Cyber Defense Magazine

Windows 8 – Secure? Worth the Move?

Windows 8 – Secure? Worth the Move?

November 23
18:31 2012

After it was copied, cracked, and hacked is it still worth the move?

In our opinion, as we remember Windows ME – the Millenium Edition of Windows we see parallels with Windows 8, do you? Or how about the buddy “Bob” or the paperclip in Word for Windows? Love that paperclip “looks like you are trying to type a letter, can I (interrupt and annoy you and) help you?” Sometimes software is best left the way it was. Sometimes changes – dramatic changes – should come from suggestions by a majority of users, not a select ‘braniac’ group who gets paid to make things annoying. How many light switch designs are our there in the world? The most acceptable design for the last 50 years is switch it UP for on and DOWN for off. Do we need a touch screen with icons and graphics to turn our lights on our off? Not at all. So what’s going on with Microsoft® Windows™?

Microsoft claims to have tightened the kernal. Well, have you heard of VUPEN? The INFOSEC hacking firm that exploits internet, cloud and other applications and in this case Windows 8. VUPEN doesn’t usually report these exploits, they sell them to the software manufacturers. In this case, they aren’t telling how they’ve done it but they claim to have hacked Windows 8 and are awaiting an offer from Microsoft so they can sell the details on how to harden the OS against this kind of exploitation. Until Microsoft pays or figures it out, the flaw exists and there’s no patch to resolve the problem, should VUPEN be telling the truth – and with their business model – it seems to be the case.

Again, we ask Microsoft – can’t they focus on tightening the code, shrinking the bloat, improving system integrity and performance or do they need to give us more bloatware like Windows ME? It’s time someon in the industry stood up and shook the sleepy giant and said “Wake Up!” and “Stop messing with a good thing!” but no, you won’t hear this from any industry publication – except this one.

How about Windows Phone 8? Could it be a safe platform? Traveling the globe to India, we find Shantanu Gawde, who demonstrated the proof-of-concept malware code at the International Malware Conference (MalCon) in New Delhi, India. Gawde, who is a member of the Indian government-backed National Security Database program of infosec professionals, last year at the age of 15 created malware that attacked Microsoft’s Xbox Kinect. Documents posted on the MalCon website ahead of the talk said Gawde developed a Trojan that poses as a legitimate application before stealing users’ data, including contact numbers, text messages and photos. Although we will soon find out, currently, it is unclear whether the malware exploits a vulnerability in the phone OS or it simply exploits end-users by installing malicious code posing as a trusted game or utility.

At Cyber Defense Magazine, we are concerned with flaws, weaknesses and system holes that hackers take advantage of to commit cyber crime and cyber terrorism. Windows 8 appears to have gone off the deep end in “How do we make a GUI that’s better than a MAC” and then FAIL! What’s going on with Microsoft? Most successful cyber attacks of late have taken advantage of USER and GDI flaws over trying to own the KERNAL. What we have here appears to be a Windows ME v2.0, not a better version of Windows 7. It seems Microsoft always gets it right with the odd versions – 95, NT, 7. Maybe we’ll just wait this one out for version 9. (Source: CDM)

Microsoft Releases 19 Patches and Security Updates

Includes Windows 8 Critical Fixes, Windows RT (tablet spinoff), IE, .Net and Excel
The first one to deal with, especially if you are running Windows 7 and use Internet Explorer 9 would be MS12-071, according to top vulnerability researchers. As so much code gets reused and churned into major new releases, it’s no wonder Windows 8 has critical flaws discovered, documented and now being patched, less than a month from its public release. Windows 8 and Windows RT contained four of the 19 holes with three of them being on the critical list. You can find the patches with more information here:

http://technet.microsoft.com/en-us/security/bulletin/ms12-nov

(Sources: CDM, NVD and Microsoft)

[big_header]This CDM News Update Sponsored By:[/big_header]

Venafi - Next Generation Encryption Management

Haven’t yet registered for your always FREE electronic edition to our Magazine? Don’t delay, click here, today!

Related Articles