After a week of rampant hacking at the Black Hat and DEF CON security conferences in Las Vegas, one operating system escaped unscathed: Microsoft’s upcoming Windows 8. Yes, Windows 8 – you read that right. It is looking like Microsoft’s creation will be the most secure desktop OS out there – and perhaps the most secure mobile OS, too.
Over the last year, it has become very clear that Windows 8 would move away from the desktop style of doing things – where the user is ultimately responsible for system security – to a sandboxed, kid-gloves mobile model, where the OS does everything in its power to prevent you from installing malware or bricking your device.
As a result, Windows 8 will debut with a slew of security features. Secure and Trusted Boot provide protection against low-level exploits, such as rootkits. System-wide SmartScreen, which makes it hard to run non-trusted, downloaded-from-the-interwebs executables. Metro apps run inside a restrictive sandbox. IE10 breaks tabs and plug-ins into separate processes.
One hacker at Black Hat – Sung-ting Tsai of Trend Micro – did try to crack Windows 8, but ultimately he just detailed a few paths that could become exploitable in the future. Metro apps reside in a very restricted sandbox, but Tsai suggested that Internet Explorer or Microsoft Office (which are outside the sandbox) could be used as a go-between to download malicious payloads. Microsoft dismissed this idea, saying that such an attack would be very obvious – the user would see IE pop up and begin loading a nefarious URL. IE’s SmartScreen or your antivirus suite would probably catch it, too.
Tsai also pointed out that ClickOnce – the Windows 8 app installation service – could be used to launch a zero-day exploit. Microsoft admits that this could be an issue, and will fix it in the next build of Windows 8 (though I don’t know if this means that MS has already fixed the RTM that’s due this week, or if we’ll have to wait for a future patch). Tsai also investigated the possibility of DLL hijacking, and some other Metro-related quirks, but Microsoft doesn’t seem fazed by either.
Finally, Tsai noted the possibility of breaking out of the Metro sandbox through fuzzing of the Windows RT API, or gaining access to a COM server – but to be honest, once you get to this stage, we just have to assume that Microsoft has done its homework – or, if that isn’t the case, that the firm responds to zero-day exploits quickly.
Zooming out and looking at the bigger picture, Apple is finally coming to terms with the fact that OS X and iOS aren’t immune to viruses and exploits. As Apple’s market share (and exposure to malware) creeps upwards, it is only now starting to take security seriously – and I wouldn’t be surprised if we see a lot more exploits in iOS, Safari, and OS X. Android, as we know, has never exactly been a paragon of security. Curiously, Windows Phone 7 seems to have evaded malware entirely – though whether this is because WP7 is inherently more secure, or simply because virus writers aren’t interested in an OS that only has 27 users, we don’t know.
It would seem that decades of plugging holes in Windows – and the huge exposure that a 95 per cent market share gives you – has resulted in a Microsoft that’s at the top of its game security-wise. In a world where cyber-warfare and espionage are becoming ever more prevalent, Windows 8 is exactly what companies and governments need to shore up their security. Except, of course, upgrading from Windows 7 or XP also means the mandatory use of the Metro Start Screen, which is about as enterprise and office-friendly as someone with bad B.O.