For the second consecutive month, a major news outlet has published a misleading article about the security of Microsoft's latest Windows releases, Windows 8 and Windows RT.
USA Today has published an editorial stating the Windows 8 is susceptible to potentially infected "widely available, consumer smartphone apps" that Windows system administrators need to worry about. The editorial follows an Inc.com article last month that incorrectly stated Surface with Windows RT was vulnerable to traditional Windows viruses.
The editorial, written by Mark Austin, co-founder of Windows privilege management company Avecto, states the app store in Windows 8 and Windows RT could lead to "a whole new set of vulnerabilities" that organizations using Windows haven't had to face before. Part of Austin's argument revolves around the fact that viruses have been distributed to Android users through apps. Austin's editorial fails to mention that these apps are obtained through third-party locations – not the Google Play Store – and require users to change their settings to allow the installation of unsigned apps.
As with the Google Play Store, apps in the Windows Store are reviewed by Microsoft and scanned for viruses prior to being certified; these apps also require a digital signature from Microsoft. As explained in a Building Windows 8 blog post by John Hazen, a Microsoft program manager for its developer experience team, the digital signature prevents fraudulent apps from running on Windows 8 devices.
"Windows uses digital signatures to ensure the integrity of your app all the way from the Store to installation and even when the app is loaded and running on your customer’s computer," Hazen wrote in the blog post. "If Windows detects that the app no longer matches its digital signature, it guides the customer to download a corrected version from the Store."
According to Austin, however, Microsoft could let "malicious applications to slip through the cracks, ultimately infecting a company's entire network," although he gives nothing to support his assertion. Austin also argues that an app being approved by Microsoft for the app store "does not necessarily make it suitable for business use."
Another aspect of Austin's argument is the recent release of a tool that enabled users to pirate paid apps from the Windows Store. That tool also allowed users to sideload unsigned apps to Windows 8 devices but must be performed each time the machine is booted, as the bypass is only temporary.
Again, however, Austin fails to mention that users would have to use a tool to allow the installation of these unsigned apps that could theoretically be infected with a virus – something that's unlikely for most users, especially business users.