Microsoft Subnet An independent Microsoft community View more

Is Windows 8 really a sitting duck for malware?

A report claims so, but given Microsoft's attempts to harden the OS, that seems dubious.

A new report released by the security firm Websense Security Labs claims Windows 8 will become one of the top three most-hacked platforms in 2013 because of its newness and Microsoft's efforts to encourage development for the radical new platform.

Yeah, that didn't make sense to me, either.

It took a chat with the folks at Websense to make, er, sense of what they were saying, but I do see their point. With a new operating system on the market that will hopefully gain significant ground and Microsoft attempting to woo developers like never before, there's lots of potential for exploit.

"Microsoft’s efforts to produce an extremely developer friendly platform will be embraced by the cybercriminal community, and vulnerabilities will be exploited," the company said in its 2013 Security Predictions. "If they deliver on their promise, the rate of threat growth on Microsoft mobile devices will be the highest."

That's a big "if." Android, another platform Websense sees as a major target in 2013, is far more insecure. But in the case of Windows, there is, for lack of a better word, an installed base of malicious code and talent who know their way around Windows operating systems, and they are going to bring that to bear on Windows 8.

They will try to get around security systems that have been tightened up. Good luck with that. BitDefender recently ran tests on Windows 8 and found that a system with just Windows Defender, which is hardly a suitable security program, stopped 85% of the malware samples used in the tests.

The bad guys aren’t just about code; they understand how people write code and how malware works. So it's not just malware samples, it's accumulated and applied knowledge that they bring to Windows 8, says Websense. And given the common code between PC Windows 8 and Windows Phone 8, malware could easily move across platforms.

The other two platforms that will be big targets in 2013 are also mobile operating systems: Android and iOS. According to the firm, Android will be targeted because of its open nature. Websense expects attack techniques used on the desktop platform to continue to migrate over to Google's operating system.

iOS should be a lot more stable due to its closed nature. However, with the growing popularity of iOS devices in professional environments, IT should consider this a prime platform for targeted attacks, Websense said. And most malware that does exist for iOS targets jailbroken phones.

Websense made seven predictions for 2013, most of them centered around cybercriminals attacking mobile devices. You can find the entire report, in PDF format, here. Free registration is required to view it.

From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies