While Windows 8 has been touted as Microsoft's most secure operating system featuring strong security enhancements, some issues remain which organizations must be aware of.
Michael Sentonas, CTO of McAfee Asia-Pacific, said a number of promising features seem to provide improved security within Windows 8.
Citing Microsoft which said Windows 8 will include "mitigation enhancements that further reduce the likelihood of common attacks", Sentonas explained this meant changes it made to various core system components were focused on mitigating some of today's most common exploits, making it harder for malware writers to develop new ones.
However, Gerry Egan, senior director of product manageent at Symantec's Norton, noted while new features such as file scanning with Microsoft Defender and Early Launch Anti-Malware (ELAM) do raise the bar, malware is like "water flowing down a hill". It follows the path of least resistance and if one path is blocked off, it simply finds its way to the next easiest path, Hall said.
ZDNet Asia spoke to security advisors to identify five potential loopholes on the Windows 8 platform organizations should be mindful of.
1. Threats on Win 7 will work across Win 8
Windows 8 maintains backward compatibility with Windows 7, so the vast majority of both legitimate and malicious programs will also run unaltered on Windows 8 devices, Egan warned.
Luis Corrons, technical director of Panda Security's Panda Labs, agreed. To target the biggest number of users possible, hackers typically work on malware which runs not only on Windows 8 but also previous versions of the OS, from Windows XP to Windows 7, he added.
Since the number of PCs currently running Windows 8 is still small, there will not be a surge of malware designed for the operating system yet, Spain-based Corrons said, but warned cybercriminals will start testing Windows 8 as users slowly migrate to the OS.
2. New cyberattacks already surfacing
In fact, since the release of Windows 8 platform, fake antivirus and phishing attacks aimed at the operating system have already been discovered, Sentonas pointed out.
Trend Micro last week discovered a fake antivirus named TROJ_FAKEAV.EHM, which displays fake scanning results to intimidate users to purchase its fake antivirus program packaged as a security tool made for Windows 8.
Sophos last week also said it intercepted a phishing attack which pretended to originate from the "Microsoft Windows 8 team", offering free software through a Web link. When users click on the link, they will be taken to a Web page on a Slovakian Web server asking them to enter their username, password, e-mail address, and server domain name.
3. Social engineering not addressed
According to Egan, no steps were taken to mitigate social engineering in prior versions of Windows and these are still not addressed in Windows 8. Social engineering is one of the biggest security threats today as the user is often an "easy and successful target", unable to distinguish between scams and legitimate items, he explained.
Corrons agreed, noting phishing e-mail attacks that leverage social engineering have already surfaced since the launch of Windows 8. "We see little [that's] new in Windows 8 to prevent this type of attacks and as such, this remains one of the biggest security holes," Hall said.
4. Security additions still perimeter-based
Many of the added features in Windows 8 such as the ELAM and scanning of files with Defender are still based on signature-based technologies, observed Abhishek Singh, senior security research engineer at FireEye.
In an age where signature-based technologies will not be useful in protecting against these cyberattacks, Abhishek remarked.
As such, other security technologies which go beyond perimeter defense must be used along with Windows 8, he advised. For example, having a security tool which can catch an attack in real-time, based on behavior, will complement the security offerings in Windows 8, he suggested.
5. Vulnerabilities exist on Win 8
Sentonas pointed out vulnerabilities were discovered in the Windows 8 preview release. Even though some of these were also present in older operating systems and applications, the fact remains there will be vulnerabilities in the new OS and attackers will try to exploit them, he cautioned.
He noted that Vupen, a French penetration-testing company, last week found a way to bypass security mechanisms of Windows 8.
ELAM is also based on loading a trusted module during the boot process until the full antivirus engine is loaded, Abhishek added. However, there were cases where valid certificates of Microsoft and Adobe had been used by malware, which were able to evade antivirus scanners, he said.