Security concerns raised at Windows 10 roll-out

Windows 10 launched today, but there were immediately security questions raised within the industry about some aspects and features on the new operating system.

Security concerns raised at Windows 10 roll-out
Security concerns raised at Windows 10 roll-out

The much anticipated launch of Windows 10 today has set the IT security community buzzing with predictions, warnings and plaudits for the operating system to end all operating systems.

Microsoft has said that Windows 10 will mark a new approach to the production of operating systems. Continuous updates will mean that consumers will no longer have a choice in whether they update their operating system or not.

It is, as David Chismon, security researcher at MWR Infosecurity, said, a great step forward since Bill Gates penned his famous trustworthy computing memo in 2002.

Sporting a new start menu and a raft of security features, it seems to address many of the beefs that people have had with Windows XP, Windows 7 and the often loathed Windows 8.

Notably, Windows 10 is the first operating system that will work across PC, laptops, tablets and mobile phones, with the hope that software will work equally well in all environments without the need to write different versions.

Andrew Avanessian, VP at Avecto said: "With the disappointment of Windows 8 now pushed to the back of the mind, the international roll out of Windows 10 has many in the enterprise community very excited. With its aim to usher in a new generation of end-user computing, Microsoft has developed a very sophisticated OS. However, it's important that we don't get distracted by the shiny new features and slick design, and focus our attention on the security aspect. After all, end-user protection is a necessity.”

Avanessian said that as with previous versions of Windows, 98 percent of user vulnerabilities can be locked down by removing admin rights alone.

Jes Breslaw, director of marketing and strategy at Delphix, said: "Microsoft's move to continuous updates is a fundamental change. Most significantly, those components traditionally shipped as part of a major release will now be available as independent apps. This means innovations within these apps can be made available  when they are ready, not held up for the next big operating systems (OS) update.”

One of the most significant developments is dropping Internet Explorer which was seen as excessively buggy. The new Edge browser will hopefully present a smaller attack surface.

Steven Allen, senior security consultant at Capgemini, commented: “Perhaps the most significant security improvement is Microsoft replacing Internet Explorer with a new browser, Edge – this is good news for the user community as IE has unfortunately been quite buggy and a target for exploitation by criminals to attack users as they shop or bank online.”

HEAT senior product manager, Andreas Fuchs, said: “Windows 7 is planned to go end of life in 2020, which means organisations that do not make the switch immediately will need to deal with Windows 10 in the next five years regardless… [and] introduces a number of changes to security and application management that will require careful planning to implement.”

Windows 10 will introduce advanced user authentication features, said Matthew Aldridge, solutions architect at Webroot. “The Identity Protection and Access Control feature is likely to make a big difference to all users as it brings two-factor authentication to the masses,” he said.

Page 1 of 2