5 security issues to watch in Win 8

5 security issues to watch in Win 8

Summary: Emerging fake antivirus, phishing scams, and signature-based security vulnerabilities are some issues identified on the latest Microsoft operating system.

SHARE:
TOPICS: Security, Windows
12

While Windows 8 has been touted as Microsoft's most secure operating system featuring strong security enhancements, some issues remain which organizations must be aware of.

Michael Sentonas, CTO of McAfee Asia-Pacific, said a number of promising features seem to provide improved security within Windows 8.

Citing Microsoft which said Windows 8 will include "mitigation enhancements that further reduce the likelihood of common attacks", Sentonas explained this meant changes it made to various core system components were focused on mitigating some of today's most common exploits, making it harder for malware writers to develop new ones.

However, Gerry Egan, senior director of product manageent at Symantec's Norton, noted while new features such as file scanning with Microsoft Defender and Early Launch Anti-Malware (ELAM) do raise the bar, malware is like "water flowing down a hill". It follows the path of least resistance and if one path is blocked off, it simply finds its way to the next easiest path, Hall said.

ZDNet Asia spoke to security advisors to identify five potential loopholes on the Windows 8 platform organizations should be mindful of.

1. Threats on Win 7 will work across Win 8
Windows 8 maintains backward compatibility with Windows 7, so the vast majority of both legitimate and malicious programs will also run unaltered on Windows 8 devices, Egan warned.

Luis Corrons, technical director of Panda Security's Panda Labs, agreed. To target the biggest number of users possible, hackers typically work on malware which runs not only on Windows 8 but also previous versions of the OS, from Windows XP to Windows 7, he added.

Since the number of PCs currently running Windows 8 is still small, there will not be a surge of malware designed for the operating system yet, Spain-based Corrons said, but warned cybercriminals will start testing Windows 8 as users slowly migrate to the OS.

2. New cyberattacks already surfacing
In fact, since the release of Windows 8 platform, fake antivirus and phishing attacks aimed at the operating system have already been discovered, Sentonas pointed out.

Trend Micro last week discovered a fake antivirus named TROJ_FAKEAV.EHM, which displays fake scanning results to intimidate users to purchase its fake antivirus program packaged as a security tool made for Windows 8.

Sophos last week also said it intercepted a phishing attack which pretended to originate from the "Microsoft Windows 8 team", offering free software through a Web link. When users click on the link, they will be taken to a Web page on a Slovakian Web server asking them to enter their username, password, e-mail address, and server domain name.

3. Social engineering not addressed
According to Egan, no steps were taken to mitigate social engineering in prior versions of Windows and these are still not addressed in Windows 8. Social engineering is one of the biggest security threats today as the user is often an "easy and successful target", unable to distinguish between scams and legitimate items, he explained.

Corrons agreed, noting phishing e-mail attacks that leverage social engineering have already surfaced since the launch of Windows 8. "We see little [that's] new in Windows 8 to prevent this type of attacks and as such, this remains one of the biggest security holes," Hall said.

4. Security additions still perimeter-based
Many of the added features in Windows 8 such as the ELAM and scanning of files with Defender are still based on signature-based technologies, observed Abhishek Singh, senior security research engineer at FireEye.

In an age where signature-based technologies will not be useful in protecting against these cyberattacks, Abhishek remarked.

As such, other security technologies which go beyond perimeter defense must be used along with Windows 8, he advised. For example, having a security tool which can catch an attack in real-time, based on behavior, will complement the security offerings in Windows 8, he suggested.

5. Vulnerabilities exist on Win 8
Sentonas pointed out vulnerabilities were discovered in the Windows 8 preview release. Even though some of these were also present in older operating systems and applications, the fact remains there will be vulnerabilities in the new OS and attackers will try to exploit them, he cautioned.

He noted that Vupen, a French penetration-testing company, last week found a way to bypass security mechanisms of Windows 8.

ELAM is also based on loading a trusted module during the boot process until the full antivirus engine is loaded, Abhishek added. However, there were cases where valid certificates of Microsoft and Adobe had been used by malware, which were able to evade antivirus scanners, he said.

Topics: Security, Windows

Ellyne Phneah

About Ellyne Phneah

Elly grew up on the adrenaline of crime fiction and it spurred her interest in cybercrime, privacy and the terror on the dark side of IT. At ZDNet Asia, she has made it her mission to warn readers of upcoming security threats, while also covering other tech issues.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

12 comments
Log in or register to join the discussion
  • 5 security issues to watch in Win 8

    So issues in Windows 7 will also be in Windows 8......
    RickLively
  • Fud by antivirus companies

    And how do you expect OS to cure social engineering? and why is that a Windows issue?
    Very shallow article, getting paid to write against Microsoft eh?
    ninjacut
    • Agreed it is FUD

      @ninjacut: Agreed.

      I don’t see the big deal about the release of Windows8. Yes it’s new, but so was Windows 7 in 2009. Just because a new version of Windows is made available it does not mean that the security threat landscape changes overnight.

      As for ELAM being signature based, there is reason for that. The boot up process is an environment with limited functionality and where speed of loading is of utmost importance. If Microsoft had added behavioral scanning into ELAM, people would moan that it was slowing down the boot process. You can never satisfy everyone.

      Yes ELAM is not perfect, but it is a step in the right direction. Here is an article from Microsoft that talks about the limitations of ELAM and the compromises that were made:

      http://blogs.technet.com/b/mmpc/archive/2012/10/11/elam-is-black-and-white.aspx

      Let me address each of the 5 points that you raise:

      1. If compatibility with Windows 7 was not preserved almost nobody would buy Windows 8 since their software library would have be purchased again not to mention the development costs for the manufacturers in creating that new software.

      2. Phishing and Fake AV, are these new to Windows 8? No, they existed with older versions of Windows. I really don’t see the big deal here. Of course phishers are going to use the launch of Windows 8 to try to pull some scams. I have seen them do that with the iPhone 5, funny how people keep quiet about that though.

      3. Social engineering: One phrase: PEBKAC. Just because the OS is new, don’t blame it for the user infecting it with malware.

      If you were expecting a full blown security suite to be included in Windows 8 to combat phishing, think again. Anti-trust and anti-competition lawsuits would then ensue. The EU might have something to say about it too. Remember IE 10 does have Smartscreen that can detect some phishing sites. Yes it is not perfect but I don’t see Windows XP or Windows 7 getting a hard time from the tech press over this.

      4. I talked about ELAM above. Windows Defender is only intended to provide basic protection. As Symantec point out in the article below, Microsoft still recommend that you run a full security suite to protect you from malware. Windows Defender however is better than nothing until you choose which AV software to install be it free or a paid for version.

      http://community.norton.com/t5/Ask-Marian/Make-Windows-8-Great-with-New-Norton-Apps/ba-p/835558

      5. Vulnerabilities exist on Win 8: That makes me laugh. Its imperfect software written by imperfect humans, what do you expect? Even if we had Artificial Intelligence write software for us, that AI would be created by us and we are imperfect. Windows 8 and any new OS cannot change that it. If you were expecting it to, that’s being naïve.

      As for the exploit from Vupen, such things always happen. Being the first to find an exploit for a new OS gets you in the headlines for a few days. This has happened with new OS I can think of.

      As for the flaws in SecureBoot i.e. spoofed Microsoft and Adobe certificates, again nothing is full proof but it does makes it harder to compromise a SecureBoot enabled PC with UEFI than a traditional BIOS based PC , which is a step forward. If you were expecting a silver bullet with regards to malware that loads before the OS starts, you will be waiting a very long time.
      In summary, Windows 8 is a step forward in security. If you were expecting a perfect OS from a security standpoint, you are always going to be disappointed.

      Windows 8 is harder to compromise than Windows 7 but far from impossible to compromise. I am tired of hearing such negative press about Windows 8. As long as progress in security is made, we should be thankful. Yet we bash Windows 8 for not solving all of our security problems. It funny how whatever progress is made is always over shadowed by nay sayers and doubters. Have some sympathy for the developers of Windows 8 especially the ones who added additional security features, are you trying to say that their work is no good and they are wasting their time?

      Please find below some information on the security improvements of Windows 8, including information about the limitations of such new security:

      http://blogs.msdn.com/b/b8/archive/2011/09/15/protecting-you-from-malware.aspx

      http://illmatics.com/Windows%208%20Heap%20Internals%20(Slides).pdf

      http://www.h-online.com/security/news/item/Worth-Reading-ROP-protection-in-Windows-8-bypassed-1368992.html

      P.S.: I DO NOT work for Microsoft but I am passionate about their software. I resolve technical issues with Windows PCs and remove malware from them too in my job. I also train others how to do the same. It is in my best interest to know as much as I can about Microsoft and its products.
      JimboC421
  • by the way

    microsoft will issue 3 security bulletins (and most likely requisite security fixes) rated critical for windows 8 32 and 64 bit editions and windows server 2012 and 1 security bulletin rated important and 1 bulletin rated critical for windows 8 rt on tuesday, so it didn't take long for vulnerabilities to be discovered and fixed.
    archangel127
  • What were Microsoft thinking?

    It is the nature of the beast...hackers are always ahead in the game, they are proactive. Whereas MS is always behind being reactive when issuing patches.
    Microsoft could have taken a major step forward in securing W8 - by ditching legacy code and cutting off the air supply to the hackers. After all, it's not as though their existing user base has anywhere to go or the inclination even if a viable alternative existed. Apple isnt interested. Around 40% of industry still uses XP and W7 still has years of useful life left in it. They could have moved consumers to a new code base, ironed out all the bugs and converted the enterprise as and when W7 was eol.
    Still, the AV industry just got some major leverage. Pity that it wasn't the user that got first consideration going forward.
    frogspaw
    • Ditch legacy code?

      I doubt they would do that, because if version 8 wouldn't run all your programs, that would leave you high and dry, with your only options being to 1) not get the new version of the OS, 2) get Windows 8, and the new version of the program you want/need to use, or 3) get Windows 8, and get a different product that will work under it.

      None of these are particularly desirable options if they can be avoided, and legacy support has been Microsoft's greatest strength for years.
      Third of Five
  • OH NOO SAY IT ISN'T SO!!!!!!!

    So much for the "New and Improved" Flag ship! It's blazingly fast which means you can get owned that much quicker!!!!!!!!! I'll stick with my good old slower than dirt Win7 running Norton and Malwarebytes thank you! It'll take a few seconds longer to get owned!
    Geesh, you'd have thought they'd have got it right this time!
    Disgruntled_MS_User
  • 5 security issues to watch in Win 8

    I'm sure that Panda, Norton, Trend Micro and many other anti malware providers spend a lot of time examining PC threats. However, they also are looking at Windows 8, the first version of Windows with an full anti malware suite built-in. So they must emphasize Windows 8 vulnerabilities in order to continue selling their products which must be installed on top of the Microsoft suite. I'd like to hear from more PC installers and service techs on this subject in order to get some balance here.
    denwilgor
    • Haha

      You took the words right outta my mouth, I totally agree, im with Win7 and still using MSE. It needs improvements but what software code doesnt, other than that, im totally satisfied with MSE and havent had any issues with it yet, no lags, no memory hogs, runs great. Ive tested the WIn8Preview, and honestly, didnt even notice MSE running in the background well obviously the name changed heh. But anyways. I think Win8 and Win7 are both great to have. I use both, Win 8 still has some isses running certain games. while 7 doesnt. which is why I have both. :p
      hackerdemon2000@...
  • Be Patient and Cautious

    While there are alot of positive and negative feelings on Windows 8, this is in line with past releases of Windows. Let's not forget that the hacking, anti-Windows community, as well as scammers determined to rob Microsoft users of time and money remain committed to hacking the system.

    Windows 8 is the cleanest and most intuitive design of Windows to date. Its a robust operating system and Microsoft finally got resource use down pat giving Windows 8 the capability of being installed on your old, dusty Windows XP desktop.

    As an IT consultant, we've cautiously advised our clients to approach Windows 8 with caution. It is a good OS, but the bugs need to be worked out. Microsoft is embracing what users want with a new interface and apps that tie in to cloud computing.

    If you'd like more information, please visit www.richmondcomputer.com.
    Richmond Computer
  • can not agree completely

    As long as you use apps from windows app store you are safer. enterprises should restrict their users to the store or they can create a group for company from where the users can download apps.
    Mac_Win
  • I finally escaped ALL Windows viruses for the rest of my life!

    I got tired of Microsoft viruses, scams and malware so I installed a really cool 3D Linux operating system for only $39.95 that is 100% compatible with all my Windows data and is 10 times faster called Robolinux.

    It took me only 5 minutes to install it.

    Now I can surf until I am blue in the face and I can't get a virus.

    Check it out

    http://robolinux.org
    robolinux