Short Bytes: Accomplished Google hacker James Forshaw thinks that Microsoft has delivered a “good” operating system, but it has failed to ensure the overall user security. He praised it for some improvements and called it the “Two step forward, One step back” moment for Microsoft.
In the past, Microsoft tried to clear the confusion clouds by some explanations that didn’t offer anything concrete. In a recent security conference, renowned Google hacker James Forshaw gave Windows 10 a slight security approval and called it a “Two step forward, One step back” moment for Microsoft.
For those who don’t know, James Forshaw is a security researcher in Google’s Project Team with a specialization in Windows. In the past, he has discovered some major loopholes in Windows and he did it again in his recent presentation.
The Google hacker praised Microsoft for taking some steps to tighten the Windows security but bashed the Windows maker for the increased number of drivers and services. He pointed out that Windows 10 has 291 drivers and 196 system services enabled, which is higher that the previous iterations.
“There are more system services and drivers which means more attack surface,” Forshaw says.
Targetting the Windows 10 user account control, he went on to say that it’s “something you just put there to annoy the user” by displaying prompts to allow or block the apps all the time. This is a feature that is clearly failing to accomplish its mission of protecting its users.
Google hacker James Forshaw hoped that Microsoft will be soon fixing some issues with Windows 10 user account control. He also gave a demo of a token-capturing tool to bypass Windows 10 security mechanisms. This tool will be publicly released after Microsoft issues a patch.
Talking about Windows 10’s Microsoft Edge web browser, he praised it for the improvements. But as a web browser in whole, he called it flawed. “Microsoft could have lead the way and said ‘I refuse to run (Adobe) Flash ever again in my web browser’ but unfortunately they did not take that inspired option,” Forshaw said.
Watch the complete presentation below:
Do agree with the Google hacker James Forshaw? Tell us in the comments.
Get the best IT+Security eLearning courses on fossBytes Deals.