Windows 8 has been released, and information security experts are comparing the security performance of the new system with Windows 7. The general consensus is that, although Microsoft pays more and more attention to security, users who attempt to regard Windows 8 as a security tool may be somewhat disappointed.
Gerry Egan, senior director of Symantec Norton Product Management, said: "The threat is that the water that flows down the hill will always find the easiest path. If you stop this path, it will select the simplest path, and so on. Therefore, Microsoft has set up obstacles, but Windows 8 cannot block the flood ."
According to Egan, some of the security challenges involve backward compatibility issues. Although few people will notice the importance of using legacy applications, this capability is usually applicable to malware. "They can help users with backward compatibility with desktop applications, but it also provides backward compatibility for malware, with millions of malware variants flooding into Windows 8 ."
Some attacks may be offset by Windows Defender. Windows Defender is considered as a ladder lifter in Windows 8. However, Defender is not regarded as an effective alternative to anti-virus software.
"Windows Defender provides basic security," said Peter Beardmore, senior director of Kaspersky product marketing. "Although Microsoft's initial emphasis on security is a positive attitude, it cannot meet all security requirements. We believe that commercial customers will be aware of this, but the customer level may be another scene. We are not worried that some people will think that comprehensive protection is no longer needed ."
People in other anti-virus fields believe that industry trends are likely to increase the demand for effective anti-virus.
AVG senior security evangelist Tony Anscombe said, "We believe that the market for anti-virus software will continue to grow as before. When purchasing a PC, there will be an overall ecosystem around guiding AV. No one wants to close product revenue ."
In addition to Windows Defender, other security features in Windows 8 remain to be discussed.
"Compared with Windows 7, it is clear that they have been focusing on telemetry technology for many years and have collected a lot of information over the past few years and used these technologies to improve the security of the operating system," said Aryeh Goretsky, an ESET researcher. "I especially like to talk about the concept of joint deployment of a secure boot device and UEFI (agreeing to the extensible firmware interface), because a type of malware can be intercepted if deployed properly. Further confirmation is needed as to whether it runs as expected ."
Goretsky continues to explain that design vulnerabilities, misdeployment, or compatibility issues can cause strategic problems, especially if they interfere with important applications on client devices. Even so, Goretsky agrees that anti-virus and other applications should be determined based on user commands instead of hard disk space.
"Generally, after the software installer is running, the program may be able to download updates and further modify the registration information," he explained. "This type of operation is usually cleared during the uninstallation process, because the uninstallation program can only be deleted according to the script settings. Subsequent installation usually lags behind. Microsoft only said so much. This will make the customer more satisfied with the anti-virus software, they can easily upgrade or use a low price update. But the most important thing is to ensure that system problems do not occur when users switch from one product to another ."
In addition, Microsoft has also taken measures to prevent host startup record attacks by blocking the running of startup code.
"With code, you can control the possible situations after other software is loaded," he said. "The new specification process has a trust mechanism, if the Code cannot be signed with a password, it is not allowed to run. From this point of view, the next step is to try to run the code as a device driver and try to run it at the beginning of the Startup Program. Therefore, Microsoft has released a program named Early Launch Anti-Malware or ELAM. This is the first thing to run the following Microsoft code, so there will be no more random download order. This gives anti-malware vendors the opportunity to check all drivers in the system before downloading. Therefore, in terms of threat detection, this is a great advantage ."
Goretsky from the ESET hopes that ELSM will eventually provide more flexible functions to provide customer service with current memory restrictions and processing parameters.
Symantec's Egan agrees that ELAM is the first step in the right direction.
"This makes it easier for us to load drivers during the startup cycle to combat rootkit and bootkit," he said. "We don't have IPS or run reputation-based systems ." But it will be helpful.
Egan also questioned the efficiency of SmartScreen. SmartScreen will detect databases with known threats before installation. "We have some doubts about this, because we find that when users are asked to make a choice on security issues, they usually make decisions based on their own ideas ."
Finally, the increasing security performance in Windows 8 may lead to attacks targeting applications, especially browsers.
Goretsky added: "If this is a very secure operating system, attacks will turn to social engineering. No matter how secure the technology is, errors will occur if someone uses it ."