How Microsoft Should Improve Windows 10 Security (Op Ed)

[Guest]

Microsoft announced some strong security improvements for Windows 10, but it could do much better by upgrading the User Access Control system, keeping its antivirus competitive with the rest of the industry, adding EMET protections and default encryption.

How Microsoft Should Improve Windows 10 Security (Op Ed) : Read more

 

[mwryder55]

The one thing that would help UAC the most is for it to remember your responses. Once a program is allowed to run remember that unless there is a change to the program. The user should not have to click through the prompt every time they run a program. This just leads to them turning it off when it becomes too obnoxious.

 

[CaedenV]

@mwryder55
But then software could pretend to be the OK'd software and get through making it almost as useless as turning UAC off entirely.

@article
I think a lot of that is already in play. Obviously there are some rather large pressures to not turn off legacy applications (just one of many reasons why windows RT, which only ran winRT apps, was such a massive failure). If they did limit things to just the store then it would really help a lot of security as MS would get a good look at all code as it was compiled, and it would all be managed code to begin with.
I think this is one of the reasons why MS is moving more and more of it's own apps into the app store; mainly just to prove that you can write big full-featured apps in fully managed code, and still have it work well and efficiently. Granted, I am not quite sure that Spartian or the new metro version of Office are exactly proof of the concept, but it is at least a start; and once there eventuially are some good apps in the app store then maybe more people would go there first for their software purchases instead of some web 1.0 website to download an exe.

Another thing that is being implemented is the use of internal keys and cryptography within the OS itself; basically a way to have the left hand of the OS prove to the right hand what it is before it is allowed to do anything. This could prove to be a huge step forward for OS level security. You may be able to infect a PC, but at that point it would always be one refresh away from being clean again.

Speaking of refreshing the PC, another nice thing about win10 is that when you do a refresh or reinstall of the OS it finally asks you for a local user name and password before it will do it! This was a scary (though often convenient) 'feature' of win8 in that you could take anyone's computer, do a fresh OS install, and it was essentially your machine at that point. At least with win10 you are going to have to take a few extra steps to format the drive and do a full installation if you want to rip off someone's computer rather than putting in an express lane to do so.

Never even heard about EMET before, I'll have to look into that. Something that powerful should certainly be part of the OS even if it is not enabled by default.

Overall though I think win10 is going to prove to be a big step forward on the security front. The OS still has some bugs to squash before release, but I already like it a lot more than win7/8/8.1.

 

[Quixit]

Forcing existing Windows Apps to run sandboxed would break the vast majority, if not all of them so it's not particularly feasible. In fact WinRT was an attempt to do just that, introduce a sandboxed app model and WinRT apps haven't exactly become the next big thing have they?

I'm not entirely convinced the majority of users actually cares about security. UAC is probably the least time-intensive security system in any OS I've ever used (compare to sudo on 'nix or Mac's similar solution) and yet still a fair number of people disable on every system they use. A lot of them still don't even set a log-in password either or if they do they pick something without any complexity, that could be cracked in a few seconds. Look at all the people jail-breaking their phones, people care more about freedom than they do about security.

 

[Shin-san]

I prefer UAC over Apple's solution. Apple made fun of Microsoft for it, but I hate having to type in a password EVERY TIME I update some software on Mac OS X. To have a safe password, you need a mix of letters/numbers/symbols/etc and that password sometimes has to be tied to an online account. Yuck. Instead of the depressed "allowed"/"confirmed"/"okay" in that Apple commercial, I get "ENTER YOUR GODDAMNED PASSWORD!"

Someone said that UAC goes "Terror Alert" and hates only that part. He liked that you could deny an application access to the Internet. I overall agree with this. I also like the idea of application sandboxing, with giving the user the ability to elevate the access so that it can go outside the install directory

 

[mapesdhs]

Most of Windows' security problems over the past decades would have
been avoided if the OS had been built from the start with a proper
foundation of file ownership and access permission concepts (oh wait,
that's UNIX...) Instead, Windows has a bucket load of bolted on nonsense
which has never worked properly, full of glitches and crazy behaviours.

I'm not buying the notion they can turn Windows around into something
inherantly secure, their track record shows no intent to do this. Always
amazes me the planet's corporations have never tried a vast lawsuit to
force MS to sort it all out.

Ian.

PS. The downvotes are amusing. Facts are facts, Windows never had
any inherant concept of file ownership, and that made it an utter security
nightmare from the very beginning. Ever since NT it's just been a bolt-on
mess which doesn't really work. Tried meddling with file ownership, etc?
It's utter garbage in Windows, always has been.

 

[daglesj]

MS should start to include and switch on more of the security by default. I think they hold back due to many older bits of software not being compatible (especially with EMET) but maybe it's time for those old insecure or badly coded bits of software to be put out to pasture. I think MS is worried it would then be classed as a security Nazi which means damned if they do and damned if they don't. I will be disappointed however, if EMET isn't built into Windows 10. The time is right for that.

As for MS Security Essentials/Defender, thats a tough one. As it's installed as standard in Windows 8 it's basically the one AV to beat as a first step so it's going to get hit hard. I still think it has value. I find it finds stuff that MBAM etc. doesn't find such as Cryptolocker stuff. What I think is more damaging is OEMs bundling in a 3 month trial of McAfee or Norton with 8. I find so many year old Windows 8 laptops still running those outdated trials whilst Defender is switched off. I'd rather have up to date Defender than out of date McAfee.

 

[Morbus]

The one thing that would help UAC the most is for it to remember your responses. Once a program is allowed to run remember that unless there is a change to the program. The user should not have to click through the prompt every time they run a program. This just leads to them turning it off when it becomes too obnoxious.

EXACTLY this, and ONLY this.

I liked the read and this is a useful article, but Microsoft only needs to do THIS, and they'll improve my experience immeasurably, I turn off UAC on all my computers, even though I've given it a try.

In the end, I was willing to live through the clicks, but as soon as I figured that UAC wouldn't let me autorun SOFTWARE (fruck that apps bs) that required administrator access, I disabled it without a second though.

What a load of BS that UAC is.

 

[zodiacfml]

I don't agree but Microsoft has done well considering many factors (except the weakening Windows Defender probably to allow AV makers to thrive)
It's the browser though which needs a lot of help.

But, thanks for mentioning EMET. I have never heard of it and might try it now on my machine.

 

[Achoo22]

Good article. I'd also like to see Microsoft rework the svchost and dllhost mechanisms to allow greater transparency. Most firewalls and other system tools only pickup the base executable, so having so many processes (especially privileged processes) under the svchost/dllhost aegis is terrible for security.

The ideal sandbox would be on that virtualizes all devices. An application "thinks" it has installed files/services all over the disk where it has really been constrained to one easy to delete directory with more sensible permission control than the half-hearted program files method. Internet Access/IPC/etc should be easily toggle-able for any running app.

Also, and this is a big one, allowing the built-in firewall to be programmatically bypassed is ridiculous. With so many people behind NAT routers, the greatest benefit of a personal/software firewall is in limiting data leakage from within. If every application can override user settings by changing its own firewall rules (in Windows, it doesn't even require a user prompt), the firewall is useless.

It's long past time that it became safe to run unsafe applications.

 

[Grandmastersexsay]

Who even gets viruses anymore? Malware? Adware? It's all easily delt with. I remember the good old xp days where you had to reformat every year because of all the crap that got through.

People don't care about security as much as they used too, mainly because they don't have to.

Microsoft should put all their effort into making windows 10 an enjoyable experience. Give people a real start menu. Stop with the windows store. Stop this stupid app nonsense. They're called programs. Let the engineers and programmers oversee the design. Trash the boardroom focus group nonsense.

 

[daglesj]

Who even gets viruses anymore? Malware? Adware? It's all easily delt with. I remember the good old xp days where you had to reformat every year because of all the crap that got through.

People don't care about security as much as they used too, mainly because they don't have to.

Microsoft should put all their effort into making windows 10 an enjoyable experience. Give people a real start menu. Stop with the windows store. Stop this stupid app nonsense. They're called programs. Let the engineers and programmers oversee the design. Trash the boardroom focus group nonsense.

You don't look after normal peoples laptops and PCs for a living do you?

Out there in the real world it's carnage with malware and adware. No point in MS trying to improve the 'user experience' if its covered in popups and tool bars. I still get in 3-4 laptops a week for virus/malware cleaning and worse still the Bitlocker stuff too. Even the ones I just get in for a service all have to be 'cleaned' before I can properly work on them. Maybe 1 in 20 comes in clean.

Lot's of things need to be tackled before the foot can be taken off the security pedal.

 

[Christopher1]

The one thing that would help UAC the most is for it to remember your responses. Once a program is allowed to run remember that unless there is a change to the program. The user should not have to click through the prompt every time they run a program. This just leads to them turning it off when it becomes too obnoxious.

To play Devil's Advocate, that would require hashing of some kind, MD5 or otherwise. I cannot see Microsoft doing MD5 hashing in the real world.
Really, I do not get a UAC prompt anymore except with of all things my online games that use third-party no-hack solutions.

 

[Haravikk]

I thought Windows already supported cryptographically signed programs, isn't that how it identifies who the publisher of a piece of software is when it asks if you're sure you want to open it? All it lacks is a means of denying unsigned apps similar to OS X's Gatekeeper.

However, what I would really like to see; on Mac OS X as well, is a setup wizard that actually guides users towards a secure setup. On Mac it's still a good idea to have a separate administrator account, and on Windows the same applies, as even if a UAC bypass is discovered it still can't do anything if you only have a standard account for the majority of your software.

On Mac, this setup works well as it will just prompt you for an admin username and password, so you can still do stuff using your admin user's permissions, without having to sign in as them, but I'm not sure if Windows supports this at present?

But yeah; while the majority of systems are probably single-user, Windows could really do with asking users to provide two sets of passwords or other credentials, one for the admin and one for general use, so they can get the convenience of a simple password for common operations, but a more complex one for secure operations.

There's definitely an argument for how an OS should treat security; endless prompts are a bad design decision as it trains the user to dismiss them as an inconvenience, but really what a good OS should do is train the user to act in a more secure way, and recognise when something shouldn't be asking for permissions that it doesn't need.

 

[Vlad Rose]

While I don't believe every application should be sandboxed, they probably should in those that are 'net centric'. For example, I run Sandboxie at home and the only apps that I have that load inside there are Chrome and Firefox.

 

[Pherule]

Online Armor is still the best defense you can add to a computer IMO. It's like the UAC, except it controls everything, and it remembers your responses. After using it for about 1 week, it almost never bugs you.

 

[Vlad Rose]

Online Armor is still the best defense you can add to a computer IMO. It's like the UAC, except it controls everything, and it remembers your responses. After using it for about 1 week, it almost never bugs you.

It is only a firewall though, so it does not protect against local attacks; nor virus/spyware detection/removal.

 

[dextermat]

Microsoft need to create a serious database blacklisting bad programs and such and and easy way to block, folder, files.

Also programmers and software makers collaborate on this, just like drivers.

 

[jdwii]

I wonder if Microsoft employee's read this i would surly hope so i'm thinking if its already coming out in july i doubt they will add much of anything at this point.

Great article though and i agree with everything even more so the encryption

 

[Christopher1]

I find so many year old Windows 8 laptops still running those outdated trials whilst Defender is switched off. I'd rather have up to date Defender than out of date McAfee.

True that. I have some relatives who were running outdated McAfee and Norton that had expired. I just sighed, uninstalled the Norton/McAfee and put on MSE or for the ones who had Windows 8, enabled Defender and immediately did a scan.

 

[Christopher1]

Microsoft need to create a serious database blacklisting bad programs and such and and easy way to block, folder, files.

Also programmers and software makers collaborate on this, just like drivers.

The problem is that the malware offers can 'tweak' their programs and OOPS.... does not register under the 'known bad programs' thing.
A WHITELIST is better than a BLACKLIST in this situation. Any program that requires administrator access? Automatically looked upon leerily by the OS, installer or no.

 

[daglesj]

Encryption is one of those "seemed like a good idea at the time" features. Unless you've spent time with encrypted machines you don't know how much of a liability they really are.

You only use encryption if you NEED to use encryption. It's fine if you run it in a enterprise with full support and automated backup systems in place but for domestics...it's an accident waiting to happen. HDDs fail and people don't make backups. Thats okay we'll just copy the data of the HDD...oh...we can't it's encrypted. Enthusiasts and overclockers shouldn't use it either especially if you run a machine whereby lockups/crashes and unexpected reboots have to occur. One corrupted HDD and you are toast.

Encryption - For plain Jane's and the organised only.

Plus you don't need super encryption. Encryption only has to stop the guy that stole your laptop from accessing it long enough before someone slaps a cracked copy of Windows 7 over it.

 

[killerb255]

I'm not entirely convinced the majority of users actually cares about security.

There's no such thing as convenient security.

I'm convinced that the vast majority of users care more about convenience than security, and that's unfortunate.

 

[Christopher1]

Encryption - For plain Jane's and the organised only.

No, encryption is for everyone today, period and done with. If my Windows 8 installation supported Bitlocker, it would be turned on tomorrow because it keeps nosy nancies out of my private business (as long as they do not get to my computer while it is on and out of my sight).
With the government becoming more and more nosy today, it is for the regular person as well.
As to the "It's encrypted, we cannot access it!".... bullplop! Numerous companies I know of have solutions where they can take the platters out of one drive, put them in the exact same chassis, and transfer the data... EVEN WHEN ENCRYPTED!
No reason to bring up that lie here.

 

[akula2]

Pretty much average article which tells nothing new.

First: 'In Windows XP, almost any app could do almost anything. That's because, to this day, the default account in Windows has Administrator rights.'

True. But it can be easily fixed in 20 seconds by adding 'Administrator' DWORD value to 1 in the Registry.


This article doesn't talk openly on few things:

1) exploits used by the NSA. E.g., NO protectoin under the Bullrun program.
2) Microsoft co-operation with the Intelligence agencies
3) Encryption tools are compromised

Most imp: any encryption must be carried out on other machine to maintain 'Air Gap' so never do it on the same system. Never.