Windows 8: Security pros and cons

Much has been made about the security features being worked into Microsoft Windows 8. But there may be some new dangers as well.

Here's a look at various writings I'm seeing on the subject this morning.

Corporate Vice President of Windows Planning and Ecosystem Michael Angiulo demonstrated some of the security bits earlier this week at the Microsoft BUILD conference in Anaheim, Calif. In The Register, Dan Goodin described the scene:

Angiulo demonstrated an early version of Windows 8 that automatically scanned an infected USB drive used to boot the next generation operating system. Before the OS was able to load, the computer stopped the process and displayed a warning that the boot volume contained an "invalid signature" indicating it had been compromised. He was able to get the valid version of Windows to load by turning off the system and turning it back on.

Former Network World colleague Jon Brodkin recently wrote about the plan for facial recognition as a way to move beyond passwords:

By 2012 sensors such as microphones, cameras, GPS, accelerometers, and temperature and magnetic sensors will be common in most PCs, allowing Windows 8 to interact with the user's environment in new and interesting ways.

One scenario uses facial recognition software to verify a user's identity.

"Amish walks into his home office," Microsoft writes in one of many fictional scenarios outlined in the Windows 8 slide decks. "The proximity sensor on his PC detects motion, and wakes the PC. By the time Amish sits down, his PC is powered up. It scans his face and logs him in. finally, when Amish gets up and leaves, his PC notices that he's gone and locks itself and powers down."

Windows 8 may also eliminate the need for remembering passwords across multiple websites.

"Password pain has reached a tipping point," Microsoft says. "Windows 8 could include a way to securely store usernames and passwords, simplifying the online experience"

It all sounds terrific to me. But Sophos' Graham Cluley is raising the red flag on how the Windows 8 interface could herald a new era of full-screen scareware.

In Sophos' Naked Security blog he writes:

One of the interesting features of the Metro user interface is that apps are designed to be full-screen, without any surrounding furniture. That means you won't see scroll bars and the like, unless you interact with the interface.

One has to wonder whether this will lead to a wave of new scareware/fake anti-virus attacks.

Currently, malicious hackers poison webpages to display what appears to be a warning about malware found on your computer - tricking users into downloading software. The initial alert pops up in your web browser.

These phony alerts have proven to be a very effective way for cybercriminals to fool users into installing their malicious scareware. And it's very likely we'll continue to see hackers trick your browser into displaying bogus warning messages

But, with Windows 8, these browser-based fake anti-virus warnings will be shown full-screen, without the tell-tale signs that you're in a browser, meaning it may be even easier to convince a victim into believing he is viewing genuine security alert from the operating system rather than simply a webpage pretending to be one.

This won't be the last of the security concerns we hear about. Windows 8 still has a way to go before it's released to the general public. When new features are created to improve the user experience, new security threats appear.

That said, at first glance the new security features are impressive. And I'm holding out hope that with Windows 8 being put through the machinery of Microsoft's Security Development Lifecycle, we'll see far fewer vulnerabilities than we've seen in past versions of Windows.

--Bill Brenner

one-stop view of latest business threats. We created it for you! Bookmark it! Use it!

CSO's Daily Dashboard gives you a


Copyright © 2011 IDG Communications, Inc.

The 10 most powerful cybersecurity companies