Ask LH: Does Windows 8 Create Fresh Security Problems?

Dear Lifehacker, With Windows 8 due for everyone in October and Windows Phone 8 also out soon, convergence between computer, phone, tablet, game console and TV (via media player) appears within reach. But that makes me worry: if all my devices are all connected with Windows 8, what are the odds that it's easier for a virus, a trojan or something else nasty to infect my system?

Sure, I can put up all the security firewalls I like around my desktop, but if I get a spam message on my phone, and my system recognises my phone as part of the permitted devices of the system, some nasty could get in the backdoor. And the nasty doesn't need to be compatible with the device it's being carried on — it only needs to be compatible with the destination device. Is this much ado over nothing, or is it a nightmare waiting to happen? Are there any security packages available now or in development that will cover all my devices? Thanks, Concerned Cat Lover

Dear CCL,

You raise an interesting set of questions. Let's start with an important basic fact: while Windows 8 and Windows Phone 8 do use the same basic interface and you download apps for them using the same ID, it isn't yet the case that apps which run on Windows 8 will run on Windows Phone 8 or vice versa. Microsoft is definitely aiming to make it easier to write apps that run on both platforms, but we're not there yet.

Incidentally, in this respect, there's no real difference for Mac users. You can use the same Apple ID to access apps from the iOS and Mac App Stores, and Mountain Lion is increasing emphasising an iOS-like look for apps, but the code for each is different. The same pattern is evident with devices versus computers as well. On a Mac or a PC, you can choose to install apps from outside the official app stores (both platforms have mechanisms to make that a more secure process). On an iPhone or a Windows RT tablet, you can only install vetted apps from the official app stores. That isn't an absolute guarantee of security, but it does dramatically reduce the risk.

The second point is that the scenario you describe isn't one that's exclusive or new to the world of Windows 8. Spam emails often contain dubious links that won't make any difference on a mobile phone (which is where many of us now first see email), but which can install trojans if they're clicked on an unsecured desktop machine. With the right security software and a suitably cautious attitude, it's not necessarily a problem on either device.

Security vendors are working on Windows 8-specific updates of their existing software suites. Because security software runs at a very low level in operating systems, these packages will invariably be desktop apps which look like current Windows apps, rather than shiny apps using the newer Windows 8 interface. (Some elements will undoubtedly be present as Windows 8, but they won't be distributed in their entirety via the Windows Store, and the main scanning elements will be 'classic' Windows apps.)

Another thing to bear in mind: while Windows 8 may be hogging all the attention right now, Windows 8-specific apps won't be the most attractive platform for malware developers for quite a while. As David Freer, regional VP of Symantec's Norton security division, explained to me recently:

The majority of stuff that works in Windows 7 works just as much in Windows 8. The threat landscape hasn't changed that much. A few things won't work. Some of the rootkit technology gets a little bit more complicated with some of the improvements in Windows 8, for instance. The other thing to think about is that while Windows 8 is new and shiny, it won't have a huge market share. The official numbers suggest it won't overtake Windows 7 in terms of installed base until 2015 at least. The bad guys will always go for the lowest-hanging fruit.

The key point is this: no matter what platform you choose for your phone or your device, you need to have a security strategy for it. That includes security software, regularly updating your devices, keeping backups, and having a healthy degree of scepticism. Modern software is already complex and becoming more so, and flaws are inevitable. That won't change with Windows 8, Windows 88 or iOS Mountain Cougar Leopard.

Cheers Lifehacker

Got your own question you want to put to Lifehacker? Send it using our contact tab on the right.


Comments

    The best form of defence.... Get to know your tools.

    Signed,

    A sysadmin who can't help but be surprised that end users still don't know the difference between the "Internet" and Internet explorer.

    May I point something out too.

    Windows 8 comes with Anti-Virus preinstalled!! Windows 7 does not.

    It's going to be difficult to have a Windows 8 (WinRT) based trojan etc. as well because of the sandboxing feature of those Apps.

Join the discussion!

Trending Stories Right Now