Windows 8 brings a brand-new interface – and new threats

Windows 8 is, in fact, a dramatic break from the past, optimized for touch screens and a colorful, tile-based presentation for apps and navigation. 

"Windows 8 is a major release with new security enhancements, but perhaps one of the most interesting aspects is that Microsoft is trying to change from its traditional OS architecture to build a more modern and robust platform," said James Lyne, director of technology strategy at Sophos. "This means being bolder about breaking backwards compatibility and legacy services.”

In Windows 8, a new ARM version for mobile and lightweight hardware takes on a controlled environment much more like that of Apple's walled garden, he noted, while the heavier version for full PCs is slightly more traditional. “End users should ensure they continue to run appropriate security controls to protect themselves on either of these platforms," Lyne added.

One of the most important changes for IT administrators and end users is how applications are sourced and run in the new Windows 8 user interface. Some familiar applications have been completely re-written for the new Windows 8 UI, and they may work differently, despite looking the same.

“For example, an application historically delivered as an executable could now be entirely web-based,” Lyme noted. “This impacts the visibility your existing security and monitoring tools have into these apps.”

Also, the Windows 8 app store makes application control increasingly important for both malware prevention and productivity control. Instead of buying boxed software, apps will now be available through the Windows Store – again, very reminiscent of the Apple model. While the Windows Store will be secured, that doesn’t mean that malicious apps can’t slip through – as we know from Android. Sophos advocates vigilance in disabling the use of apps that aren’t relevant to the organization.

Other security controls that enterprises and end users should implement include disabling hard-drive hibernation through group policy so as not to interfere with encryption, and reviewing application permissions in the Windows Store to control access to user location information and calendars. Also, Sophos noted that in the Windows 8 version of Internet Explorer, plugins are now disabled by default, blocking a major target for exploit kits and BlackHole attacks.

And, finally, when buying a new machine, look for the “Designed for Windows 8” logo, which means that the hardware must be UEFI compliant, Sophos noted. “This means you can take advantage of the secure boot functionality available in Windows 8,” Lyme said. “Secure boot is designed to ensure the pre-OS environment is secure in order to minimize the risk from boot-loader attacks.”

What’s hot on Infosecurity Magazine?