Researchers find flaws fixed only in Windows 8, but left unpatched in Windows 7
Two security researchers demonstrated at a recent conference that some of the flaws that have been found in Windows 7 and Windows 8 have only been fixed in the latter, with many believing that Microsoft is leaving the world's number one operating system vulnerable to attacks on purpose.Researcher Moti Joseph, who previously worked for Websense, and malware analyst Marion Marschalek presented a new tool called DiffRay that can scan Windows libraries and compare security vulnerabilities that might exist in Windows 7 and Windows 8.
After scanning a total of 900 libraries with the aforementioned app at the Troopers14 conference, researchers found four security improvements that are only part of Windows 8, but not included in Windows 7, The Register reveals.
The question, however, is why is this happening? While Microsoft hasn't yet issued an official comment on this, some people pointed to the obvious: the company wants everyone to make the move to Windows 8, so it's no longer investing in Windows 7 security, while also making it vulnerable on purpose to make sure that everyone knows that its modern platform is a lot safer.
Microsoft itself has said that Windows 8 is six time more secure than Windows 7 thanks to the new technologies that it features, but nobody knew that Redmond might actually contribute to these statistics by fixing only a number of flaws in Windows 7.
The security researchers who find this, however, claim that it's all just a matter of money, as Microsoft no longer wants to invest in the security system of older software since it already has a newer platform on the market.
“Why is it that Microsoft inserted a safe function into Windows 8 [but not] Windows 7? The answer is money - Microsoft does not want to waste development time on older operating systems ... and they want people to move to higher operating systems,” Joseph explained during the presentation
If Windows 7 is indeed left unpatched on purpose, this means that hackers might easily find zero-day vulnerabilities in the operating system that could then be exploited to access user data and get control of the exposed computer.
“If we get one zero-day from this project, it's worth it,” Joseph continued, adding that it was “scary simple” and very fast to find vulnerability with the application they developed.
Microsoft hasn't yet issued a statement on this, but we've reached out to the company and we’ll update the article when and if we get an answer.