Key things to consider before you switch to Windows 10

Microsoft has launched Windows 10, here are some things to consider before you jump on the update bandwagon

Microsoft has started pushing Windows 10 updates, as the newest operating system officially launched last month.

However, the latest and greatest might not be the best fit for some organizations, and there are things that need to be taken into account before an update is rolled out across the enterprise.

Forrester Research believes Windows 10 will become the enterprise standard that Windows 8 did not, and it will help Microsoft retain its leading position in PC computing.

"However, Microsoft will face a long road ahead to gain Windows share in mobile," writes analyst Frank Gillett in research on the new OS.

"While it will win a growing share of enterprise tablet purchases, the plans for Windows 10 don't show enough potential to create a differentiated mobile experience that will draw developers and customers away from iOS and Android."

Following on Forrester's report, CSO spoke to several experts to get their opinions on Windows 10 and their thoughts on the key considerations that need to be made before an update is installed at home or in the office.

Updates for the sake of updates shouldn't be the only reason to make the switch. In fact, while updating is always a good idea from a security point of view, said Braden Russell, SVP product development and engineering at Cylance, the timing of these changes are an important business decision.

According to IT solutions provider Softchoice, only 2 percent of the 400,000 PCs Softchoice analyzed adopted Windows 8 while 83 percent are still operating on Windows 7 and another 15 percent are still operating on Windows XP, despite it no longer being supported by Microsoft.

"If you’re still running Windows XP, upgrade immediately. If you’re on Windows 7 or Windows 8, upgrade as you can," Russell said.

"Windows 10 should be more secure than any prior version of Windows, but it is still susceptible to malicious software and user mistakes. You’ll need next generation anti-malware protection to prevent infection, and a good security training program for end users to make them aware of the security impact of their decisions."

Compounding this issue is the fact that Windows 10 is backwards compatible, a Norton spokesperson commented via email. This is a popular feature that allows older legitimate software to continue to run.

"This means that older applications, which can contain vulnerabilities that criminals can exploit, and previously installed malware will continue run on Windows 10. [So the Windows] attack surface continues to grow with each new release, even with the addition of enhanced security features."

Ryan Smith, Vice President & Chief Architect, Optiv Security:

"Windows 10 represents a shift in Microsoft's strategy. For years, Microsoft has been releasing patches on the second Tuesday of every month and has even gotten others such as Adobe to adopt a similar patch distribution strategy. With Windows 10, they're changing the cycles and it’s going to have a huge impact across the Windows ecosystem.

"Once Microsoft releases a patch, attackers can reverse engineer that patch to see what has changed and create an exploit for the fixed vulnerabilities. Attackers can create exploits for those vulnerabilities within days. Many businesses will choose to configure Windows 10 to update as they have in the past. A sort of, if it isn’t broken don’t fix it mentality.

"The difference is, when Microsoft released their patches in a standard release cycle everyone got those patches immediately and businesses knew how long they would forgo those patches for the sake of stability. If the business' standard operating procedure is to patch on the third Tuesday of the month, then they knew they'd be exposed for a week. Now, if they use those same guidelines they'll be potentially exposed for an entire month. With the new patching controls, a business is best served if they rethink their patch deployment strategy. "

Brian O’Hara, Senior Security Consultant, Rook Security:

"I work primarily in banking where things tend to change very slowly as it is a predominantly risk averse industry. Microsoft has muddled the waters more than once by changing their public-facing comments about how updates will work, so I am still reluctant to say what I think will happen as they may yet change their minds again.

"I have worked with a virtual machine preview of Windows 10 and like it very much. But again, in the financial world where we just got rid of expired XP machines last year, I think the transition will be and should be a very slow one. The model of a compact kernel with applications stacked on top is a great idea but we will have to wait and see how it looks once it is officially revealed to the world.

"In the meantime, I am asking clients to test Windows 10 and get a feel of how it may or may not fit, as well as checking with vendors to see if they are yet testing their apps. But I am certainly not telling them they should be moving forward until we have a lot more proof that this is not going to be another Windows Vista."

Morey Haber, Vice President of Technology, BeyondTrust:

Microsoft Edge:

"If you have not heard, Internet Explorer has been replaced by Microsoft Edge. This new browser has a brand new look and an enhanced rendering engine that is designed to have a much safer browsing experience. To that end, I am nearly certain it will have all sorts of compatibility issues with legacy web applications and plugins.

"For example, Microsoft Edge will no longer support Active X controls. Like every browser before it, and all the flavors on the market, operations teams will have to test for Microsoft Edge compatibility before the Windows 10 rollout unless they plan to use an alternate browser. For many, Google Chrome has already shown how complex this problem can be with the drop support for NPAPI plugins."

Mobile Devices:

"Windows 10 is built around a unity model to allow sharing of apps, settings, and status between desktops, laptops, and Windows 10 mobile phones. While this takes a simple queue from the Apple playbook, there are some cautions around these new features businesses may not be ready for. Windows 10 does an exceptional job interfacing with Xbox One, Cortana, and other Windows devices. Businesses need to consider that users may take their Windows 10 device home and interact with any of these home and verbal usability assistants.

"This is more growth in the Internet of Things into the business OS. I would encourage businesses to explicitly turn these features off unless they are comfortable with a corporate laptop interacting with the home Xbox One system. It represents another attack surface that I believe most businesses are just not ready for. Besides, they will share the same Wi-Fi network and built in network discovery in Windows 10 will identify it out of the box."

Join the CSO newsletter!

Error: Please check your email address.

More about AppleBeyondTrustCSOForrester ResearchGoogleMicrosoftNortonTechnologyXbox

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Steve Ragan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place