As IT pros start testing Windows 8 security, one key question is how Microsoft's new operating system compares to its predecessor, Windows 7.
Microsoft added several new Windows 8 security features, but the OS is still vulnerable to some common malware families and other attacks, according to reports by anti-malware vendors. That has some IT pros concerned.
"Security is vital for what we do and for anybody who works with highly sensitive data," said Tim Robinson, network administrator for Waltonen Engineering Inc., a mechanical engineering and manufacturing firm in Warren, Mich.
That's especially true for companies, such as Waltonen, that do a lot of work for the federal government. One exploit of Windows security vulnerabilities can cause them to lose valuable contracts, Robinson said.
New Windows 8 security features
One of the security enhancements in Windows 8 is Secure Boot, which helps to block boot loaders and rootkit attacks. It also provides support for Early Launch Anti-malware, which aims to keep viruses from loading before legitimate code during the boot process. Secure Boot takes advantage of the Unified Extensible Firmware Interface specification, which replaces BIOS firmware in Windows 8 systems.
Other Windows 8 security features include a built-in version of Microsoft's antivirus engine as part of the new Windows Defender security package. In addition, Microsoft enhanced existing Windows security features, such as Address Space Layout Randomization and Data Execution Prevention -- technologies meant to keep hackers from guessing where vulnerable system code is located in memory.
As a result, many of the memory exploit tactics that an attacker would use to gain control of a Windows 7 machine will fail on Windows 8, Microsoft said.
Windows security vulnerabilities remain
Despite these new Windows 8 security features, the OS isn't completely safe.
Within days of Windows 8's release in late October, Trend Micro Inc. identified a pair of malware exploits, including a so-called scareware package that pretended to be an anti-malware program and tried to get users to pay for a fake tool. French security firm Vupen also identified multiple Windows 8 security vulnerabilities in early November.
More on Windows 8 security features
Windows 8 FAQ: Features, news and more
Reviewing Windows 8 desktop vulnerabilities
Researcher lauds Windows 8 memory protection features
A mid-November report from Romanian security firm Bitdefender said Windows 8, with Windows Defender enabled, blocked execution of 85% of the top 100 malware families. That means, of course, that it didn't block 15%. Symantec's testing found similar results.
"With Windows 8, Microsoft has raised the bar, but it's far from impervious," said Gerry Egan, senior director of product management for Symantec's Norton anti-malware products.
Security vendors often use these studies to pitch their own products, but that doesn't mean IT should discount their findings outright.
"The [vendors] are going to find holes," said David Johnson, senior analyst at Forrester Research Inc. in Cambridge, Mass. "It's one vendor's test, of course, [but] if the results are correct, there's a concern."
Last week, Microsoft released the first Windows 8 patches. In response to a request for comment, the company issued a statement that it "continues to invest heavily in continuously improving our security and protection technologies."
Dig deeper on Network intrusion detection and prevention and malware removal
Stuart J. Johnston asks:
What's your main concern about Windows 8?
0 ResponsesJoin the Discussion