This content is part of the Essential Guide: Post-XPalypse: Surviving a world changed by Windows 8.1 features

Mind the gaps left by Windows 8 security features

Observers agree that Microsoft has improved security in Windows 8, but IT must still check how the OS affects third-party apps and privacy.

Despite doubts over enterprise adoption of Microsoft's latest operating system, IT professionals must pay attention to Windows 8's features, such as its support for touch and its tile-based interface. One key question on the mind of desktop administrators is "What about Windows 8 security?"

As more IT shops consider a Windows 8 upgrade, IT managers still need to think twice before shoving the OS into their enterprises. Industry experts recommend that potential Windows 8 adopters first carefully balance expected productivity gains against operational overhead.

For many enterprises, concerns about regulatory compliance outweigh the potential productivity gains. Nowhere is that more true than for organizations bound by laws designed to protect data from fraudulent activity. Those businesses must look at Windows 8 security features.

Third-party component risks

Ian Murphy, an analyst at Creative Intellect Consulting Ltd., urged caution when moving to Windows 8. "The removal of some core components, such as a DVD player, is likely to encourage users to want third-party software on their computers," he said. "Many users will opt for free tools, which have been shown in the past to be major security issues."

More on Windows 8 security

Windows 8 must be part of any desktop vulnerability review

AppLocker and app sideloading provide IT controls for Windows 8

Microsoft tightens security in Windows 8, but IT is still wary

FAQ: Basic facts about Windows 8 and its features

Some financial organizations are also worried about potential vulnerabilities to malware and must implement controls to prevent the use of non-approved apps, said Andrew Schrage, co-owner of Money Crashers Personal Finance.

"In a test recently conducted by Bitdefender, researchers were able to infect a computer running Windows 8 with almost two-thirds of the more rampant forms of malware," Schrage said. "Even after they activated Windows Defender, they were still able to infect the test computer with more than 60 forms of malware."

There are other, less obvious Windows 8 security issues, said Dr. Nand Narain, CEO of S.V. Professional Center in New York. "Our practice uses a variety of third-party applications to support our ob-gyn, pediatrics, dental and cosmetic services -- my biggest concern with Windows 8 is how it will work with each of those specialized applications and preserve HIPAA compliance, as well as protect confidential information," he said, referring to the Health Insurance Portability and Accountability Act.

"I can see the productivity benefits offered by Windows 8, such as allowing staffers to use tablets and touchscreens to input patient data, but those benefits are for naught if they create security concerns," Narain added. "On the other hand, Windows 8's improved encryption and enhanced mobile device support, along with its ease of management, may ultimately improve security and solve some compliance issues."

Windows 8 security improvements

Schrage and Murphy agreed that Windows 8 security features have improved. "Windows 8 has something called Picture Password, a feature that recognizes a series of touch gestures as part of a password, rather than a traditional, typed-in password," Schrage said.

AppLocker was available with previous Windows versions, but the application management tool has been expanded and upgraded in Windows 8 to include a larger list of apps that can be allowed or disallowed for download. "With built-in and revamped BitLocker making it easier to encrypt and protect data, security has also improved substantially," said Murphy.

In addition, DirectAccess has been overhauled, enabling access to servers without the need for virtual private networks. "This has often been a problem for mobile users trying to get connectivity out of hotel rooms," Murphy said. When the next version of InTune ships, Microsoft will be able to manage every version of Windows 8, making policy enforcement easier and enabling enterprises to pursue bring your own device (BYOD) options, he said.

Privacy problems

Windows 8 may offer improved performance, but admins should also think about privacy, said Nadim Kobeissi, a computer security researcher and inventor of a secure open source chat platform called Cryptocat. "I've been very impressed by how fast, well-designed, functional and capable this latest iteration of Windows is. However, my tinkering around from a security/privacy perspective has left me concerned," he said.

"Windows 8 has a feature called Windows SmartScreen, which screens every single application you try to install from the Internet in order to inform you whether it's safe to proceed with installing it or not," Kobeissi said. It might sound good in theory, he added, but "the big problem is that Windows 8 is configured to immediately tell Microsoft about every app you download and install. This is a very serious privacy problem, specifically because Microsoft is the central point of authority and data collection/retention here, and therefore becomes vulnerable to being served judicial subpoenas."

What's more, Kobeissi said, "it may be possible to intercept SmartScreen's communications to Microsoft and thus learn about every single application downloaded and installed by a target."

App testing and Windows 8 security

Narain noted that organizations should make sure application vendors approve Windows 8 to work with their products before conducting an OS migration. "I won't move to Windows 8 unless I have assurances that it will work securely with my line-of-business applications," he said.

The burden of proof is on IT pros to demonstrate that Windows 8 security features or flaws won't affect enterprise security, privacy and compliance.

Dig Deeper on Windows 8 and 8.1

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

How concerned are you about Windows 8 security?
Windows Defender which is built in helps place it in safer place than Win 7
Windows 8 is most secure than earlier Windows iterations.
The experience with win 8 concerning the removal of infections was very bad until now. The lack of the F8 option during boot does not help. Sometimes the system restore option is not reachable any more, or system restore fails.
Always watching
Security is not my main concern, useability is however!
MS maybe try to eliminate some gaps, but they new policies open new holes, for me the direction of MS in this point its not clear, give the idea than the left hand don't know what made the right hand...
Windows has been a big target over the years and Microsoft has done a good job of responding by making each iteration of Windows more secure and implementing secure development processes.
Win 7 more suitable for users than win 8 as no touchscreen to play
All flavours have problems/vulnerabilities. If I wait till they all secure I will be getting 8 around the time that 37 becomes available. In fact, I wouldn't have XP yet if I was waiting.
Every system needs a TRA. Controls and mitigations flow from that. Windows 8 is just another bunch of risks. But putting your control and privacy into the hands of Microsoft is probably not everyone's idea of a good thing.
how to improve my PC security
The more I hear about Windows 8, the more glad I am that I switched to Linux some time ago.
considering that the number of threats are much higher now than, say, three years ago,
windows 8 is more secure. Also, Microsoft provides frequent updates to its security tools, some proactively.
win 8 is safe
Windows 8 - The new Vista ! :)
I find Windows 8 more secure with the implementation of UEFI & the enhanced BitLocker
same history, but in shorter cicles.
Awful operating system
No organisation is going to let users downloads apps/applets like they would on their own mobile phone or tablet. Windows-8 is a security and compliance disaster waiting to happen.
It's overall Microsoft. You should be worried about the security at the first place