Windows 10 S – How Good Is It?
Microsoft recently touted Windows 10 S does not allow “any known ransomware” to execute on its systems. They claim the increased security is based on the controls in place which allow users to only use programs that are in the approved app store. However, this methodology has a proven loophole.
ZDNet decided to do some testing of their own. They collaborated with security researcher and co-founder of Hacker House, Matthew Hickey, and he was able to execute malware on the Windows 10 S system in three hours. Hickey was able to infect the system by injecting malicious code into a Word document, which is an allowed application on Windows 10 S. To read about the entire hacking process and how Hickey wormed his way past the Windows 10 S controls, click here.
The Major Flaw
First, it should be said, the concept of only allowing safe programs to execute is a legitimate one. Technically, this is called whitelisting. However, the flaw Microsoft did not consider, was when malicious code attempts to execute within these safe programs. A solution for this, is to create a way to detect when safe applications are altered. For instance, PC Matic also uses a whitelisting technology to prevent malware attacks; however, each time a safe program’s code is altered, it is retested to ensure the alterations made were not malicious. Microsoft would be smart to implement a similar process.