5 Windows 8 Vulnerabilities We Should All Know About

1. Picture Passwords Are Easily Cracked

Windows 8 has introduced a new picture based authentication process. The way it works is that you draw 3 points on an image of your choice to log in; similar to Android’s swipe lock screen. This was supposed to be a significant improvement over Android’s version because it supports 3 random points chosen by the user. However due to human nature, we tend to choose points of an image that stand out thus making it easier for someone to guess our ‘picture password’ versus guessing a text based password. According to a study presented by Arizona State University and Delaware State University researchers say we tend to choose eyes, nose, lips or other notable features such as edges and corners depending on the photograph. This facet of human nature potentially increases the risk of hacking picture based passwords. So be careful when choosing your points!

2. Old Windows Viruses Can Affect Windows 8

The amount of users running Windows 8 is still relatively small compared to previous generations, so one would assume that it is less of a target for hackers right?.. Wrong! Recently it was found that Viruses that were designed and built to exploit Windows 7 vulnerabilities also worked on Windows 8 without any alteration. So has Microsoft simply put a new GUI on Windows 7 and thrown it out to us with all all the flaws and bugs simply inherited? There have been a tremendous amount of Windows viruses floating around from the Windows XP days and potentially, all of these could affect a Windows 8 system. We would hope that viruses made for versions of Windows prior to XP would not work on Windows 8; we would prefer not to be the ones to test that statement. Better be safe than sorry and keep your antivirus up to date.

3. Security Chip Built Into Windows 8 PCs Can Be Hacked

TPM 2.0 otherwise known as Trusted Platform Module is a small chip that comes as standard with some Windows 8 PCs. It has the ability to take over and interact with certain groups of security applications and hardware. According to the German Government Technology Agency the chip itself was designed to increase security but they said it can lead to an even more accessible system if it became compromised. They didn’t give any details as to how – as that information becoming public knowledge could be potentially dangerous. So watch out. Hackers are smart, very smart and are bound to find out a way to breach this security system pretty soon! However TPM can be disabled if a user wishes but this should only be done if you’re an advanced user that understands and accepts the risks.

4. Websites That Targets Internet Explorer Users

A couple of months back there were reports of malicious attacks affecting Window’s users of Internet Explorer. Hackers crafted fishing websites specifically designed to allow the hacker access to your computer if you viewed the web page specifically with Internet Explorer. They could gain the same user privileges as the account you were on when you viewed the page. Users who had restricted privileges were less affected. Sites like this crop up every now and then with the goal of luring a user to view them, and once they’re there, you’re caught. That’s why in the internet community they’re called Phishing sites. So ensure your computer is always up to date or try using an alternate browser which may be a bit more secure. Google Chrome & Firefox are examples of alternates that you could potentially use. (We recommend that you research the security flaws in browser when choosing an appropriate one)

5. Don’t Leave Your Laptop Behind

Ever left the room and felt your data was safe simply because you logged out? Think again! With the help of a quick search on Google, anyone can easily bypass your password and gain access to your computer. We are not going to describe how, but know that it is indeed possible with simple a usb stick. One such case involved a malicious user (after following instructions found online) changing the Administrator user’s password! This means that they can access everything. One possible solution is to encrypt your drives with a key different from your user password. Keep in mind that encryption comes with its problems too. If for some reason your encryption fails, gets corrupted or you forget your encryption password, all is pretty much lost!. So again, do your research before you encrypt. We recommend keeping unencrypted backups in a safe place like a fireproof safe!.

My Advice To You

You should always keep your computer updated by leaving ‘automatic updates’ turned on.
Try to keep your antivirus up to date as well to prevent new threats from exploiting your system.
Leave Windows Firewall activated at all times as this protects against hackers accessing your system over the internet.
Always try to create a password that can’t easily be guessed. Make it a combination of letters and numbers and more than 8 characters long.
If you’re looking to go one step further create a second account on your PC with non-administrative rights and use that when browsing the web to limit further risks.
Or, for those so inclined, try out another more secure operating system like OSX, Linux, Chrome.

Good luck!.

James O’Reilly

Image Sources

Anonymous

Four of these things haven’t changed at all, it’s still windows. That last one, on the other hand, never changes either..
- strongwhispers
  
  Agreed. But one would hope that Microsoft would do the right thing and at least patch these vulnerabilities between releases. It’s really a wait an see what happens game rather than being proactive. Either that, or hackers are far smarter than the developers at Microsoft 🙂
  - buddahmusic
    
    Also a few of the points you noted, arent exactly microsofts fault. Many viruses are built and work just like normal software programs you use everyday, and can be installed in the same way they are too. If a user willfully downloads a trojan (believing it to be some other non-malicious program) and installs it, (i.e. going through all prompts clicking ‘ok,’ ‘yes,’ ‘agree,’ ‘install’) how is microsoft to be expected to prevent this? Short of detracting some control from the user (which, is already a “feature” windows has called UAC) there is not much that can be done except educating users to be more careful etc..
    
    -Sorry for the multiple lengthy comments !
    - strongwhispers
      
      Hey No problem. Feel free to comment as much as you want :-). You make a point. One can easily write a piece of software without needing sophisticated tools or loopholes to be classified as being malicious. Users need to be more vigilant and educated as you mentioned. I guess it’s related to who you blame really and where does the responsibility end. Do you blame the gunsmith for the crime? We do have a post on here about that if you are interested. An interesting take on the topic. If you are interested… http://strongwhispers.com/gunsmith-liable-service-providers-responsibility-end/
      
      On a side note, I find UAC really annoying ;-).
      - Darlene Strand
        
        Interested in learning and reading as much as I can to become a better user on the internet!
    - Darlene Strand
      
      No problem Buddahmusic, your comments are great and informative!
TheGloriousPCGamer

OSX is one of the most insecure OS’s ever made. The lack of viruses is due more towards reluctance of hackers to even think about it than to write and spread the virus or bypass Apple’s “Anti-virus”.
- strongwhispers
  
  Isn’t OSX a Unix based OS which is supposedly a bit more secure?
  - buddahmusic
    
    These days, “Apple hardware” when it comes to computers, doesnt exactly exist per se.. Most if not all of the critical components in their machines (besides the actual motherboard, battery and chassis) are the same Intel CPU’s, same wifi chipsets, ram modules and harddrives that are used in most PCs. The reason that there are less viruses written which target OSX is that a malicious programmer creates a virus with intent of infecting as many targets as possible, and windows being by far the most widely installed OS on computers ingeneral, compatibilty is aimed towards windows more often than not. This is also the reason why you will find much more available software for windows than you will for OSX.
    - strongwhispers
      
      Agreed. I think also, as apple drops its price points (hopefully), and coupled with the ‘second hand’ market, perhaps more people with malicious intent may get their hands on it. Then that will be the real test of how secure it really is. As you say, since the components are not ‘Apple hardware’, vulnerabilities within can probably be targeted more easily. Time will tell I guess.
- strongwhispers
  
  I also thought that the accessibility to the Apple hardware in the early days was limited to the rich. And they were not inclined to write viruses. I’d like to understand why you think it is insecure. Perhaps we can run a story on it.
Darlene Strand

The information on protecting your computer and personal data is interesting and enlightening. I was glad to read this topic and to give a little comment! I haven’t owned yet a Windows 8 set computer I’m still on a little Windows 7. I wasn’t aware there were that much to worry about on Windows 8. Buyer be aware!