September 14, 2012

Windows 8 Store: Is it Secure?


Yes, this is the most secure version of the Windows Store ever. Sure, it’s also the first version of the Windows Store, but Microsoft knows that the basic mechanics of the Windows Store are able to provide a very high level of safety for users. You may love it or hate it, but with the Win8Store concept, Microsoft is following in Apple’s highly successful footsteps with its iTunes App Store.

The core idea with the Windows Store is that every application that’s submitted to the store will be approved by Microsoft and required to meet security and privacy standards. Microsoft has spelled out some of these standards already, and they look like a good start for protecting users’ data and privacy. A few examples:

  • require developers to follow specific user-privacy requirements
  • protect users from unintentional data transfers
  • launch in 5 sec or less etc  – full list of requirements can be found here

The main idea is to minimize the number of apps that contain hidden malware or undocumented functionality that could harm users’ privacy or collect data without their knowledge. Just as Apple has done with the iTunes App Store, the Windows Store uses a system of digital signatures that ensure the system knows which apps are installed on your PC and, more importantly, its key characteristics. When any app is modified by malware the code and signature of that app are changed, so Windows will block that compromised app from running and download a clean version from the Store. This is a nice security feature, but it doesn’t mean that you are 100% protected.

First of all, cybercriminals always try to evade security tools, whether it’s antivirus or a digital signature. And it is possible that they will find a way to bypass this one sooner or later. One method could be by hacking developers’ accounts and providing the Store with modified app code. Attacks and security tools are not static, they are constantly changing and evolving, as is the battle between attackers and defenders. We do our best to win. But so do the criminals.