Google expert on Windows 10 security: Two steps forward, one step back

Windows 10 logoMicrosoft has made several security improvements in Windows 10, trying to offer users additional protection after upgrading, but while the company has managed to achieve its goal in some cases, it has failed in others.

That's what James Forshaw, information security engineer at Google, and those who are credited with the discovery of several major vulnerabilities in Microsoft software have said in a recent presentation called “Windows 10: Two steps forward, one step back.”

As The Reg notes, one of the things that expose Windows 10 to an increased number of attacks is the fact that there are more system services running by default, which obviously makes it possible for hackers to look at new targets as compared to previous versions of Windows.

For example, Windows 10 has a total of 196 system services and 291 drivers that are enabled by default, Forshaw notes, while Windows 8.1 has only 169 and 253, respectively. Windows 7 was the most secure, with 150 services and 238 drivers.

“There are more system services and drivers which means more attack surface,” Forshaw has explained during his keynote. “Local system is the god account on Windows and as we go towards (Windows) 10 more services as a percentage of the total are running as the absolute highest account. That's not great.”

Google expert on Windows 10 security: Two steps forward, one step back

As far as User Account Control is concerned, this is now a feature that's easily failing its mission of protecting users. Forshaw explains that UAC has turned from a security tool into “something you just put there to annoy the user,” and at some level, he's right. UAC displays prompts to let you block or allow the running of applications that require administrator privileges, but right now, it can easily be bypassed by attackers.

The Google security experts claim that, while Microsoft is very likely to significantly improve UAC in Windows 10, these new upgrades won't be released to users of Windows 7 and 8.1, which means that an important share of users would remain unprotected.

Another area that Microsoft has improved in Windows 10 is Microsoft Edge, but like the OS as a whole, it still has flaws that could expose users. The best example is the Adobe Flash support, which Forshaw says keeps it simple for hackers to compromise a system using a malicious website.

“Microsoft could have lead the way and said ‘I refuse to run (Adobe) Flash ever again in my web browser’ but unfortunately they did not take that inspired option,” Forshaw has said, while explaining that, in Google's case, Chrome users are protected because Flash content is loaded in an isolated state.

Source: Softpedia

Tags: Microsoft, OSes, security, Windows 10

Add comment

Your name:
Sign in with:
Your comment:

Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party

Last news

Pokemon GO had the potential to net $1 billion a year
The report said that Hon Hai has invested about US$600 million in India
Market research firm IDC reports that in the third quarter of this year
Customers will only have to shell out 50% of the cost of their Galaxy S7 device
New flagship will launch in 2017
Patent hints at name of the upcoming Surface AIO
IBM, Globalfoundries and Samsung have chosen to use extreme ultraviolet (EUV) light to pattern transistors
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /
HP Slate 7 is a 7-inch Android 4 Tablet PC with good sound
A cost-effective, 7-inch tablet PC from a renowned manufacturer
October 25, 2013 / 4

News Archive



Do you use microSD card with your phone?
or leave your own version in comments