by Andy Patrizio
Microsoft is preparing to launch Windows 8 and its companion Windows Store for later this month, which will have a broad swath of applications for desktop and tablet users alike, with one exception.
|“There will continue
to be a need for
security in new
and different forms.”
The Security section in the Windows RT store has no security software. Familiar faces like Symantec, McAfee, Kaspersky and Trend Micro are notably absent. All you get is a few apps that use the Win RT framework, like password generators, management tools, and AES encryption tools.
The reason is, Microsoft hopes, you won’t need it. The x86 version of Windows 8 will allow users to install applications from both the Windows Store as well as downloading installable packages from other locations – even then, Microsoft’s extreme new security measures may shy computer novitiates away from any non-Store software.
But Windows RT will only allow for apps installed from the Windows Store, and Microsoft believes it can keep its walled garden from being scaled.
“The role of third party security software will initially be different on WOA (Windows on ARM) or Win RT platforms. Microsoft claims that a traditional anti-virus approach will not be needed on this platform and, while the jury is still out on that one, one thing is certain, there will continue to be a need for security in new and different forms,” said Gerry Egan, senior director of product management with Norton.
Microsoft itself declined to comment.
Kaspersky Lab has stated its plans to wait and see. “Kaspersky Lab’s priority is protecting users, first and foremost, so we will be watching the roll-out of Windows RT and will evaluate whether or not their user-base requires a specially-designed offering from Kaspersky to stay safe and secure. We’re not ruling anything out,” said a spokesperson for the company.
On paper it would seem the WOA platform should be safer from malware. Any malicious x86 code will break even if it does get onto the platform since those tablets will be ARM-based. The only way in is through Microsoft’s walled garden and only Microsoft, at this point, has the compilers.
So in theory, it is locked down. Microsoft approached Windows RT in many ways the same way Apple did with iOS, said Wes Miller, research vice president at Directions on Microsoft.
“If you want the open architecture, you have Mac OS. If you wanted the closed, secure device, you had iOS. Microsoft is doing the same here. If you want the open legacy architecture, that’s Windows 8. If you want the sealed, appliance-like experience, that will be RT,” he said.
The Windows RT platform is designed with sandboxing in mind, similar to iOS, so user mode apps can’t do a lot unless you jailbreak the OS. Sandboxed apps on RT are in the same space, said Miller. They are very constrained as to what you could do.
So can Microsoft give us a secure environment where we no longer need all this security software just to operate? Miller said the opportunity comes down to a couple of things: How exploitable the surface area is, who has access to compilers, and how tightly locked down the Windows RT framework is.
Windows 8 ships on October 26th. Will the walled garden of Windows RT be high enough to keep malware out?