At the Ruxcon IT security event in Australia over the weekend, James Forshaw (Google’s Project Zero hacker team.) displayed in a presentation dubbed “Two Steps Forward, One Step Back”.
He highlighted how there are now more ways for hackers to attack Windows 10 thanks to the increased numbers of services and drivers that can provide an attack vector across the OS.
The presentation highlighted how Microsoft has improved its security, by reducing the number of services that start at boot-up, reducing the threat there.
He also pointed out that user accounts are no longer security related, but just a rather poor attempt at making the PC family friendly.
There’s also the issue that few Windows 10 fixes will roll back to Windows 8 or older, meaning hackers will focus on those, making Windows 10 a more urgent upgrade if it proves harder to hack.
The presentation has lots of details about the weaknesses and strengths of Windows 10, with a demo of one current exploit that he is waiting for Microsoft to patch.
His key points for future fixes include: Privacy options, Control Flow Guard, Culmulative Updates and cross-signed drivers.
How much extra security have you added on top of Windows default features, and do you feel safer with the new OS?
source : window10update