Windows 8 is the safest desktop and mobile system

Today, we got the news that the 2012 Black Hat Security Technology Conference, which attracted the global information security elite, kicked off in Las Vegas, USA, after a week-long hacking storm. There is an operating system that is safe and sound, that is, Windows 8 system that Microsoft is about to release. It seems that Windows 8 will be the most secure desktop system, and it is likely to be the most secure mobile operating system.

Keep away from desktop operations

The upcoming Windows 8 will be away from desktop operations and will be securely and reliably guided through the sandbox and kid-gloves mobile user model. Users use the operation to prevent some low-level malicious exploitation. The SmartScreen filter in the system will make it hard to run executable files from the Internet that are not trusted. Even if the system fails, Windows 8 has a fairly clean reset function and automatic reinstallation of Windows 8.

Black Hat Black: Security Analysis for Windows 8

At the Black Hat Conference, Sung-ting Tsai, Head of Advanced Threat Research Group from Trend Micro, tried to crack Windows 8, but he ended up with only a few details of the points of attack that might be exploited in the future through some of the attackers' efforts.

Two ways to circumvent Microsoft's security measures deployed in the new operating system

The first method is to bypass the restrictions for Windows 8 Metro style applications (blocking applications) Program access to the internet). Instead of trying to break this limitation, this approach uses an application to access applications with such permissions. In this way, applications without Internet access can still send messages to the Internet via IE or Microsoft Media Server and attach local information to URLs that IE or MMS is trying to find. Similarly, Office files accessed by Metro applications may contain code that connects to the Internet.

The second method is that, through Internet access, rogue applications can upload data from a local machine to a machine controlled by an attacker on the Internet. Microsoft said that they will not take any action on this because the access to the Internet is visible to users, and if the user disapproves, who can block Internet access. Similarly, anti-virus software can also detect such access, and once this type of activity is reported to Microsoft, Microsoft will remove the application from the user's computer.

Tsai does not agree with the first statement. When a normal user sees a Metro app launching MMS, he does not suspect that the application is trying to access the Internet. Even if the user is aware of this problem, it is difficult for him to determine whether the access is normal or malicious. It is also difficult for the anti-virus software to distinguish the difference.

Tsai said that the second method of circumvention is to use the command prompt cmd.exe in the application container sandbox to trigger other external executables. Microsoft said that this is not a problem, and Tsai agrees with them. But he said that when combined with other executables, an attacker could exploit other vulnerabilities. Launching harmful files to the system via ClickOnce

Tsai also analyzed ClickOnce on Windows 8 with the AutoUpdate Deployer feature, which could allow ClickEnce to launch harmful files to the file system. Tsai said Microsoft acknowledged the problem and will fix it in the next version of Windows 8. The possibility of DLL hijacking

Another potential vulnerability discovered by Tsai is DLL hijacking—inserting malicious code that masquerades as a DLL that the application is trying to find. He said that IE is trying to load some DLLs that it no longer needs. If the names of these DLLs are discovered by an attacker, they may be used to disguise malware. He said that this problem can occur in any application when there are unnecessary DLL loads. Microsoft said there is no DLL hijacking issue in the Windows 8 release preview.

Security crisis of the operating system

This black hat conference, in addition to Microsoft's Windows system, there are Apple's OS X and iOS systems and Google's Android system. But the first time Apple participated in the game seems to be unfavorable. As early as April this year, the malware Flashback Botne had infected 600,000 Macs, so Apple's participation in the Black Hat Security Conference may be affected by this factor. Security software company Symantec said that Flashback was the first malware outbreak on Mac, breaking Apple's myth of anti-hacking products.

According to security company Sophos, in addition to Flashback, research shows that the Mac also carries malware unknown to users. Security software scanned 10 Macs and found 3% of Macs with malware.

And for the Android system, as we know, there is never a security guarantee. Oddly enough, Windows Phone 7 seems to completely bypass the malware, although it is because WP7 is inherently more secure, or just because the virus developer is not interested in the system, we don't know.

Information security, or choose Microsoft

This black hat conference, although the various systems are not perfect, but also developed more and more secure, in contrast, Apple Well done, but Microsoft won. Perhaps this is because Microsoft's decades of filling holes in Windows and 95% of the market share have given Microsoft a strong security. In a word, the ubiquity of modern cyber espionage has made it necessary for businesses and governments to enhance information security through Windows 8.

In addition, of course, users can also upgrade from Windows 7 or XP to Windows 8, but this means that you will be using a brand new Metro style interface, are you ready?