Vulnerability Management

The promise of Windows 8

When the latest version of the most popular operating system (OS) in the world is released in October, researchers in search of vulnerabilities will flock to the shiny, new platform. But creating exploits for Windows 8 may prove quite costly in terms of time, effort and skill.

Developed to be a multipurpose OS, the new iteration of Windows will run on desktops, tablets and other mobile devices. The new Metro-style interface, designed to be cleaner and more compatible with touch-screen devices, will turn heads, but the work done under the hood in terms of security appears to be equally impressive.

According to market researcher NetApplications, Windows is the most-used OS on the planet, running on more than 90 percent of computers and is thus the basis of malware authors' attention.

“There are a lot of hurdles to overcome when writing an exploit that would target this operating system.”

– Chris Valasek, senior security scientist for Coverity

Microsoft security has come a long way since XP, and the enhancements made to Windows 8 confirm this evolution, say experts.

Research conducted by Chris Valasek, senior security scientist for Coverity, a San Francisco-based software security company, says the most notable changes include a new App Container for the upcoming Windows App Store, which will limit actions certain applications can perform. In addition, the OS will feature enhanced exploit mitigation technology to combat memory issues like buffer and heap overflows.

“If I was writing an exploit I would not want to do it for Windows 8,” Valasek said. “There are a lot of hurdles to overcome when writing an exploit that would target this operating system.”

While the improvements may not be revolutionary, Valasek said they are proof that Microsoft has realized the security problem can't be solved overnight and is doing its best to protect end-users.

The computing giant's progress comes at a time when its main competitor, Apple, is under fire for its seeming inattention to security. In April, the Flashback trojan hijacked nearly 700,000 computers worldwide through a Java vulnerability. Although Oracle released a patch in February, it took Apple nearly two months to ship its own fix.

Although progress with security is evident, Chester Wisniewski, senior security adviser at British anti-virus firm Sophos, acknowledges the Windows 8 improvements, but they shouldn't be enough to get users immediately off Windows 7.

“[Windows 8 is] making it a little harder for the bad guys, making them go the long way, but I don't know if it results in your being safer,” he said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.