Myth-Busting Windows 8 Security: Part Two
In part two of this four-part blog series, I'll continue to review some of the myths we’ve heard about Windows 8 security improvements and point out where deficiencies lie. We believe security should still very much be a concern for anyone running the new Windows 8 OS.
Visit this earlier post to learn more about the series.
Myth #2: Windows 8 is safer because all apps are sandboxed from the rest of the system.
As you likely know if you’ve been following the news around Windows 8, it will introduce a new style of application called the Windows Store app. These apps leverage a new set of Windows Runtime APIs that are sandboxed and, depending on which language used, will be cross-compatible with different underlying hardware architectures. What this means and unfortunately what many users don’t realize is that Windows 8 will effectively bring with it three different application or desktop environments, each with their own unique characteristics:
- First, the traditional Windows environment (running the legacy Windows architecture) which will provide backward compatibility for legacy Windows 7, Vista, XP etc applications. Unfortunately this doesn’t just include backwards compatibility for legitimate applications, it turns out that most malware written for Windows 7, Vista and XP will also run in this new Windows 8 environment. Verdict: Not so secure.
- Second, the new Windows Store app environment running on Intel-based hardware. This will sit on top of the traditional legacy Windows environment and while apps for this will be sandboxed it is not inconceivable to think that something could break through from the new to the old or vice versa. Verdict: The jury is still out on this one.
- Third, the new Windows Store app environment running on ARM based hardware. As of yet hardware running this new environment has not been released. This will in many ways be a clean break from the past and while applications will be source code portable from the Intel environment to this new ARM environment, they will not be binary compatible. Verdict: The ‘sandboxing’ argument here may have some legs.
So, in summary, while sandboxing will play a role to a less or greater extent in the new Windows Store app environments, it will not in the legacy Windows desktop environment where the majority of applications will initially be run from. Keep watching this space for additional Windows 8 security related posts this week.
Gerry Egan is Senior Director of Product Management, Norton by Symantec.