|Innovating The Next Big Thing||May 24, 2013|
• Analyst Insights
• Enterprise Insights
• Network & Information Security
• Enterprise Mobility
• Remembering 9/11
Next Innovator Group
Feedjit Live Web Stats
• Ghost City
McAfee Blogs: Metro Interface Improves Windows 8 While Increasing Some Risks
Jul 10, 2012 – Prashant Gupta
This is our second look at security-related changes to Windows 8 and the new Metro interface. Our first post introduced the topic and examined some of what’s new and potentially risky in Internet Explorer 10. Today, we’ll discuss improvements and possible problem points in the Windows Store, background tasks, the Windows 8 interface, and more.
Let’s Go Shopping
The Windows Store is similar to applications stores or markets for other platforms. To install apps, a customer needs to have a Microsoft Account (or a current Windows Live account).
The Windows Store currently does not prompt users to review the capabilities being requested by a new application. This information is visible in the details page for the application:
If an application attempts to access something that it hasn’t requested at installation, then the application will be denied access to that resource. It is important that users review the capabilities requested by their applications and not install those that request permissions that make the users uncomfortable. Odd requests can be a warning flag, for example, if a photo-editing app requests access to text messaging (SMS) yet has not explained why this capability is required. Purpose-built security software always adds value and provides more layers of protection from such rogue applications.
With Metro, all applications that are not in the foreground are suspended—so they don’t chew up resources that the foreground application could use. But Metro applications can also be active while in the background. Here are some triggers that will cause activity:
Although background triggers are not security risks per se, Metro will allow applications to run in the background. The trigger will launch a terminated application or unfreeze a suspended application and the run the task without bringing the application to the foreground. The user will not know the program is running.
Windows 8 vs. Windows 7 Interfaces
With Windows 8 (apart from the Metro interface) Microsoft has made significant improvements over the previous version. Fixes and upgrades include address space layout randomization, heap randomization, kernel fixes, and improvements to use-after-free issues in IE 10.
Let’s look at some noteworthy changes that will be visible to users. We’ll cover more improvements in future posts.
The SmartScreen feature, introduced in earlier versions of IE, has become Windows SmartScreen. This helps protect users from downloading or running suspicious or malicious applications. As you might expect, however, it allows you to run the executable anyway.
SmartScreen warns users who try to download a suspicious executable, but users may override the warning. This freedom poses a risk if such downloads are not secured by policy or antimalware solutions.
Windows Defender has been around for a while, but in Windows 8 it will come packaged with Windows and provide a first line of defense for users without an independent security suite installed. Windows Defender will detect viruses and other malware; that’s an improvement on previous versions, although in third-party tests Microsoft security solutions have performed at no better than an average level, according to the “Virus Bulletin” RAP averages quadrant. Windows Defender is a good first step toward effective security, but “defense in depth” is better. Consumers should install a desktop security suite to provide better protection than Windows can offer. In a corporate environment this defense becomes even more important, and security policies can be better enforced with an endpoint security suite.
Browsing Metro Style
A browser must provide everything from text, forms, and images to complex resource-intensive activities such as script execution and video. Browsers that have adopted the HTML5 standard are much more feature rich, and they are also a gateway to some rich applications that require system resources not available within Metro. But these user and application demands are difficult to meet in Windows 8 due to the significant restrictions placed on the Metro environment.
To provide developers and users with a choice to change the default browser in Windows 8, Microsoft has introduced a new class of applications: the “Metro style enabled desktop browser.” These applications can be registered as the default browser and can execute within the immersive Metro interface. This is an interesting twist because this non-Metro, non-Windows-Store application can influence Metro. It shouldn’t take long before we see custom tricks to get nonbrowser applications posing as browsers.
To Microsoft’s credit the Metro browser installation is not entirely unattended. To select a default browser, the user sees the following screen:
Any changes that modify the system state generally by default put the user in control of the change rather than the application. This control is great, but it puts great responsibility on users to see, understand, and make the right decisions. These decisions can be improved significantly by relying on advice from antimalware vendors, which have greater visibility and can offer proactive measures to boost security for Windows 8.
Need for Education
Windows has great influence and market share, but that also places great responsibility on Microsoft. Windows 8 will provide users with a number of new interface paradigms. New and skilled users alike will need to learn to survive in this new environment. They must:
“Old” Windows (with its desktop applications) still lies under the hood of Metro and is still vulnerable to conventional threats to IE or Office as well as to new Metro applications. Microsoft’s new security features will apparently require attackers to use a higher degree of sophistication to exploit systems. Yet past improvements have not deterred malware authors, and there is no reason to believe that new ones will either. Good user education remains of paramount importance.
Users must ensure that any operating system is patched, and that their machines have an antimalware solution that is kept up to date.
Future posts will include more analysis of Windows 8 and the state of its security. We will also further explore implications for users and discuss best security practices for the operating systems and applications.
» Send this article to a friend...
» Comments? Tell us what you think...
» More Network & Information Security articles...
Commentsblog comments powered by Disqus
Support This Site
• 5/12 Frontline Sentinel: Two-Factor Authentication for Social Media Sites
• 5/10 McAfee Blogs: RealTime for ePO – Optimized Endpoint Security
• 5/10 Ovum: Ovum comments: GB smart meter delay better late than never
• 5/10 Gartner Says India Has The Potential To Lead The World In The Nexus Of Social, Mobile, Cloud And Information But May Waste The Opportunity
• 5/9 Frontline Sentinel: NSA's Manual on Hacking the Internet
• 5/9 Frontline Sentinel: 8 charged in $45 million cybertheft bank heist
• 5/9 Gartner Highlights Three Key Foundational Elements for Demand-Driven Retail Success
• 5/9 iSuppli: Korean and American Versions of Galaxy S4 as Different as Kimchee and Coleslaw, IHS Teardown Reveals
• 5/9 eMarketer: eMarketer: Emerging Markets Drive Facebook User Growth
• 5/9 Wireless Watch: Microsoft/Nokia alliance at crossroads as both ponder OS futures
• 5/9 Wireless Watch: Apple must rethink far more than the iOS user interface
• 5/9 Faultline: Quantenna gets closer to ST Micro, expect it to get “ascloseasthis”
• 5/9 Faultline: Microsoft volunteers to take Nook, as Barnes and Noble start to breakup
• 5/9 Canalys: Smart mobile device shipments exceed 300 million in Q1 2013 - Android powers 59% of smart phones, tablets and notebooks
• 5/8 McAfee Blogs: Cybercriminals Celebrate – It’s Mothers Day!!
• 5/8 Ovum: Government policy-makers need to create a level playing field for cloud services procurement
• 5/8 Gartner Says Smart Organizations Will Embrace Fast and Frequent Project Failure in Their Quest for Agility
• 5/7 McAfee Blogs: How Secure Are Your Social Accounts?
• 5/7 McAfee Blogs: The Password Problem. Is it Your Problem?
• 5/7 McAfee Blogs: Have you met McAfee’s SIEM?
• 5/7 McAfee Blogs: NCCDC 2013 – Red Team Recap
• 5/7 HP Security Lab Blog: HP TippingPoint announces Security Management System 3.6
• 5/7 McAfee Blogs: Yes, There are “Mother’s Day” Scams
• 5/7 Ovum: Analyst View: TPG looks to become Australia’s fourth MNO
• 5/7 Ovum: Analyst view: UK G-Cloud to champion public cloud
• 5/7 Gartner Says CIOs Will Need to Manage Both Technology and Business Innovation to Gain Competitive Advantage with Big Data
• 5/6 Gartner Says Indian Public Cloud Services Market To Reach $443 Million In 2013
• 5/6 iSuppli: IHS Discusses How PCs Can Survive the Tablet Invasion, at the SID Touch Gesture Motion Event
• 5/6 McAfee Blogs: Emerging ‘Stack Pivoting’ Exploits Bypass Common Security
• 5/5 McAfee Blogs: Intel, McAfee Investing in Network Security; Strength through Acquisition
• 5/5 McAfee Blogs: Change Your Password Day – Get Onboard!
• 5/5 Frontline Sentinel: iFrame drive-by attack demo [Anatomy of Attack online]
• 5/3 Frontline Sentinel: Basic Use of Maltego for Network Intelligence Gathering
• 5/3 iSuppli: Russian, Eastern European Video Surveillance Market to Double from 2012 to 2017
• 5/3 McAfee Blogs: AP, Burger King, LivingSocial….Who’ll be Hacked Next?
• 5/2 iSuppli: SSDs to Account for One-Third of Worldwide PC Storage Shipments by 2017
• 5/2 iSuppli: PV Inverter Supplier Base Fragments in 2012 – Minimal Impact From Recent M&A Activity in 2013
• 5/2 McAfee Blogs: Healthcare Cloud Enabled Analytics is Growing
• 5/2 Ovum: Analyst view: Facebook’s Q1 2013 results
• 5/2 Australian Organizations to Spend A$70 Million on Business Process Management Suites in 2013: Gartner
• 5/2 Worldwide Semiconductor Assembly and Test Services Market Grew 2.1 Percent in 2012, According to Final Results by Gartner
• 5/2 Wireles Watch: ZigBee Alliance completes Smart Energy Profile 2:
• 5/2 Wireless Watch: AMD, AT&T and Ericsson – wireless value chain shifts to IoT
• 5/2 Faultline: Netflix Hastings predicts OTT world – should stick to profit predictions
• 5/2 Faultline: Ziggo to add 1m homespots by August, work with Liberty Global
• 5/2 Canalys: Canalys launches ‘Appcessory Analysis’ service - First analyst firm to launch a dedicated continuous information service in this space
• 5/1 McAfee Blogs: BadNews for Good People
• 5/1 Frontline Sentinel: The PR Implications Of Cyber Security
• 5/1 HP Security Lab Blog: So, you want to build a Security Operations Center...
• 5/1 HP Security Lab Blog: The new era of security intelligence, part 1