Windows 8's complexity leaves it vulnerable, Kaspersky says

The complexity of the Windows 8 operating system has increased its vulnerability, according to Kaspersky Lab A/NZ product specialist, Wayne Kirby.

This complexity is the result of three different types of operating systems running Windows 8, namely the legacy Windows desktop, Windows RT, and Windows RT running on ARM-based systems.

windows 8

Kirby said this approach has increased the vulnerability of the OS, as the multiple OS approach provides hackers with more places to find vulnerabilities to exploit.

"Because it contains three platforms, it leaves the gateway open for a much broader opening for ways into the system," he said in a recent interview.

Another security risk Kirby identifies in Windows 8 is the introduction of the simple sign-on.

"With one web console, you can now log in and have local administrative rights on a remote computer, go as far as manipulate registry on computers," he said.

"That leaves it open to a lot of vulnerabilities."

SkyDrive is the limit

The integration of Microsoft's Cloud storage service, SkyDrive, into Windows 8 also gets highlighted as worrisome feature.

skydrive

If adequate security measures are not put in place, Kirby said Cloud data could potentially be accessed by anyone with the right know how.

"Since SkyDrive is embedded in the operating system, it is one of the biggest threats to the security of personal data in the new operating system," he said. Access to SkyDrive is already available on Windows 7 and other operating systems, though Kirby said the fact that it is built directly into Windows 8 sets it apart."

The reason why Microsoft adopted a multi-OS approach and SkyDrive integration was to make Windows 8 attractive to developers, though Kirby said this move may have been counterproductive from a security standpoint. Inversely, the developer friendly aspect of Windows 8 is likely to be "embraced" by cyber criminals who will "heavily exploit" the vulnerabilities of the new OS.

Subscribe to the Security Watch Newsletter

Comments