How to make Windows tablets a success: Stop PC makers getting security wrong

Windows 10 tablets can be a success, but OEMs need to think harder about how they implement security on them, especially if they want to sell to enterprise.
Written by Mary Branscombe, Contributor

Until very recently, Windows 8 tablets were a huge missed opportunity for the industry. Before Microsoft dropped the licence fee for Windows on small devices, the OEMs didn't come up with innovative designs to take advantage of what Windows 8 could do on small screens and ignored them in favour of the race to the bottom in Android tablets.

Those in turn are getting squeezed out of the market by phablets; the tablet market has been showing down as we all think about how many handy little gadgets we need to have around. It might be three or five or seven, depending on whether you think IDC or Gartner or Forrester makes the best guestimate here, but the devices are all increasingly the same.

Those cheap new Windows tablets? They're Android models with the serial numbers filed off, in far too many cases, although it's heartening to see that even the very cheap models are sometimes reasonable quality and give you a decent experience. Compare that to the cheapest of Android tablets on sale this year; when mobile security company Bluebox checked out the bargains, they found a worrying number of vulnerabilities.

But the continuing enthusiasm for Microsoft's never-shipped Courier tablet shows there is a market for something with more imagination. Can the manufacturers prove they have any?

One of the other things we're all thinking about is privacy and security. Apple's Touch ID can be hacked but only if you have years of experience duplicating fingerprints, which makes it potentially one of the biggest recent security improvements.

We ought to have had the same system in the majority of Windows 8 devices, since the support is in the OS, but the OEMs obviously decided they didn't know how to sell that kind of feature.

Is that missed opportunity going to happen again?

There are lots of important new security features coming in Windows 10 that could make malware and hacking significantly harder. But some of the interesting security improvements will be dependent on the manufacturers.

But after what happened to Windows RT, do we trust Microsoft to make the right choices? RT, by the way, has no known malware despite all the thousands of apps in the Windows Store. It also has low sales thanks to the OEMs abandoning it.

The first opportunity for tablet innovation is putting fingerprint sensors onto not just business but consumer devices.

You know, the way Apple has on the iPhone. Hey, PC makers: add fingerprint sensors now, so they work with the Windows 10 credential system and we can get away from passwords.

Then there's enterprise lockdown; a way of having PCs only run software signed by Microsoft, by vendors that Microsoft has certified and supplied with a certificate from its own Certificate Authority, or software signed by a company.

OEMs have to make specific PCs for enteprise lockdown because you have to set it up in UEFI (because security you can turn on in software you can also turn off in software). That means OEMs have to choose which, if any, models will have the feature. And they get to choose how much extra it costs.

For businesses, enterprise lockdown could be a huge benefit. But they're not going to pay a lot extra for it and they're not going to be interested if they can only get it on PC models they wouldn't otherwise buy. If the manufacturers relegate enterprise lockdown to expensive or under-featured PCs instead of making it an option for almost any system, it won't have the impact it should.

Personally, I'd like to see a consumer version of enterprise lockdown; it would be like a Windows RT system that could also run desktop software from the Windows Store - and nothing else.

Imagine, a PC with no foistware, no drive-by downloads, no random toolbars - and a much better chance of no malware. Try searching for Photoshop or other popular software and see how many of the downloads are actually something really dubious. If you end up doing informal tech support for friends and family, this could save you a lot of time.

The other opportunity for security in Windows 10 is the way Windows Defender will automatically switch itself on when the other antivirus software you have installed isn't active. At the moment it doesn't switch on for three days.

It's fair for the security software companies to want to make money; they're businesses.

But still OEMs and software vendors need to take responsibility for not making the PC industry a race to the bottom. Microsoft has to walk a careful line between protecting users and making the PC business a viable business for its hardware and software partners.

With the number of security breaches in businesses so high this year and malware being so big a problem for home users, it might be time for the balance to swing a bit further in favour of the users who are the reason there's a business at all.

Read more:

Editorial standards