Windows 8 'doesn't move the needle' on security: Symantec

Plans to issue several 'Modern' apps in October

Symantec said Windows 8 "doesn't move the needle much" on security as it rolled out new versions of its antivirus software and promised to provide users with several so-called "Modern" apps for the new operating system.

On Wednesday, the security developer released new versions of its consumer titles Norton AntiVirus, Norton Internet Security and Norton 360.

The new programs are optimized for Windows 8's traditional desktop environment -- the side of the new OS that looks much like Windows 7 -- said Gerry Egan, senior director, product management, in an interview. When Windows 8 ships in late October, Symantec will offer a trio of apps specific for the tile-based user interface (UI) once known as "Metro" and now often referred to as "Modern."

Those apps, which have not yet been given final names, will include one that connects to Symantec's cloud-based back-end management system to give users a view into the security health of Windows and the hardware; another that uses the company's "whitelist" technology to sniff out suspicious data and files, including corrupted Modern apps; and a third that uses Internet Explorer 10's (IE10) engine inside a customized browser that Egan said will let customers "surf online securely."

The Modern apps will hit the Windows Store -- Microsoft's regulated app store for Windows 8 and Windows RT software -- on or just after the Oct. 26 debut of the operating system upgrade.

Initially, said Egan, those apps will be available free to everyone, hinting that at some point they could be restricted to customers who had purchased the traditional Norton desktop security software and had an up-to-date subscription to Symantec's services.

"It's a way to explore [the new UI], and introduce customers to our presence there," said Egan of Symantec's move into Modern.

"But we need to see where that [malware] flows, what the problems are for our customers, before we do more [on Modern]," Egan continued. "What we do will depend on the attack surfaces in Windows RT and Windows 8. Microsoft has laid down some very stringent guidelines on what's allowable [on Modern], which also ties our hands. So if there is more to do in the future, we may not be able to because it would infringe those guidelines."

Egan was mostly referring to policies set by Microsoft that "sandbox," or isolate, apps from each other and from the traditional desktop in Windows 8 to provide a more secure environment.

Microsoft is relying on sandboxing, as well as the curated Windows Store -- it reviews each app prior to approval, looking for everything from malware to undisclosed rights -- to secure the tiled side of Windows 8, and all of Windows RT, the touch-first, tablet-oriented spin-off.

Not surprisingly, Egan didn't think much of Microsoft's security moves in Windows 8 as he set up several "myths" about the new OS only to then knock each down.

"We're just not seeing any significant improvements in Windows 8 security ... it doesn't move the needle much," Egan said, ticking off everything from the new Secure Boot feature to a beefed-up Smart Screen anti-malware filter.

"It's partially true that Windows 8 is more secure," said Egan, pointing to the concept of the Windows Store and its approved apps. "But underneath is a traditional Windows-Intel desktop, which is backward compatible with both the good code and the bad."

Much of Egan's disparagement of Windows 8's security can be traced to Windows 8's bundling of Windows Defender, an old name for a heavily reworked product.

In Windows 8, Windows Defender combines characteristics of both the earlier anti-spyware program of the same name, and the free Security Essentials, the antivirus program that previously was offered as a separate download.

Windows Defender serves as the operating system's default protection against malware, and will switch itself off only if it detects an active third-party antivirus program that's receiving signature updates.

Although Security Essentials has stirred third-party antivirus vendors in the past to complain that Microsoft wasn't playing fair, the move to bundle Defender with Windows 8 hasn't prodded them to go public with similar beefs.

Egan argued that Symantec's software does a better job of protecting users than Windows Defender. "We believe we add so much more value over and above [Defender]," he said.

But John Pescatore, a Gartner analyst, said Symantec has bigger problems than Windows Defender.

"They're all going after a shrinking pool of machines," said Pescatore of stalled PC sales as smartphones and tablets consume discretionary dollars. "The percentage of devices running Windows is dropping. And there are more players going after that shrinking pool."

Symantec may play up the Windows 8 angle for its new titles, but the truth, said Pescatore, is that Microsoft's decision to mimic Apple and Google by offering an app store means traditional antivirus vendors have an unclear future.

"There's never been a market for security software on iOS," Pescatore observed. "So if Microsoft pushes the whitelist idea of an app store, there's less and less need for the [antivirus] commodity."

Egan's complaint that the hooks into the boot process -- dubbed "Early Load Anti-malware Driver," or ELAM -- doesn't allow software makers to deploy their full set of weapons is actually a good thing, Pescatore argued.

"It's better that the [Windows 8] platform doesn't let security software's root kits work, because that means it also cripples the bad guys' root kits," Pescatore said.

The 2013 editions of Norton AntiVirus, Norton Internet Security and Norton 360 are available at retail stores and from Symantec's online store. Norton AntiVirus costs $39.99 for a one-year license for a single PC; Norton Internet Security runs $79.99 for one year of protection for up to three Windows machines; and Norton 360 costs $89.99 for a three-PC, one-year.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is

See more by Gregg Keizer on

Read more about application security in Computerworld's Application Security Topic Center.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Gregg Keizer

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place