If moving to Windows 8 were solely a question of security, the answer would be yes – that’s how compelling the improvements are, experts say.
Security isn’t the only consideration, though, because businesses have to weigh other factors, and the decision is likely made based on input from different teams. In that case, “The security group should say, ‘We should do it,’” says Wolfgang Kandek, CTO of Qualys.
Other considerations – cost, training, application compatibility, etc. - will likely override, but the security benefits are unquestionable.
PERSPECTIVE: Why, when and how to migrate to Windows
TEST YOURSELF: The Windows 8 Quiz
Tops among the features he likes is the secure boot mechanisms Microsoft has put in place. Booting Windows 8 includes two kinds of protection against malware, secure boot and trusted boot. Secure boot uses the standardized unified extensible firmware interface (UEFI) to insure the operating system being booted hasn’t been corrupted. Trusted boot is a process that loads anti-malware before the operating system boots in order to head off malware that might try to disable it.
“The computer verifies the kernel is the one Microsoft signed,” he says, using a key in the BIOS to determine if the kernel has been tainted. “There is a perfect chain of custody, with every boot component digitally signed.”
Microsoft has also taken a page from the world of mobile phones and Apple’s iPad, Kandek says. In its Windows 8 ARM products – Windows RT – the company marries the operating system to the hardware. Then Microsoft all but forces users to run only applications that have been vetted by its Windows Store. “You know who put that app there, there’s a reference person,” he says. “It cuts down on the illegitimate software that might slip onto a machine.”
Metro apps also run in a container so they lack direct access to the rest of the machine, a way to isolate any malware that might piggyback them, he says; applications - particularly rogue ones - can’t do whatever they want across the operating system.
The operating system also includes two options for restoring itself to a known clean state if it does become corrupted. First, without having to make a backup disk, users can reset the device to its factory settings. This purges user data, but it also gets rid of whatever corrupted it. A more thorough version of reset also overwrites data on the drive to make it more difficult to recover.
Windows 8 also includes a less drastic reset option called refresh. It restores factory defaults, but also retains personal settings. This option reinstalls applications, but only those Metro apps purchased from Windows Store. “The operating system goes to a known, good configuration,” Kandek says. “In general I like what they’ve done,” from a security standpoint, he says.
Paul Henry, security and forensic analyst at Lumension, says Internet Explorer 10, which comes with Windows 8, isolates each browser tab from the others, so whatever malicious software gets into one won’t affect others and perhaps jump out of the browser entirely.
Similarly, Metro applications that have been approved by Microsoft run in low-privilege containers so they don’t have access to more of the machine’s resources than they need to perform their stated functions, Henry says.
Like Kandek, Henry likes the secure boot process that takes advantage of authentication provided by trusted platform modules (TPM) in the system processor. The boot process shuts down if the kernel has been corrupted, and this TPM verification could be extended. For example if all applications can eventually be written to adopt TPM signing, users won’t have to worry so much about whether to trust applications; if their signatures are verified, they are safe to run.
Kandek says that as a general rule corporations should use the newest operating system available. The latest versions include all the security improvements the manufacturer has added. “If you are running Windows XP, memory management is weak,” he says. “Windows 7 is much better, Windows 8 much better again.”
Marcus Carey, security researcher at Rapid 7 says that significant upgrades to operating systems hold vast amounts of new code against which no one has tried to write exploits. This is the case with Windows 8. Presuming that it was written with secure coding in mind, that should be a significant security advantage. “Attackers will have to rewrite code,” he says. “Older attack vectors will not work. Over time attackers will catch up,” but security updates help keep them at bay.
Cesar Cerrudo, CTO of IOActive Labs says he’s been researching the security of Microsoft products for more than 10 years, and that it has been improving steadily over that period. It should be noted that timefrrame is after the Bill Gates security memo of Jan. 15, 2002 that led to its Trustworthy Computing initiative to employ secure practices in the writing of code itself.
Before that, Microsoft products were easy pickings, says Cerrudo. “Ten years ago finding a security issue in a Microsoft product was a matter of minutes,” he says in an emailed response to questions. “I remember one day I found like 10 or more MS SQL Server security issues in a row.”
Microsoft had a big problem to solve. “Of course Micirosoft couldn't find and solve all the security issues instantly but they were strongly committed to do it, Cerrudo says.
John Pironti, president of IP Architects and head of Interop’s security track, says that commitment includes Microsoft once shutting down regular business in order to teach programmers to code with security in mind. “Find another large global software company that shut down their development activities for 28 days to retrain their developers,” he says.
Cerrudo says the effects of the effort were felt progressively as new versions came out and the new security principles were put into play. “For instance on SQL Server 2005 the amount of security issues was drastically reduced as a result of all the security efforts; the same happened with other products as well such as [Internet Information Services],” the server that extends Web features to Windows.
Despite advances, some products remained vulnerable, probably because they were so complex it took a while to unravel the problems and because old code had to be retained to insure backward compatibility, he says.
“I'm talking about Internet Explorer and MS Office suite,” he says. “Vulnerabilities in these products continue to be exploited nowadays but the new protection mechanisms present on latest Windows versions help to mitigate the risk while Microsoft tries to eliminate the remaining vulnerabilities.”
The net result in Windows has been twofold, Cerudo says. First, attackers have a harder time finding vulnerabilities, and second, the operating system includes mechanisms that help prevent attackers from exploiting the ones they do find. “Attacking techniques continuously evolve and sometimes ways of bypassing protections are found,” Cerrudo says, “but it's getting more difficult to bypass the new protections as Microsoft products get more secure.”
More on Microsoft: