Categories: OSPCSecurityWorkspace

Windows 8 Malware Threats Arrive

Researchers have spotted Windows 8 malware masquerading as anti-virus, raising doubts about Microsoft’s claim that the operating system is irs most secure OS ever.

Security giant Trend Micro discovered fake antivirus aimed at Windows 8 users (image below), just a week after the OS was released to the wider public. It is a standard attack vector, but is the first sign that cyber criminals believe Windows 8 adoption will be big enough to merit attacks on the platform’s users.

Users will encounter ads for the fake AV when they visit malicious sites, Trend warned. “The recent launch of Windows 8 had people talking about this new OS. Naturally, cyber criminals are grabbing this chance to distribute threats leveraging Windows 8 and raise terror among users,” the company said in a blog post.

Windows 8 malware dangers?

The news came as security professionals debate the vulnerability of Windows 8 compared to previous versions of Microsoft’s massively popular OS.

Windows 8 has a number of positive security features, including Secure Boot, which is designed to prevent unauthorised software from loading during the start-up process. It is aimed at stopping rootkits, which have been able to infect the BIOS in the past and are used to hide malware from anti-virus.

Secure Boot works by having the Unified Extensible Firmware Interface (UEFI) – a BIOS replacement – check the boot loader to ensure it is signed by Microsoft before running it.

Windows 8 also features built-in anti-virus, in the form of Microsoft’s own Windows Defender. When a different anti-virus solution is downloaded by the user, Defender will disappear and let the other manage threats – although it should be remembered AV can only block around 30 percent of modern day threats.

Despite these and other notable additions, some have questioned whether the latest version is the most secure Windows ever. Mikko Hypponen, chief research officer at F-Secure, said the most secure version of Windows was the one sitting on the Xbox, not any sitting on PCs.

“It was completely clamped down, it only did encrypted IPv6, supported no other protocols, only ran whitelisted applications, you couldn’t run Android apps at all, which makes it very secure,” he told TechWeekEurope.

“I’m guessing it’s still more secure than Windows 8… I find it funny that the most secure version of Windows is inside a games console, which is counter-intuitive. The god-damn gaming device is more secure than your Windows 2008 Server.”

Are you a security guru? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

View Comments

  • Of course it's the most secure Windows ever - it's not exactly a tough feat given it's track record. We all know Microsoft has tried and fought for years to make Windows less vulnerable, and considering the stride made between XP and 7, they have actually managed to make it somewhat better. With Windows 7, a user who was intelligent about downloads, didn't install things and avoided use of Internet Explorer at all costs could manage to stay virus free. Unfortunately, there are certain types of users who will just never care to be responsible on the PC because they a.) purchased antivirus software and are "protected" (HA!), b.) don't actually bother reading a single word of what they click, c.) can just ruin the IT department's day rather than listen to all that boring stuff they say about how not to infect the entire company system, and/or d.) continue installing things like "Bear Share" and "Ask Jeeves" just because it "popped up and asked", along with 19 browser toolbars, but will continue using the machine without coming to the realization that perhaps using the PC does not actually mean you know how and should have paid attention during all the offerings of knowledge spewing from the world today... but instead, they'll complain about the computer, talk about how awful Windows is, throw the machine out, buy another one and start it all over again. I think these types know deep down they screwed it up, but believe taking it to the technician for repair would force them to admit they haven't a clue how to use it properly. Meanwhile, most folk really do realize they shouldn't have opened that mysterious attachment and call for IT's help before it spreads. We're in the day and age where even when elderly women walk by a PC with Internet Explorer, she'll stop and install Firefox/Chrome so that noob can start seeing the real web and not get killed by ActiveX exploits (seriously... when was ActiveX ever used NOT to infect someone?) Not saying Microsoft didn't make the fact that, at its core, Windows is still Windows - an executable environment - making it vulnerable. What bothers me the most is that all this time, energy and money must go into dealing with this problem. It exhausts Microsoft. It exhausts us. In the modern business, the Windows operating system just doesn't work anymore. Executable may have been what gave Windows the power to change business in the past, but all their resources have gone into trying to bend things to Windows directions & apply patch after patch after patch to the point where all the PCs do anymore is sit there and install massive update files that will never be able to solve the underlying problem - Microsoft needed to start dreaming up a new codebase over a decade ago. Even when they finally were faced with competition (when Mac had the 'codebase' realization and released a polished up Unix environment to capture the hearts of those who like paying $5,000 for $200 worth of hardware and don't need much functionality as much as they need it to not have anything they can break), they didn't consider the very predictable chance that they'd need a more modern software architecture to continue their number one spot.

    Well here it is, folks. Windows 8. It's basically aero-free (thank god) Windows 7 with the most important productivity features removed (right - not improved - removed) and a psuedo-kernel slapped on top of the existing one. MS said it was to tie in tablets or something, which is the market they WANT to be in but I suppose are forgetting the millions upon millions upon millions of customers who have, mouse in hand, constantly come back to buy more Microsoft products despite it all. I guess it's just kind of offensive Microsoft can't even give those who want to continue using a PC. Windows is a liability to modern business and an OEM nightmare to consumers - tablets are nothing but toys to us people who have the amount of work to get done that requires dealing with Windows. It's a harsh truth. We are used to dealing with Window's problems because only Windows had the horsepower needed to run intense programs and organize insane amounts of files. No one goes back to Windows once they get out, and I'm sorry, the last thing I want on my tablet is Windows. Stay in my work area where you belong, Microsoft. I just can't believe they didn't consider their enterprise users in all of this. Enterprise will never be able to adopt this OS, especially now when cost of supporting Windows is so high that many businesses have already made the switch to Linux. After such a history in enterprise, I'm personally and professionally offended that MS couldn't even provide w8 Professional edition with the option of a start menu. They pushed us far just to bring us to this. IT managers around the globe will be looking back on all the millions of dollars they've invested in MS enterprise products with a bit of relief. Sure, you lost every dime you made trying to keep all that crap semi-working and you may have gray hair now, but hell, at least you finally get to throw all that proprietary crap out and lead the revitalization of how your company operates.

    Information Technology Renaissance in business will drive much economic recovery over the next few years. While media outlets "ooh" and "aah" over cheap pieces of plastic with LCDs that are about as revolutionary as they are useful in business roles where there is a workload realistic of a 2013 professional's job - as in - stacked to the ceiling, verge of insanity, lord you're gonna need some serious processing, memory and probably dual LCDs to do all that by its deadline. Microsoft is making the kind of business mistake that involves trying to obtain new customers (who you will never sell anything to (and even if you do sell some tablets - they're already becoming a commodity and consumers won't pay more than $200 for them much longer, not the type of profit MS is used to)) and either trying to bend your existing customers to be that type of consumer. Hi - I'm sure you'll agree the amount of money we spend on business desktops and laptops should be enough proof that we're staying put. And if we do provide tablets, in no way does purchasing them with Windows on it make good business sense. Funny Trend Micro should catch the first Windows 8 virus, seeing as how it can't catch a damned thing any other time. How many tens of thousands lost to them too. There are two security companies that make AV that can actually be called AV - ESET and Kaspersky - and they're probably not in your budget (until you have an outbreak.) Trend did nothing more than put an icon in the tray that gave you a false sense that maybe 30% would be caught by it. I don't think the techs have ever seen it actually stop an infection. Malwarebytes (free) put it to shame on an at least weekly basis. The even better part? They were all well known, studied infections that had been around for years. In the end, we paid double for AV that year but stopped getting hammered the second we rolled out NOD32.

    So if Microsoft is breaking up with business and consumers at the same time, I'm just gonna be the one to say it's okay. I don't think we could have lasted much longer anyway. Moving to Linux is the natural next move for business, and consumers will enjoy more diverse offerings. As for Engineers & IT service-people, let's just point out the elephant in the room. The quality in Proprietary software myth is busted. And we're movin' on!

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago