Windows 10 S is here and it’s running on the new Microsoft Surface laptop. Microsoft claims that installing ransomware on Windows 10 S is much less likely because of its app store lockdown. The new operating system will not run apps that were not downloaded from the Microsoft app store and those apps are vigorously vetted. So this is why Microsoft says you should be safer from ransomware, malware, and viruses. The folks over at ZDNet wanted to test this claim for themselves so they hired a hacker to try and install some ransomware. He claimed success in just three hours.
“I’m honestly surprised it was this easy,” he said in a call after his attack. “When I looked at the branding and the marketing for the new operating system, I thought they had further enhanced it. I would’ve wanted more restrictions on trying to run privileged processes instead of it being such a short process.”
But one common attack point exists. Hickey was able to exploit how Microsoft Word, available to download from the Windows app store, handles and processes macros. These typically small script-based programs are designed to automate tasks but are also commonly used by malware writers.
According to ZDNet, the process of hacking Windows 10 S was harder than expected and Microsoft does have more security layers here than in Windows 10. This exercise was indeed interesting and informative. Still, it goes to show that no operating system is ever going to be perfect or bulletproof and I guess Microsoft didn’t actually say it could never get ransomware. Head over to ZDNet to read the full results and write up. Microsoft did respond to ZDNet’s testing saying:
“In early June we stated that Windows 10 S was not vulnerable to any known ransomware, and based on the information we received from ZDNet that statement holds true,” said a spokesperson. “We recognize that new attacks and malware emerge continually, which is why [we] are committed to monitoring the threat landscape and working with responsible researchers to ensure that Windows 10 continues to provide the most secure experience possible for our customers.”