Windows 10 is probably winding its way through the pipes of your internet service provider and round your system’s entrails as we speak. But before you follow Microsoft’s friendly encouragement to “Upgrade now”, you might want to consider some of the security implications.
For a start, Symantec has been keen to point out today that Windows 10 will continue, in the operating system’s fine tradition, to be an “an attractive target for cyber-criminals”, with many of its new security features only appearing in enterprise editions (Device Guard) or hardware dependent (such as facial recognition system Windows Hello, which requires specific camera technology).
But it’s backwards compatibility that Symantec flags up as the big question mark in Windows 10. While Microsoft proudly promotes compatibility from the first Windows 10 pre-install system test screen (Computing is yet to find an everyday device that reports anything other than “0 incompatible” applications), Symantec believes this is precisely the problem.
“[Backwards compatibility] not only allows users to leverage the enormous legacy of applications written for prior versions of Windows, but unfortunately also means that many malicious applications will continue to run too,” said Symantec, in a quote attributed to Gerry Egan, senior director of product management at Symantec’s Norton division.
Symantec believes malware will “continue to be a problem within the Windows 10 ecosystem” and that general customers (of whom many will be enterprise customers running their own devices for home working or BYOD) will “see few additional benefits from Windows 10 built-in security features”.
Make of the above what you will, and consider the next leading line of Windows 10 launch-day scaremongering: the Windows 10 Window Update service, and what powers it.
Wasting your bandwidth
As identified by a self-confessed member of Anonymous, the new Microsoft Update is based around a peer-to-peer (P2P) system which could conceivably be based on Pando Networks’ Media Booster software, once in wide use across the videogames industry for leveraging end user systems in order to deliver large files.
Acquired by Microsoft in 2013, Pando could now be powering Windows Update, which the Anonymous poster says results in “turning your PC into a zombie host server, wasting your bandwidth serving updates to other computers”.
But the real fear, perhaps, is how this could potentially be used to quickly and easily spread malware of increasing complexity with real zero-day threats.
Windows Defender also comes under criticism for (apparently) being harder to turn off than ever, and also sending files and system information Microsoft’s way – purely for analysis, of course…
Meanwhile Wifi Sense, which Computing began using on Windows 8 Phone when the feature launched – but soon deactivated – continues to encourage users to share your WiFi passwords with your friends network (including Facebook) in order to make logging into new wireless networks easier for them. But at what cost? Even if encrypted, launching so much security information into the cloud for no reason other than saving a few seconds of labour seems a gung-ho move on Microsoft’s part. And, perhaps, a class-action lawsuit waiting to happen.
While all of these new features can be turned off (after many being on by default at install), it doesn’t seem an unrealistic assertion to begin wondering how the hacking and malware community may begin to start capitalising on some of Windows 10’s new features as the world blithely begins its automated upgrade process.