Microsoft's Senior Product Manager talks about Windows 8 and its security improvements
Windows 8 is currently advertised as the most secure Windows version to date, as it packs quite a lot of improvements, most of which are supposed to protect users and their data.Of course, the security enhancements available in this new Windows build go well beyond the user interface and include new innovative technology that could block even the newest forms of malware.
To better understand the security upgrades available in Windows 8, but also to get a better overview of what’s next for Windows users, we sat down with Chris Hallum, Senior Product Marketing Manager, Windows, to ask him a few questions about computer security in general, and Windows 8, in particular.
Softpedia: Please introduce yourself to our readers and tell us a bit about your role at Microsoft.
Chris Hallum: Hi, my name is Chris Hallum and I’m Senior Product Manager here in the Windows Client Commercial organization focusing on Windows client security (i.e.: malware resistance, data protection, and identity and access control).
I’ve been with Microsoft for fifteen years and I’ve worked in a number of engineering roles as a Program Manager within the Server and Tools Division (e.g.: Windows Scripting, System Center Operations Manager, Microsoft BitLocker Administration and Monitoring (MBAM)).
In 2011, I transitioned into my current product management role to pursue my passion for Windows client security with expanded scope.
Softpedia: Windows 8 is considered the most secure Windows operating system to date, as it packs quite a lot of improvements in this regard. Since work on the next Windows versions has already started, are there any particular areas you wish to focus on?
Chris Hallum: The response that we’ve received from analysts, press and customers about the security improvements that we delivered in Windows 8 has been nothing short of overwhelming and we’re super excited to see the impact that it’s made (Security Intelligence Report v14).
With that said, our work in the area really never ends as new threats are always emerging, and so we continue to work closely with security industry and customers to make sure we are aware of their feedback.
Softpedia: Windows XP will no longer get updates and security patches as of April 8, 2014, but many people are using it. How do you plan on convincing them that moving to a newer Windows version is so important, especially because an unsupported OS would basically expose their data and make computers vulnerable?
Chris Hallum: After April 8, 2014, Windows XP users will no longer receive new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates.
If you are a business, staying on Windows XP means you don’t realize the inherent cost and productivity savings that come with more modern operating systems.
Last May, IDC found the longer you wait, the pricier supporting Windows XP gets: IT labor costs go up 25 percent in the fourth year of continuing to run Windows XP past deadline, and user productivity suffers as well, with an increased cost of 23 percent.
In the fifth year, IT labor increases by an additional 29 percent, and user productivity costs jump up a staggering 40 percent.
And staying on Windows XP can put your data at risk as well. Any new vulnerabilities discovered in Windows XP after its end of life will not be addressed by Microsoft.
Even antimalware software and other security mitigations become severely disadvantaged and over time and will become increasingly unable to protect the Windows XP platform.
In a recent TwC blog post on Windows XP’s upcoming end of support date, data suggests that the longer an operating system is out of service, the more vulnerable the system is to an attack.
This means that it could be easier for attackers to compromise Windows XP-based systems using exploits for unpatched vulnerabilities.
People using Windows XP are already twice as likely to get infected with malware on their XP machine versus today’s modern operating systems (like Windows 7 and Windows 8) because of enhancements made to the OS over the past 10 years to protect from today’s threat landscape.
The data also shows that when Windows XP SP2 came out of support, the gap of infected systems between Windows XP SP2 and Windows XP SP3 actually widened.
Today, customers still on Windows XP SP2 customers are 50% more likely than Windows XP SP3 customers to get an infection and 3x more likely than Windows 7 or Windows 8 to get infected by malware.
If you are a consumer, you have less than a year to upgrade your computer to Windows 7 or Windows 8; and if you are a business, the migration process can take time, so we recommend you start the process to move off of Windows XP now to ensure you meet the April 8, 2014 deadline.
And if you are a small or medium sized business currently running Windows XP Professional PCs, you can upgrade to Windows 8 Pro and Office Standard 2013 at a 15% discount now through June 30 as part of Microsoft’s Get2Modern offer.
Softpedia: Security companies across the world rushed to certify their software for Windows 8 after the October 2012 release. How important was it to help security vendors optimize their apps for Windows 8?
Chris Hallum: It’s critical. Windows is a great platform that provides a ton of value to customers right out of the box but its full potential can only be realized when third parties build on top of the platform.
When it comes to security, we’ve made sure to include a rich set of programmatic interfaces that will enable third parties to add value in a number of areas like authentication, encryption, and access control just to name a few.
Adoption of these interfaces and lighting up specific scenarios is absolutely critical for security vendors to be able to maximize the customer value of their apps, and the Microsoft Developer and Platform Evangelism Group is chartered to make it happen.
They actively work with ISV’s to help them optimize and exploit the many security opportunities and interfaces in the best possible way.
Softpedia: Is there a need for Modern security apps to run on Windows 8?
Chris Hallum: We definitely expect to see some interesting security applications built as Windows Store Apps continue to grow. However because Windows Store apps are sandboxed and have limited access to the device, system, and data, security applications such as anti-malware, encryption, data leak prevention, etc. will continue to be built as desktop applications.