Windows 8 'doesn't move the needle' on security, says Symantec
Plans to issue several 'Modern' apps in October
Computerworld - Symantec said Windows 8 "doesn't move the needle much" on security as it rolled out new versions of its antivirus software and promised to provide users with several so-called "Modern" apps for the new operating system.
On Wednesday, the security developer released new versions of its consumer titles Norton AntiVirus, Norton Internet Security and Norton 360.
The new programs are optimized for Windows 8's traditional desktop environment -- the side of the new OS that looks much like Windows 7 -- said Gerry Egan, senior director, product management, in an interview. When Windows 8 ships in late October, Symantec will offer a trio of apps specific for the tile-based user interface (UI) once known as "Metro" and now often referred to as "Modern."
Those apps, which have not yet been given final names, will include one that connects to Symantec's cloud-based back-end management system to give users a view into the security health of Windows and the hardware; another that uses the company's "whitelist" technology to sniff out suspicious data and files, including corrupted Modern apps; and a third that uses Internet Explorer 10's (IE10) engine inside a customized browser that Egan said will let customers "surf online securely."
The Modern apps will hit the Windows Store -- Microsoft's regulated app store for Windows 8 and Windows RT software -- on or just after the Oct. 26 debut of the operating system upgrade.
Initially, said Egan, those apps will be available free to everyone, hinting that at some point they could be restricted to customers who had purchased the traditional Norton desktop security software and had an up-to-date subscription to Symantec's services.
"It's a way to explore [the new UI], and introduce customers to our presence there," said Egan of Symantec's move into Modern.
"But we need to see where that [malware] flows, what the problems are for our customers, before we do more [on Modern]," Egan continued. "What we do will depend on the attack surfaces in Windows RT and Windows 8. Microsoft has laid down some very stringent guidelines on what's allowable [on Modern], which also ties our hands. So if there is more to do in the future, we may not be able to because it would infringe those guidelines."
Egan was mostly referring to policies set by Microsoft that "sandbox," or isolate, apps from each other and from the traditional desktop in Windows 8 to provide a more secure environment.
Microsoft is relying on sandboxing, as well as the curated Windows Store -- it reviews each app prior to approval, looking for everything from malware to undisclosed rights -- to secure the tiled side of Windows 8, and all of Windows RT, the touch-first, tablet-oriented spin-off.
Not surprisingly, Egan didn't think much of Microsoft's security moves in Windows 8 as he set up several "myths" about the new OS only to then knock each down.
"We're just not seeing any significant improvements in Windows 8 security ... it doesn't move the needle much," Egan said, ticking off everything from the new Secure Boot feature to a beefed-up Smart Screen anti-malware filter.
"It's partially true that Windows 8 is more secure," said Egan, pointing to the concept of the Windows Store and its approved apps. "But underneath is a traditional Windows-Intel desktop, which is backward compatible with both the good code and the bad."
- Gartner Magic Quadrant for Client Management Tools The client management tool market is maturing and evolving to adapt to consumerization, desktop virtualization, and an ongoing need to improve efficiency.
- Audit Ready and Asset Optimized: The Solid Promise of an Intelligent Software Asset Management Solution In this paper Frost & Sullivan examines the benefits of enterprise-grade Software Asset Management solutions, and how these solutions serve as the convergence...
- Gartner Magic Quadrant for Application Security The market for application security testing is changing rapidly. Technology trends, such as mobile applications, advanced Web applications and dynamic languages, are forcing...
- Five Steps to Achieve Success in your Application Security Program This white paper provides a general framework your organization can use to create or build upon an application security program. It includes guidelines...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Application Security White Papers | Webcasts