Windows 10 Linux Feature Brings Real, But Manageable Security Risks

It should have come as no surprise when it was revealed at the Black Hat USA conference that Windows 10’s ability to run some Linux commands through the inclusion of the Bash shell command language also created a security risk.

The fact is that any time you introduce a new way to interact with software as complex as Windows 10, you will also introduce new avenues for a security breach. The more important questions are: How serious is the potential breach and how likely is it to be exploited?

It’s not likely to be exploited mainly because the Ubuntu Linux command line isn’t enabled by default in Windows 10 and few users will find and enable it, unless they are developers or perhaps hackers who want to do something nefarious.

Read More: Windows 10 Anniversary Update – What you need to know

Windows 10 Linux

Without the Bash shell and the accompanying command line, there’s no way to use the Linux commands to launch a cyber-attack. But the fact is that the Bash shell does exist, and unless you’ve set up your company’s computers so that users can’t access the setting that turns it on, you could find yourself with employees who want to experiment with the new capability.

Just so you know where to find it, this is how you enable the Windows Subsystem for Linux. First you open the Settings function, which is now represented by a gear icon when you press the Start button. Then you go to Updates and Security and click on the For Developers choice.

While you won’t see the Linux button there, you can search for “Windows Features.” That will take you to a list of functions you can select and deselect with check boxes.

Loading ...

One of those selections will let you enable the Windows Subsystem for Linux. Check that box, click on Apply and, after Windows finds the files, you’ll be prompted to reboot your computer. After that you can type “Bash” in the command line, and it’s ready to work.

Even though Microsoft worked with Canonical to create this Linux-like experience, what you’re running isn’t really Linux because there isn’t full Linux kernel inside Windows. But there’s enough of the kernel to allow access through that Bash shell to enable malware to bypass some of the normal Windows security features.

While the new Ubuntu Linux capabilities aren’t supposed to include the ability to run graphical applications or the Ubuntu desktop, in fact the method for doing that is already public.

There’s nothing inherently insecure about running graphical Linux applications such as Firefox or using the Ubuntu desktop.

Continues On Page 2…

Originally published on eWeek

Page: 1 2

Wayne Rash

Wayne Rash is senior correspondent for eWEEK and a writer with 30 years of experience. His career includes IT work for the US Air Force.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

4 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

4 days ago