Windows 8 security unshaken by antivirus vendor's claims

Bitdefender raises worry over trusting included antivirus software, but one analyst said Windows 8's core security picks up the slack

Small businesses and consumers should remain confident of the significant improvements in Windows 8 security, despite the weaknesses alleged by antivirus vendors pushing new products, experts say.

Bitdefender was the latest antivirus company to release a study questioning some of the security capabilities of the new version of Microsoft's operating system. The study, which coincided with the release of Bitdefender's antivirus product for Windows 8, found that 15% of the most common malware bypassed Windows Defender, the software Microsoft includes with the OS.

"The conclusion is clear: Using your PC without a security solution is extremely risky," Bitdefender chief security strategist Catalin Cosoi said in a statement.

In terms of actual numbers, Bitdefender found that Windows Defender missed 61 malware of 385 used against Windows 8. However, without knowing how the system was configured for the test, it is impossible to know if the OS would have performed any better with a third-party antivirus product.

"I would look for a more independent outfit to do such tests rather than an antivirus vendor," Forrester Research analyst Chenxi Wang said by email on Friday.

While antivirus vendor marketing is made to cast doubt on the security in Windows 8, the fact is the new OS contains a number of technologies unseen by users that make it much more difficult for hackers to exploit Windows vulnerabilities.

[See related: Windows 8 gets first critical Patch Tuesday security bulletins]

"One of the biggest areas that Windows 8 really pushes on is implementing what is known as exploit mitigation technologies," said Dan Rosenberg, a consultant at Virtual Security Research. "They're technical solutions that are designed to render classes of vulnerabilities, especially memory corruption vulnerabilities, either difficult or impossible to exploit."

Corruption of a computer's system memory typically occurs due to programming errors. Such an event can be exploited by hackers to gain remote access to a system. Other features include Secure Boot, which makes it difficult for a class of stealthy malware called rootkits to avoid detection. 

Windows Defender as a standalone antivirus product does not have all the features of third-party software, which generally protects against more threats than just viruses, such as identity theft and links in social networks that point to malicious websites. Third-party products also have parental control and anti-phishing features.

"What Microsoft has done is create a minimum bar that all paid vendors need to exceed," IDC analyst Charles Kolodgy said by email.

Windows 8's more powerful security features take over where antivirus products end, Rosenberg said. "Antivirus has historically performed very poorly in detecting sophisticated, targeted attacks, such as exploits targeting previously unknown vulnerabilities."

Where products are most helpful is in warning users when they ignore obvious danger signs, such as an unknown sender in an email, and try to open a malware-carrying attachment or click on a malicious link.

"That's the niche where antivirus is most effective," Rosenberg said. "Preventing users from basically hurting themselves."

Copyright © 2012 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)