Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft: Windows 10 Is the Most Secure Operating System


  • Please log in to reply
45 replies to this topic

#1 Antilope7724

Antilope7724

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:32 PM

Posted 18 November 2015 - 02:25 PM

http://news.softpedia.com/news/microsoft-windows-10-is-the-most-secure-operating-system-496352.shtml
 
"Microsoft has put a lot of effort into Windows 10, and the company keeps reminding us of this on every single occasion, so it shouldn't come as a big surprise that CEO Satya Nadella has praised the security of the operating system at a recent event in Washington.

Speaking about the enhancements Microsoft has made to Windows 10 in terms of security, Nadella has called the company's latest product ”the most secure operating system,” explaining that it comes with significant improvements in this regard for both consumers and enterprises."


-----

Boot your Windows 10 PC with a Linux Live USB flash drive, look at the hard disk and tell me what you see. What you see is the entire Windows NTFS file system laid before you. You can access any of the files (read, modify, copy, delete, etc) including personal data files with no password required. If there are multiple Windows user accounts you can see and access all files with no password required.

Secure? Not very if someone has physical access to your Windows 10 pc, a USB flash drive and a free copy of a Live Linux ISO.

A smart 8 year old with a USB flash drive can gain access to every file on your Windows 10 PC in the 90-seconds it take to boot it up.

All he needs:

-An 8gb or greater USB flash drive
-A copy of Rufus (available free on the internet)
-A free Linux ISO(available free on the internet) that creates a Live Linux session (Ubuntu or Linux Mint)

Download Rufus, put USB flash drive into his Windows PC, point Rufus at downloaded Linux ISO. Create Linux bootable USB.

Place USB flash drive in you Windows 10 PC. Boot the Your PC from the flash drive. Go to the the Linux File Manager on the Linux desktop that is displayed (looks just like Windows) and all of your Windows 10 hard disk files are available for copy, deletion, moving, opening etc. No password required.

This could be prevented if the Windows 10 PC is secured with Bit-Locker or if there is a bios password set and the hard disk is set to boot ahead of the USB device.

This security is not set by default and probably 99% of Windows 10 PC's could be accessed in this way.
 
Microsoft was also talking about Enterprise. A janitor with a USB flash drive can access every file on every Windows PC hard drive in an office. Most PCs are only secured with the logon password. In this case that's not good enough.

Edit: Moved topic from Windows 10 Support to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:32 PM

Posted 18 November 2015 - 02:38 PM

Secure? Not very if someone has physical access to your Windows 10 pc, a USB flash drive and a free copy of a Live Linux ISO.


Everyone knows that as soon as you get physical access to a device, it's compromised. Every Experts in the IT Security world will tell you that.

Microsoft was also talking about Enterprise. A janitor with a USB flash drive can access every file on every Windows PC hard drive in an office. Most PCs are only secured with the logon password. In this case that's not good enough.


In a normal company, laptops (and maybe desktops) drives are encrypted, so even if you access the computer physically, you cannot do anything without the password (you cannot even get in the hard drive). Even if the computer is open, and an account is open (this is the fault of the user there, not Windows), all you can access if your own userprofile, unless you are logged in as a Sysadmin or else (and this would be a protocol breach, not Windows' fault). Usually, files are never kept locally on the system, they are kept on the company's servers (network shares, DFS, etc.) so even if you are on the Winlogon screen, or access the hard drive (assuming it wasn't encrypted), you won't be able to access anything as no data is being kept locally.

This security is not set by default and probably 99% of Windows 10 PC's could be accessed in this way.


What are the odds that someone breaks in your house, have a Live Linux USB and goes through the process you explained above? Some security features aren't enabled by default because there's simply no need to. I can guarantee you that if you work for a company with an IT department that have the slightest of common sense, they won't use the preinstalled Windows on the devices they buy. They'll use their own custom image (with their own security) and other security protocols will be implemented after the installation.

So yes, Windows is quite secure when you think about it, but of course I don't except people who don't work in IT to know anything about what I just mentionned above, so this is a common mistake/misinterpretation made by a lot of people :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Antilope7724

Antilope7724
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:32 PM

Posted 18 November 2015 - 02:57 PM

I worked for HP for 25 years until I retired in 2009. As of 2009 none of our networked office Windows pc's or our Windows laptop computers had hard drive encription. They were only secured with the user passord. If one of the industry giants didn't do that many smaller businesses are not going to either.


Edited by Antilope7724, 18 November 2015 - 03:00 PM.


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:32 PM

Posted 18 November 2015 - 03:03 PM

Well let me tell you that: this is a huge security hole you have in your business, and you are the only one responsible for that. Microsoft gives you the tools the protect your system and devices, if you aren't using them when they are available to you for free, then it's your fault.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 leithanne

leithanne

  • Members
  • 327 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Philly 'burbs
  • Local time:09:32 PM

Posted 18 November 2015 - 03:18 PM

I regard being able to boot from a linux drive and see my Windows files as a feature, not a drawback. In fact, I keep my DVD drive set as my first boot device, so that if Windows borks, I can get in with linux.

 

Companies are responsible for their own physical security. My son-in-law is building a nuclear power plant, and he has to remove his hard drive and lock it up whenever he leaves his desk. I'm sure other companies with something important to keep from janitors have similar procedures. If not, it's on them.



#6 brainout

brainout

  • Members
  • 1,190 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Houston
  • Local time:08:32 PM

Posted 18 November 2015 - 04:08 PM

Is it proper to blame the OP for noting the fact that HP didn't use encryption?  That's not HIS business, nor is it HIS fault.. right?

 

OTOH, I too regard the openness of  Windows as a feature.  Very important feature, even.  So I don't need to update XP or Win7 and can instead use the same computer with a Linux external installation plugged in.  Linux husbands Windows very well.  There are certain things only Windows can do.  Of course Windows is not most secure, due to past baking in of Internet Explorer, and lately Bing and Cortana, plus preserving legacy programs so they can still run.  Businesses need the old stuff to keep running, and that's THE reason why Windows is not secure, even now.

 

Fine.  So then to make it secure, just add the outermost perimeter of Linux, which using it as an external install, does.  Let that perimeter interface with the internet, and leave the Windows intact.

 

Best of both worlds, really.  If you want only Windows, and you're willing to undergo the hassle and the added risk, you can.  If you are willing to learn rudimentary externally-installed Linux enough to surf, that reduces your Windows risk but not its utility.  If you really concerned and you don't mind the hassle of Linux permissions, fine.

 

These are operating systems, not gods.  They have advantages and disadvantages.  Trick is to maximize the advantages and minimize the disadvantages, no?


Edited by brainout, 18 November 2015 - 04:10 PM.

(Away, Notifications Off) AUDIT PREMISES, my guidon.  -- brainout or brainouty on vimeo or Youtube, domain brainout.net


#7 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 8,135 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:10:32 PM

Posted 18 November 2015 - 04:10 PM

I just want to reiterate Aura's point:  If anyone has physical access to a device the most primary and critical feature of security is compromised.  Physical security as the first line of defense is a given.  If you don't bother with that then almost nothing else matters.

 

Also, given my years in this business and although I would not endorse "security by obscurity," the scenario of the janitor with a bootable Linux drive is far fetched in and of itself.  Linux is not a household word (even though I and millions of geeks know about it) and most people, including those who've been end users of computers for decades wouldn't know how to change boot order to save their lives.

 

One designs security based on the relative likelihood of incursion and the value of the data that might be compromised.  The vast majority of the world does not need nor does it want NSA-grade security on their computers.  Microsoft gives people a very large array of tools to make things far more secure than the default settings if their situation requires it.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

      Memory is a crazy woman that hoards rags and throws away food.

                    ~ Austin O'Malley

 

 

 

              

 


#8 Antilope7724

Antilope7724
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:32 PM

Posted 18 November 2015 - 05:04 PM

Amazing. Point out a security hole in an operating system and people shoot the messenger.

 

Good job folks. That should make your files more secure.



#9 Atomic77

Atomic77

  • Members
  • 213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Bend, Wisconsin USA
  • Local time:09:32 PM

Posted 18 November 2015 - 05:07 PM

I believe that witch each new OS and windows update the system gets better and better.


ATOMIC77

​GEEKED AT BIRTH


#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:32 PM

Posted 18 November 2015 - 05:40 PM

Is it proper to blame the OP for noting the fact that HP didn't use encryption? That's not HIS business, nor is it HIS fault.. right?


I'm blaming the company he worked for for not having implemented a decent security protocol. Also, I mention that it's the user's fault (not the OP) if he doesn't take the proper steps to secure his own system. Please quote where I blamed the OP because HP didn't use encryption? A quote where you can see that I put the fault on HIM, and not HP. Just so you know, the "you" I used here isn't directed at the OP, it's a figure of speech. But I think that you understood that, right?

Of course Windows is not most secure, due to past baking in of Internet Explorer, and lately Bing and Cortana, plus preserving legacy programs so they can still run. Businesses need the old stuff to keep running, and that's THE reason why Windows is not secure, even now.


Funny that you mention this point, since a lot of users here are complaining about Windows not adding enough support for legacy programs and they don't want to hear anything about the "security" aspect of this decision.

If you want only Windows, and you're willing to undergo the hassle and the added risk, you can.


Implying that you cannot use Windows securely without getting infected. I haven't been infected in years (when I did, it was because I used a shared computer with my family and they were the ones opening the door to malware), yet it isn't an hassle for me to use Windows the way I do.

Amazing. Point out a security hole in an operating system and people shoot the messenger.

Good job folks. That should make your files more secure.


We didn't "shoot" the messenger, we're telling you why the concept behind the "security hole" you pointed have its flaws and why you might be misunderstanding it. If you're not ready to accept critics and comments about what you post, why do you even post it in the first place? Take responsability for your threads and your words.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 brainout

brainout

  • Members
  • 1,190 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Houston
  • Local time:08:32 PM

Posted 18 November 2015 - 05:47 PM

To Antilope and Atomic:  yeah, good points.  Antilope, you're right there's a security hole, and it will remain.  It's in the design (now via Bing and Cortana).  There are reasons for it: think of Spanish architecture, with the internal open courtyard. 

 

So the idea is to plug the holes as they are found, without closing the courtyard.

 

The Build 10240 version of Win10 that we Insiders got worked really smooth on my Dell Latitude 6510, but as you well know the RTM version's installer (or something) wasn't so smooth; it created a lot of problems for many many people.  Likely, due to the method of installation.  Hopefully Threshold is better.


(Away, Notifications Off) AUDIT PREMISES, my guidon.  -- brainout or brainouty on vimeo or Youtube, domain brainout.net


#12 jargos

jargos

  • Members
  • 668 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sydney Australia
  • Local time:12:32 PM

Posted 18 November 2015 - 07:24 PM

In all my years and years of using Microsoft Security Essentials, and keeping it fully updated, and doing DEEP scans which last for hours it had NEVER, EVER found anything.

 

Although Adwarecleaner, Malwarebytes, etc, find things straight away. Especially Adwareaner - that fantascic little gem found free, and right here.

 

So why IS that ?

 

And did MSE (now called something else in W10 ?) just take a quantum leap forward so as to be safest ?

 

Hard to believe that.


Linux Mint 17.2 Cinnamon on older, Pentium 4 desktop.

Win 7 on Medion Akoya i3 laptop


#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:32 PM

Posted 18 November 2015 - 07:26 PM

Most likely because AdwCleaner and Malwarebytes have PUP detections, while Microsoft Security Essentials doesn't. Also, it is a known fact as well that MSE detection ratio isn't the best there is. Microsoft is leaving this to Antivirus companies and even shared intel with them to help them improve their products.

It's also AdwCleaner, not AdwareCleaner. Starting in Windows 8, Windows Defender is the default Antivirus, an enhanced version of MSE.

Edited by Aura, 18 November 2015 - 07:27 PM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 herbman

herbman

  • Members
  • 416 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 18 November 2015 - 10:40 PM

Most likely because AdwCleaner and Malwarebytes have PUP detections, while Microsoft Security Essentials doesn't. Also, it is a known fact as well that MSE detection ratio isn't the best there is. Microsoft is leaving this to Antivirus companies and even shared intel with them to help them improve their products.

It's also AdwCleaner, not AdwareCleaner. Starting in Windows 8, Windows Defender is the default Antivirus, an enhanced version of MSE.

 

 

Yeah i have heard that myself but when asked on multiple forums the reasons why it is considered more advanced and effective nobody has an answer .  Some details on why this is supposedly more advanced would be very helpful.



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:32 PM

Posted 19 November 2015 - 06:19 AM

Because it's directly integrated in the Windows system, which means that it have more control over it and can react appropriately. Other Antivirus will "cover" Windows by surrounding it with a layer, while Windows Defender is part of Windows.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users