Windows 8, the most secure OS?

Topic

New Reply

Interesting article: http://www.itproportal.com/2012/07/31/will-windows-8-be-the-most-secure-os-in-town/

Reply | Quote

Replies

I seem to recall there was a similar article elsewhere recently, which I think stated the proposition as a fact. Interesting Rui, that you add a question mark at the end of your thread title.

Under the hood there are some significant improvements to security, but selling those to the average user might make a marketing man’s toes curl.

One of things I took from the article is that Windows 8 has the opportunity to be more secure than earlier Microsoft residential-grade offerings, but that is not guaranteed for the everyday home user.

For example, much is made of the sandboxing of Metro (Win8 UI?) Apps, but many desktop and laptop users may ignore that UI for the comfort of the desktop. On the other hand, if the improvements to ASLR in IE10 are still implemented in the desktop version as well as the Metro version of, IE10 would still be arguably much more secure that previous versions.

Another often quoted improvement is Secure Boot, which on paper is great. However, Secure Boot relies on a UEFI implementation and there are not many of those about in residential systems at present. Perhaps next year will be different, but UEFI and Secure Boot potentially give’s rise to a whole new set of issues for diagnostics and boot CD’s.

Personally, I think Microsoft would do well to dampen down headlines such as “most secure” in the media outlets and find engaging ways to communicate the details and the dangers: As Apple recently found to their cost, pride comes before a fall.

Reply | Quote

However, Secure Boot relies on a UEFI implementation and there are not many of those about in residential systems at present. Perhaps next year will be different, but UEFI and Secure Boot potentially give’s rise to a whole new set of issues for diagnostics and boot CD’s.

Microsoft requires of OEM’s that any PC bearing the Windows 8 sticker with Windows 8 pre-installed must be UEFI/GPT with Secure Boot enabled by default. All retail OEM Windows 8 machines are UEFI/GPT Secure Boot.

And indeed, not all OEM’s are implementing UEFI uniformly (yes, ironically it is the Unified Extensible Firmware Interface), and while Microsoft also requires that Secure Boot must come with the ability to disable it, there is not a specific requirement that Windows must boot with Secure Boot disabled. An hp laptop I’m familiar with will boot only diagnostics with Secure Boot disabled, with a prominent warning to that effect on the Setup Screen.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

Job security is Right!

I have several customers, that will click on Anything, even though I’ve repeatedly told them not to.
I don’t mind the added income, but it just p***es me off that people can’t follow simple instructions.

I tell them all “if in doubt, DON’T!”

Reply | Quote

Well, you can’t really say it is the most secure until you see how it behaves in the real world. It looks promising, but you raise very interesting points. There is really not much to be gain with the Metro apps if most people choose not to use them.

I think your departing comment is a bit unfair to Microsoft. They have made huge progress since the dark days pre XP -SP3. They have a secure development strategy and haven’t been in denial, about the security issues, like Apple has. I would say I think I know you didn’t mean it like that, but it does still sound a bit unfair :).
Of course, no system is bullet proof, but it is still good that things look promising also from a security point of view, for Windows 8.

Reply | Quote

I think your departing comment is a bit unfair to Microsoft. They have made huge progress since the dark days pre XP -SP3. They have a secure development strategy and haven’t been in denial, about the security issues, like Apple has. I would say I think I know you didn’t mean it like that, but it does still sound a bit unfair :).

Yes it probably was a bit unfair as stated. Microsoft have have made huge strides forward over several years now and I think most commentators and observers of our industry recognise this too.

Perhaps it’s my innate skepticism of all things to do with marketing gloss, but I tend to think that any corporation that spins a line on the security of their products is giving the headline writers of the future a head-start.

These articles weren’t written or sponsored by Microsoft, but I doubt they will be unhappy to see them. My line might be something like: “Improving on the solid foundation of Windows 7, Windows 8 sets a new standard for user security and privacy”

Can I retain copyright over that last sentence please:rolleyes:

Reply | Quote

I agree, that last statement would be much better, but seems too sensible for the tech press we currently have, I think :).

Reply | Quote

A year on, and the German Federal Government is warning about “A Special Surveillance Chip”, eg article by Wolf Richter: http://investmentwatchblog.com/leaked-german-government-warns-key-entities-not-to-use-windows-8-links-the-nsa/

Reply | Quote

It may have better security features than previous versions, but I have already had a couple of customers machines running 8 that have gotten the FBI virus.

Reply | Quote

It may have better security features than previous versions, but I have already had a couple of customers machines running 8 that have gotten the FBI virus.

Unfortunately the best security system in the world cannot protect every PC from the worst offender, the person behind the keyboard. Is it possible some of these 8 helped the virus along with their clicking?

Reply | Quote

Unfortunately the best security system in the world cannot protect every PC from the worst offender, the person behind the keyboard. Is it possible some of these 8 helped the virus along with their clicking?

I am sure they helped it along

Reply | Quote

Good morning, Ted. You wrote : Is it possible some of these 8 helped the virus along with their clicking?

Totally ! I never get a malware, I never click on dubious offers. Am I an exception ? I will greatly agree. The wife is on an Air and has begun getting malware, she is a dedicated clicker.

I run MSE and even with it, I do regular clones ( you knew this ), this is in my mind the best protection but I have never had to use it, I will clone regardless.

Have a great day. Jean.

Reply | Quote

A year on, and the German Federal Government is warning about “A Special Surveillance Chip”, eg article by Wolf Richter: http://investmentwatchblog.com/leaked-german-government-warns-key-entities-not-to-use-windows-8-links-the-nsa/

The German government on Thursday publicly denied a German newspaper report about an alleged “backdoor for the NSA.”

Reply | Quote

The German government on Thursday publicly denied a German newspaper report about an alleged “backdoor for the NSA”.

BruceR…

Hello… Kinda reminds me of the official “GOV’s” “magic bullet theory”…deny, deny, deny.

Regards Fred

Reply | Quote

In a recent discussion with a Govt Security specialist, I was told that NO version of Windows has been secure since XP SP3.

Whether the rumor of the message out of Germany is true or not, is pretty much immaterial.
I refer back to my opening statement.

So I run a “Package” of (5) good Security Software, run scans daily, and then hope for the best.

The Doctor

Reply | Quote

In a recent discussion with a Govt Security specialist, I was told that NO version of Windows has been secure since XP SP3.

This certainly needs some detail and context. What aspect of security does this specialist specialize in? Surely, Windows XP SP3 is not being held up as a paragon of security. Secure compared to what? Absolutely secure? Not capable of being locked down?

This is like saying no car since the model T has been safe.

Joe

--Joe

Reply | Quote

If said “Govt Security specialist” had said “No version of Windows has been secure” and let it go at that, it could certainly receive consideration as a truthful statement.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

DrWho:
I always read your postings with interest. Based on this comment from you above:”So I run a “Package” of (5) good Security Software . . .” I would really appreciate which 5 these are.
Thank you,
Dick

Reply | Quote

I would suspect a portion are:

AVG AV 2013 Pro

MalwareBytes Pro

Spybot Search and Destroy

Beyond this I’m not sure what other app the Dr. uses. Perhaps good firewalls. I know there is one other AM app, but I cannot remember which.

Reply | Quote

Thanks Medico. I look forward to hearing what the good Dr. has to say.
Dick

Reply | Quote

The only messages I continually repeat are those very few concerning usage habits. Of course if the user actually listens to me :o: it can be taken to the other extreme and no legitimate software updates get installed either, but that is far better than the converse.

Reply | Quote

I have finally gotten even my 81 year old mother to NEVER click or open anything! She emails me quite often asking what she should do one this or that “Special Offer”. I tell her DELETE IT! It took years to get to this point.

Unfortunately many people out there do not have those of us “slapping” their hands when they click on anything that pops up or opens all those attachments. Oh well, job security!

Reply | Quote

DrWho:
Please see my open question to you in reply #16 above.
Thanks,
Dick

Reply | Quote

I use a combination of Windows Defender, an occasional run with Malwarebytes, an occasional run of AdwCleaner, and very strict left-click control (no riders).

Periodically I will run Windows Defender Offline, just for peace of mind.

— edit — WDO has been updated, and evidently the protocols used have been as well. I have an older version 4.0.1114.0 which will no longer update. It’s a Windows 7 WinPE based WDO. The version to which I’ve linked is 4.3.215.0, which is a Windows 8 WinPE. My older version will no longer update the definitions.

I’ve burned the new one to CD. If you have Ethernet broadband, a CD WDO will connect and update the AV definitions; I don’t know about wireless, I haven’t tried it. I know that MS says a USB can be used to update the definitions, but a CD can do that as well through Ethernet. I just tried it for my own confirmation.

Bear in mind that once booted, the PC is using WinPE in a RAM drive and not constrained by the CD. WDO connects and updates flawlessly, even though it’s booted from a CD.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote