Early Windows 8 adopters are exposing their soft underbellies to browser based malware attacks which exploit known Flash plugin vulnerabilities. Ed Bott, writing on ZDNet says that Microsoft is yet to release a Flash update for Internet Explorer 10, which must come through Windows Update. Adobe updated its Flash player on 21st August because of “Priority 1” vulnerabilities and recommended users updated their systems within 72 hours.
With IE10 on Windows 8, Microsoft decided to build Flash player into the browser as a component thus enabling Flash content playback within a “box fresh” browser. Google does the same with Chrome and Flash updates are handled by the automatic browser updates. But it seems like, in Windows 8, Microsoft just hasn’t turned on the tap yet.
Mr Bott asked Microsoft about the availability of an update for the currently vulnerable IE10 and got the following response: “Security is of course important to us, and we are working directly with Adobe to ensure that Windows 8 customers stay secure. We will update Flash in Windows 8 via Windows Update as needed. The current version of Flash in the Windows 8 RTM build does not have the latest fix, but we will have a security update coming through Windows Update in the GA timeframe.” GA refers to general availability meaning 26th October. The ZDNet article notes that when using the Modern UI version of IE10 “Flash is completely blocked from all but a handful of whitelisted sites. But the desktop version of IE 10 is wide open”. So if you are a Windows 8 pioneer it’s best to disable the built-in Flash player for now through the Manage Add-ons menu options.
More Windows 8 security titbits
Symantec yesterday released new versions of Norton AntiVirus, Norton Internet Security and Norton 360 optimised for the Windows 8 desktop environment. These new apps will be followed up with “Modern” style apps in late October. The Modern apps will be available from the Windows Store around the time of Windows 8 general availability, initially for free.
Talking to Greg Keiser of PCAdvisor the Symantec senior director of product management, Gerry Egan, said there are a lot of myths going around about how secure Windows 8 is. “We're just not seeing any significant improvements in Windows 8 security ... it doesn't move the needle much” he continued to explain, “It's partially true that Windows 8 is more secure, but underneath is a traditional Windows-Intel desktop, which is backward compatible with both the good code and the bad.” Mr Egan said the new Norton security products add much more value above and beyond the built in Windows Defender.
Win 8 Ripoff System
You might not be surprised that, even before GA, malware writers are already targeting Windows 8 users. McAfee recently came across a fake antivirus tool called “Win 8 Security System” which looks for payment for fixing problems that, in reality, don’t exist. It’s an old ploy on a new OS.