Complexity of Windows 8 OS makes it vulnerable to attack: Kaspersky
- 29 April, 2013 15:54
The complexity of the Windows 8 operating system has increased its vulnerability, according to Kaspersky Lab A/NZ product specialist, Wayne Kirby.
This complexity is the result of three different types of operating systems running Windows 8, namely the legacy Windows desktop, Windows RunTime, and Windows RunTime running on ARM-based systems.
Kirby said this approach has increased the vulnerability of the OS, as the multiple OS approach provides hackers with more places to find vulnerabilities to exploit.
“Because it contains three platforms, it leaves the gateway open for a much broader opening for ways into the system,” he said.
Another security risk Kirby identifies in Windows 8 is the introduction of the simple sign on.
“With one web console, you can now log in and have local administrative rights on a remote computer, go as far as manipulate registry on computers,” he said.
“That leaves it open to a lot of vulnerabilities.”
SkyDrive is the limit
The integration of Microsoft’s Cloud storage service, SkyDrive, into Windows 8 also gets highlighted as worrisome feature.
If adequate security measures are not put in place, Kirby said Cloud data could potentially be accessed by anyone with the right know how.
“Since SkyDrive is embedded in the operating system, it is one of the biggest threats to the security of personal data in the new operating system,” he said.
Access to SkyDrive is already available on Windows 7 and other operating systems, though Kirby said the fact that it is built directly into Windows 8 sets it apart.
The reason why Microsoft adopted a multi OS approach and SkyDrive integration was to make Windows 8 attractive to developers, though Kirby said this move may have been counterproductive from a security standpoint.
Inversely, the developer friendly aspect of Windows 8 is likely to be “embraced” by cyber criminals who will “heavily exploit” the vulnerabilities of the new OS.
Patrick Budmar covers consumer and enterprise technology breaking news for IDG Communications. Follow Patrick on Twitter at @patrick_budmar.