This site may earn chapter commissions from the links on this page. Terms of use.

Windows-10

One of the major pitches for Microsoft's new Windows x S operating system, which only runs apps that yous download from the Windows Store, is that it'south significantly more secure from malware and other types of attacks. The company has also touted Windows ten Southward equally existence less susceptible to ransomware, and protected from types of attacks that have taken down previous Windows versions.

As with near promises of this sort, the truth is rather more complicated. Information technology's true that Windows x Due south does protect confronting certain types of downloadable malware, merely as ZDNet has shown, information technology's not a perfect defense. Afterward picking up a Surface Laptop and installing all available security updates, they turned the device over to security researcher Matthew Hickey to see how long information technology would take him to break through the operating system'south defenses and install ransomware. The outcome? A bit more than than three hours.

"I'm honestly surprised it was this easy," Hickey told ZDNet. "When I looked at the branding and the marketing for the new operating system, I thought they had further enhanced it. I would've wanted more restrictions on trying to run privileged processes instead of information technology beingness such a brusque process."

ZDNet gives the step-by-pace breakdown on how the assault broke through Microsoft's security. But the elementary version is this: Usually, Microsoft Word will lock down macros if you download a certificate from the Internet — merely not if you retrieve the document from what'due south considered a trusted connection. Grab from a source like that, and you can bypass the protections hands enough. The macro in question enabled Administrative privileges and the rest, equally they say, is history. According to Hickey, the security breach is meaning enough to allow he and his team to do "whatever we wanted."

SystemShot

Image past Matthew Hickey

Microsoft, as one might imagine, rejects the argument that Windows ten S is vulnerable to ransomware. And it's true that spending three hours breaking into a system is more time than your average hacker would be willing to spend on a typical system. Then again, initial attacks that can take several hours to create accept a nasty habit of transforming into hands delivered payloads that accept simply seconds to execute.

Microsoft isn't wrong when it says Windows x S is secured against certain types of risks that conventional versions of Windows ten can't protect against. But information technology's simply incorrect to pretend that but locking down how users get their software can protect them against every kind of attack. Windows x Due south may be more secure, but perfect security is a myth and every OS should be treated as if information technology's vulnerable to multiple potential attack vectors.

Now read: Windows ten: The All-time Hidden Features, Tips, and Tricks