Google expert on Windows 10 security: Two steps forward, one step back

Windows 10 logoMicrosoft has made several security improvements in Windows 10, trying to offer users additional protection after upgrading, but while the company has managed to achieve its goal in some cases, it has failed in others.

That's what James Forshaw, information security engineer at Google, and those who are credited with the discovery of several major vulnerabilities in Microsoft software have said in a recent presentation called “Windows 10: Two steps forward, one step back.”

As The Reg notes, one of the things that expose Windows 10 to an increased number of attacks is the fact that there are more system services running by default, which obviously makes it possible for hackers to look at new targets as compared to previous versions of Windows.

For example, Windows 10 has a total of 196 system services and 291 drivers that are enabled by default, Forshaw notes, while Windows 8.1 has only 169 and 253, respectively. Windows 7 was the most secure, with 150 services and 238 drivers.

“There are more system services and drivers which means more attack surface,” Forshaw has explained during his keynote. “Local system is the god account on Windows and as we go towards (Windows) 10 more services as a percentage of the total are running as the absolute highest account. That's not great.”

Google expert on Windows 10 security: Two steps forward, one step back

As far as User Account Control is concerned, this is now a feature that's easily failing its mission of protecting users. Forshaw explains that UAC has turned from a security tool into “something you just put there to annoy the user,” and at some level, he's right. UAC displays prompts to let you block or allow the running of applications that require administrator privileges, but right now, it can easily be bypassed by attackers.

The Google security experts claim that, while Microsoft is very likely to significantly improve UAC in Windows 10, these new upgrades won't be released to users of Windows 7 and 8.1, which means that an important share of users would remain unprotected.

Another area that Microsoft has improved in Windows 10 is Microsoft Edge, but like the OS as a whole, it still has flaws that could expose users. The best example is the Adobe Flash support, which Forshaw says keeps it simple for hackers to compromise a system using a malicious website.

“Microsoft could have lead the way and said ‘I refuse to run (Adobe) Flash ever again in my web browser’ but unfortunately they did not take that inspired option,” Forshaw has said, while explaining that, in Google's case, Chrome users are protected because Flash content is loaded in an isolated state.

Source: Softpedia

Tags: Microsoft, OSes, security, Windows 10

Comments
Add comment

Your name:
Sign in with:
or
Your comment:


Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party


Last news

 
Consumer group recommends iPhone 8 over anniversary model
 
LTE connections wherever you go and instant waking should come to regular PCs, too
 
That fiction is slowly becoming a reality
 
The Snapdragon 845 octa-core SoC includes the Snapdragon X20 LTE modem
 
Human moderators can help make YouTube a safer place for everyone
 
Google says Progressive Web Apps are the future of app-like webpages
 
All 2018 models to sport the 'notch'
 
The biggest exchange in South Korea, where the BTC/KRW pair is at $14,700 now
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 /
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /
 
 

News Archive

 
 
SuMoTuWeThFrSa
     12
3456789
10111213141516
17181920212223
24252627282930
31      




Poll

Do you use microSD card with your phone?
or leave your own version in comments (4)