One of the bold claims made by Microsoft is that Windows 10 S will be impervious to all known forms of ransomware. This is because only apps that have been curated and distributed through the Windows Store can be run. However, it seems that Microsoft’s claim forgot one little thing – macros. But we can learn from this.
ZDNet used pen tester Hacker House to put Microsoft’s claim to the test (all the details are in a post on ZDnet’s Zero Day site). The result, predictably, was that it was possible to install and execute ransomware on a Windows 10 S systems despite the protections Microsoft has put in place. And while it may be easy to point the finger at Microsoft about their claim there are important lessons we can learn.
Security is never about about putting a single measure and expecting it to stop all threats. That would be like saying a good door lock will stop all burglars or a camera will detect every potential thief.
But by making life as difficult as possible for bad guys, you can discourage a threat actor so they move on to a more vulnerable target. It’s the old story of not needing to outrun the bear that attacks your camp site – you only need to out run the person next to you. even Apple’s App Store, in China, was breached when hackers were able to distribute a compromised version of XCode which was then used to create compromised applications.
That only worked because download speeds for the legitimate version of XCode were so poor that hackers were able to encourage legitimate developers to download a compromised version.
In other words, the bad guys don’t have to break security; they work around it. If the door is locked, they try a window.
There’s little doubt, in my mind, that Windows 10 S will be easier to secure than the more widely distributed versions of Windows 10. But that won’t make it invulnerable.