Despite a Decade of Security Upgrades, Windows Vulnerabilities Still Exist

Friday, February 22, 2013

Mark Austin


Windows 8 is touted, rightfully so, for being the most secure Windows operating system yet. However, it would be a mistake to believe that Windows 8 does not require external security enhancements.

In fact, the need for large Windows-centric organizations to implement a comprehensive security plan has never been more important, especially considering how Windows 8 veers into so much uncharted usage territory.

For instance, Microsoft customers have never really been exposed to the types of threats now plaguing Android users. Until now, there were no widely-available, consumer smartphone apps that Windows system administrators needed to worry about. With Microsoft’s recent launch of the Windows 8 App Store, a whole new set of vulnerabilities could emerge that Windows-centric organizations haven’t faced before.

Certain security risks inherent to the Windows 8 platform could very well allow malicious applications to slip through the cracks, ultimately infecting a company’s entire network. Just because an application has been allowed into the app store, does not necessarily make it suitable for business use.

The transition to Windows 8 will take time. But once the shift gains traction, employees will be looking for a more integrated experience between their desktop PCs, notebooks, tablets and smartphones. Employees will expect a smooth transition for running Windows 8 apps on their personal devices and having access to these on their professional machines.

Organizations will be expected to oblige to this demand. IT administrators will be most concerned with how apps from the Windows store are sourced and run in the new interface. And as Surface touch tablets gain in popularity, organizations will need to place added emphasis on securing corporate data on these devices.

Microsoft deserves credit for embedding both versions of Surface — Windows RT and Windows 8 — with basic antivirus protection, Windows Defender, that can be managed through Windows Intune.

However, security flaws that enabled piracy shortly after the release of the new operating system underscores why these embedded features aren’t entirely foolproof. Furthermore, Windows Defender lacks centralized management and reporting capabilities that most large organizations will demand.

There is no question that Microsoft has enhanced Windows 8′s security. But it is still inadequate in providing a complete solution for dealing with advanced attacks — which are likely to continue as part of our ever-evolving threat landscape.

Cross-posted from The Last WatchDog

Possibly Related Articles:
Operating Systems Vulnerabilities
Information Security
Windows Security
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.