Windows merge: so what about security, after all?

As a security vendor, we at Kaspersky Lab have to foresee possible problems stemming from essentially good things. Serious transformations in the software market bring both new advantages, but also new problems and challenges, to which we need to pay attention.

As security vendors, we at Kaspersky Lab have to keep in mind any possible future threats and understand from where they may come. Some seemingly good things may (or may not) have some darker ramifications, which must also be appropriately addressed.

Reflecting on previous Windows merge posts, we feel as though we may have painted a rather bleak and, perhaps, unfair, picture of Microsoft’s very important and, in general, rather positive upcoming move. In reality, there may be negative implications and threats that will arise, but this does not make this platform’s merge something “wrong”.

Convergence is a long running and very old process, which isn’t going to stop any time soon. Earlier this year there was news that a number of PC hardware vendors announced they would soon release PCs with both Android and Windows 8.1 on board. A hybrid laptop, Asus Transformer Book Duet, was showcased at CES 2014 and did indeed combine two OSes on the same device. Evidently, there is even a reasonable business interest from the hardware vendors to bring absolutely “alien” platforms together, even if it potentially means mutual multiplication of existing security issues existing on Windows and Android.

Returning to the Windows merge, does it mean that security is due to deteriorate when a new consolidated version arrives? Not likely. In fact, there is little reason to expect that things will be any “darker” than they are currently.

Historically, Windows had been the most malware-targeted PC operating system. The main reason for this was that it became the most popular and utilized. However, it was also very vulnerable and, undoubtedly, Microsoft was heavily criticized for this. Consequently, it made a lot of Herculean efforts to increase security.

At one point, security measures in Windows Vista had been criticized again, this time for being “paranoid”. Still, User Account Control system, which demands explicit user’s consent for any important actions, survives even though its Windows 7 and Windows 8 versions are considered “more relaxed” (less security prompts). Users adjust to security measure, preferring to perform a couple of extra mouse clicks rather than getting ZeuS’ed.

Is there a reason to think that the security of future Windows – the same one for all screen sizes – will be any worse than now? Absolutely not. As is evidenced here, every launch of a new Windows version had been accompanied by a lot of pessimism and banshee-like wails. With the introduction of something as novel as the future Windows PC, tablets and smartphones all at the same time, certainly the skepticism will grow exponentially.

There is no indication that security will go down on Microsoft’s priority lists. On the contrary, it is logical to presume that Microsoft’s programmers learned the lessons from their own operating system’s past (with Windows’ multiple vulnerabilities allowing for world-wide malware pandemics), and the others’ mistakes (such as Android’s current malware problem). With this knowledge, they will bring forth a more reliable OS than ever.

Ultimately, the software is written by people and people make mistakes. Even with the most robust code, mistakes can occur. Since Windows is still among the most malware-targeted PC operating system, malware authors will surely continue to search hard for any new vulnerabilities. This means that both private and corporate users of the future Windows will still have to think how to protect themselves.