Windows 8 'doesn't move the needle' on security, says Symantec
Plans to issue several 'Modern' apps in October
Computerworld - Symantec said Windows 8 "doesn't move the needle much" on security as it rolled out new versions of its antivirus software and promised to provide users with several so-called "Modern" apps for the new operating system.
On Wednesday, the security developer released new versions of its consumer titles Norton AntiVirus, Norton Internet Security and Norton 360.
The new programs are optimized for Windows 8's traditional desktop environment -- the side of the new OS that looks much like Windows 7 -- said Gerry Egan, senior director, product management, in an interview. When Windows 8 ships in late October, Symantec will offer a trio of apps specific for the tile-based user interface (UI) once known as "Metro" and now often referred to as "Modern."
Those apps, which have not yet been given final names, will include one that connects to Symantec's cloud-based back-end management system to give users a view into the security health of Windows and the hardware; another that uses the company's "whitelist" technology to sniff out suspicious data and files, including corrupted Modern apps; and a third that uses Internet Explorer 10's (IE10) engine inside a customized browser that Egan said will let customers "surf online securely."
The Modern apps will hit the Windows Store -- Microsoft's regulated app store for Windows 8 and Windows RT software -- on or just after the Oct. 26 debut of the operating system upgrade.
Initially, said Egan, those apps will be available free to everyone, hinting that at some point they could be restricted to customers who had purchased the traditional Norton desktop security software and had an up-to-date subscription to Symantec's services.
"It's a way to explore [the new UI], and introduce customers to our presence there," said Egan of Symantec's move into Modern.
"But we need to see where that [malware] flows, what the problems are for our customers, before we do more [on Modern]," Egan continued. "What we do will depend on the attack surfaces in Windows RT and Windows 8. Microsoft has laid down some very stringent guidelines on what's allowable [on Modern], which also ties our hands. So if there is more to do in the future, we may not be able to because it would infringe those guidelines."
Egan was mostly referring to policies set by Microsoft that "sandbox," or isolate, apps from each other and from the traditional desktop in Windows 8 to provide a more secure environment.
Microsoft is relying on sandboxing, as well as the curated Windows Store -- it reviews each app prior to approval, looking for everything from malware to undisclosed rights -- to secure the tiled side of Windows 8, and all of Windows RT, the touch-first, tablet-oriented spin-off.
Not surprisingly, Egan didn't think much of Microsoft's security moves in Windows 8 as he set up several "myths" about the new OS only to then knock each down.
"We're just not seeing any significant improvements in Windows 8 security ... it doesn't move the needle much," Egan said, ticking off everything from the new Secure Boot feature to a beefed-up Smart Screen anti-malware filter.
"It's partially true that Windows 8 is more secure," said Egan, pointing to the concept of the Windows Store and its approved apps. "But underneath is a traditional Windows-Intel desktop, which is backward compatible with both the good code and the bad."
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Riverbed Stingray Application Firewall: Securing Cloud Applications with a Distributed Web Application Firewall Responsibility over IT security is moving away from the network and IT infrastructure and to the application and software architecture itself. IT organizations...
- Web Application Firewalls--Laying the Myths to Rest This paper addresses some of the myths about WAFs and outlines how businesses are optimizing their investment in protecting their ever-evolving web apps.
- PCI DSS Compliance in Cloud Environments This technology analysis addresses the challenges of the evolving cloud security landscape and how organizations can achieve PCI DSS compliance in cloud environments...
- Web Attack Survival Guide This guide will help you protect your organization from external threats targeting your high-value applications and data assets.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Application Security White Papers | Webcasts