform called Cryptocat. "I've been very impressed by how fast, well-designed, functional and capable this latest iteration of Windows is. However, my tinkering around from a security/privacy perspective has left me concerned," he said.

"Windows 8 has a feature called Windows SmartScreen, which screens every single application you try to install from the Internet in order to inform you whether it's safe to proceed with installing it or not," Kobeissi said. It might sound good in theory, he added, but "the big problem is that Windows 8 is configured to immediately tell Microsoft about every app you download and install. This is a very serious privacy problem, specifically because Microsoft is the central point of authority and data collection/retention here, and therefore becomes vulnerable to being served judicial subpoenas."

What's more, Kobeissi said, "it may be possible to intercept SmartScreen's communications to Microsoft and thus learn about every single application downloaded and installed by a target."

App testing and Windows 8 security

Narain noted that organizations should make sure application vendors approve Windows 8 to work with their products before conducting an OS migration. "I won't move to Windows 8 unless I have assurances that it will work securely with my line-of-business applications," he said.

The burden of proof is on IT pros to demonstrate that Windows 8 security features or flaws won't affect enterprise security, privacy and compliance.

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Expert Discussion

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest