 | |
| Top Gadgets Review |
Martin Cooper takes a step back from all the Windows 8 fanfare and examines whether the cyber criminals will love or loathe Microsoft’s new OS.
Window 8, Windows 8 phone and Surface tablets – it
seems it’s all happening over at Redmond.
As Microsoft’s readies its new operating system roll out, we’ve every right to
get excited, but with all eyes distracted by the new system’s sheen, it’s easy
to overlook the mundane but essential business of security.
Over last 12 to 18 months,
security – of the lack thereof has cast a growing shadow over Windows and the
antivirus firms we trust to keep us safe online. Indeed, some have suggested
that the bad guys might be winning in the never-ending game of high stakes
chess. So the question is, will Windows 8 let us sleep sounder in our beds?
Security as Standard
To help protect Windows machines
Microsoft has for a long time offered its Security Essentials antivirus program
as a free download. Despite this, it’s reckoned that almost a quarter of all
Windows 7 PCs have no anti-malware software installed.
To address this problem,
Microsoft has opted to install Windows 8 Defender by default.
Windows 8 Defender is a
combined system. it’s comparable with Security Essentials, with basic
protective features thrown into combat common threats.
We certainly applaud the move, as
it makes the initial hurdle that much tougher for virus writers. However, when
PC Format asked Collin Davis, senior director of engineering at Symantec, about
Defender, his response was unequivocal. “It’s not enough”.
 | |
| Top Gadgets Review |
Davis
says circumventing Defender will become the virus writer’s first mission. “It’s
just not worth their effort releasing malware that can’t beat it,” he warned.
Speaking from California.
Davis explained
how the bad guys had breached Windows 7′s security features and Security
Essentials.
As Windows 7 and Windows 8 have so much in common under the hood,
Windows 8′s default security isn’t – in his view – likely to overly challenge
malware writers.
Boot Level Protection
Dig a little deep into Windows 8 and the story doesn’t seem
so bleak. During the PC boot phase, Microsoft has made strides to see off
future malware.
Booting through the BIOS has remained largely unchanged for
nearly 30 years. At its heart is a chain of module that tare executed in order.
The process begins with the BIOS waking up, taking in ROM-based operations and
calling on the master boot record.
The chain culminates in the Windows kernal and drivers being
loaded and run. If malware can penetrate this initial process, the next program
to run can be corrupted. In short, no process after the point of exploitation
can be trusted.
Malware such as Mebroot, TidServ and StuxNet insert
themselves into this critical chain of events, compromising Windows at a very
low and fundamental level. From such a privileged position it makes itself hard
to detect and difficult to remove.
To combat this problem, Windows 8 includes a trio of
technologies which are known collectively as Secure Boot Architecture. The
first component is the Unified Extensible Firmware Interface, or UEFI. Assuming
that your hardware is current and supports it, UEFI should make the lives of
the virus writers’ considerably harder.
Liek the BIOS, a UEFI system executes a sequence of
baton-passing modules that lead to the OS . In a UEFI system, however, modules
are security-signed and each module must check the subsequent operation’s
signature before it allows the next process to execute. The UEFI chain can be
updated with a white list of trusted certificates.
Features and Flaws
The UEFI system isn’t without a couple of flaws. Though all
contemporary Windows systems will come with it as standard, older PCs still use
the BIOS loading process and therefore remain vulnerable. The UEFI
certification system has also enraged Linux users, as it makes it difficult to
install the open source OS.
The next technology of note in Windows 8 is Early Load
Anti-Malware. According to Microsoft, “|ELAM| starts before other boot-start
drivers, enables the evaluation of those drivers and helps the Windows kernal
decide whether they should be initialized.” It is, in essence, a way of
detecting malware during the boot process and blocking it.
Most Malware that Runs on Windows 7 will work on Windows 8
Windows 8 is designed to boot very quickly through, which
places limits on what ELAM
can achieve.
The Windows 8 specification also limits the amount of memory
it can consume. Because it runs so early in the boot sequence and under such
limitations, Symantec has already stated that “ELAM does little to improve
security”.
Remote Attestation is an optional feature. Implementing it
inevitably slows down the boot process, which may not prove very popular with
PC builders. If you upgrade or tinker with your PC, the timing check system
will also need to be recalibrate. Remote Attestation, therefore, looks like a
feature that we think will be best suited to corporate environments where
systems remain unchanged by design.
The Metro Question
Windows 8 is all about the Metro interface – a collection of
tiles linked to programs. Simply sweep though the wall of information and
images, then tap the program you want to run. If you don’t have a table or
other touch enabled devices, you can use the interface with a mouse and
keyboard instead.
There are two versions of Windows 8 – one designed to run on
x86 chips and another complied for low-power ARM processors. The PC firms we
spoke to had little to say about the latter version, and it’s unlikely that
malware authors have been able to research it much either. If Windows RT (as the
ARM version is called) becomes a success, it will probably become the focus of
malware writers, but at the moment it’s impossible to say.
Looking at the x86 incarnation, Collin Davis explained that
Windows 7 and Windows 8 classic are very close cousins. Therefore, most malware
that runs on Windows 7 will work on Windows 8. Metro is however a different
beast to a degree.
The Janus OS
From a security perspective it’s easy to think of Windows 8
as two operating systems; Metro and Classic. Neither will run programs designed
for the other. Metro is the more restrictive of the two, as you’ll only be able
to get programs from Microsoft’s App Store, but the separation between Metro
and classic Windows isn’t clear cut.
Each Metro app works in a sealed environment or sandbox,
which means it can’t interact with other programs. In other words, Metro works
in much the same way as Apple’s sandboxed iOS – an OS that has so far avoided
any major security silver bullet though. it is, in the words of Davis, “One of many tools
that works well if it’s done well.”
Asked if Microsoft has implemented its sandboxing well, Davis replied, “It’s too
soon to tell.”
There is one major chink in Metro’s sandbox Armour. Metro is
much like Windows
Media Center-an
environment that effectively sits on top of Windows Classic. Davis says this means that “a Metro app can’t
attack a Classic app, but a Classic app can attach a Metro one.”
He adds that developing malware for Metro would be no harder
or more expensive for virus writers.
It seems then Windows 8 makes the business of securing your
PC subtly different, yet largely the same. The same rules, requirements and
risks apply, so users should install a well-rated security suite and keep it
updated.
