The security measures in Windows 10 S security are being questioned

By: Costea Lestoc
3 minute read

Security has always been a very important element when it comes to Microsoft and their Windows operating system. That being said, the tech giant has come out with an improved version of Windows 10 it calls Windows 10 S. Windows 10 S is claimed to be superior to the original in terms of security and for that reason, has drawn a lot of people in already.

One thing that needs to be said about Windows 10 S is that it doesn’t really like applications that don’t come directly from Microsoft’s Windows Store. What that means is that it will try and block all app installations if they come from other sources. It doesn’t even matter if they are native Win32 applications of if they were made for the UWP.

Microsoft is blocking access to important tools

Those thinking about using this version should also know that Microsoft is blocking access to some pretty important tools such as PowerShell, command prompt, and even the Linux subsystem. On top of that, some of the power user tools featured in Windows 10 are also unable to function.

What this all means is that Windows 10 S is a lot more limited in comparison with the original Windows 10. According to Microsoft, though, that’s what needs to be done for extra protection. It’s true that while all these features are disabled, the operating system is indeed a lot safer.

Security failure and the Desktop App Bridge dilemma

Even though all these harsh security measures do quite a bit to improve the overall security of Windows 10 S, it’s still not a flawless OS. In fact, it comes with one big loophole in terms of security, making the rest of its endeavors borderline useless: Microsoft is denying itself a completely secure OS through a feature they call Desktop App Bridge. What this feature does is it lets developers bring Win32 applications into the Windows Store. Obviously, this throws all the extra security previously obtained right out the door.

Testing the issues

Matthew Hickey from ZDNET went through a 3-hour long investigation in which he managed to get past Microsoft’s newly implemented defenses through a macro-based word file. The fact that this was possible shows that there is a big hole in the security-focused philosophy behind Windows 10 S. Here’s the detailed report on Hickey’s achievement as described by ZDNET:

“Hickey created a malicious, macro-based Word document on his own computer that when opened would allow him to carry out a reflective DLL injection attack, allowing him to bypass the app store restrictions by injecting code into an existing, authorized process.

In this case, Word was opened with administrative privileges through Windows’ Task Manager, a straightforward process given the offline user account by default has administrative privileges. (Hickey said that process could also be automated with a larger, more detailed macro, if he had more time.)”

RELATED STORIES TO CHECK OUT:

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patended Technologies (requires upgrade).

Discussions

Next up

Best Windows 10 antivirus software to use in 2018

By: Radu Tyrsina
7 minute read

Update – 2018 will soon come to an end and we already have a guide on what is the best antivirus you should get in […]

Continue Reading

These features are out for good with Windows 10 version 1809

iamsovy@gmail.com' By: Sovan Mandal
2 minute read

Microsoft is all set to launch its next big update, Windows 10 version 1809 in October. While that should be a nice piece of news […]

Continue Reading

Windows 10 18H2 builds no longer receive new features

By: Matthew Adams
3 minute read

The Windows 10 October 2018 Update (otherwise 18H2) rollout might now be two to three weeks away. For the last few months, new build previews […]

Continue Reading