The introduction of Windows 8 marked an important milestone in more than 30 years of operating system development for US vendor Microsoft. The new operating system boasts a major overhaul in terms of visuals as well as massive changes of the security subsystems that ship with Windows 8.
Bitdefender decided to test Windows 8 to determine how much of the malware that runs on Windows 7 also affects the new operating system. In order to carry the test, Bitdefender used Windows 8 with Windows Defender enabled, booted from a network server. After running a malicious sample and assessing whether the computer had been compromised or not, the system was rebooted to a clean operating system and testing resumes. All samples were run on a clean-installed Windows installation with the default settings ‘On’.
The malicious sample set was built of 380 samples of the most popular 100 families of malware in the past six months, as reported by the Bitdefender Real-Time Virus Reporting System. These samples were hosted on an internal FTP repository and copied to the machine after booting it up. After running the sample in the selected environment, the python script emailed a detailed report with the process differences between the original system and the infected one.
On a machine that had Windows 8 with Windows Defender enabled, only 61 samples were able to infect the PC, while 322 were immediately deleted on copy by Windows Defender. Two other samples that bypassed Windows Defender crashed on execution and were blocked by User Account Control, respectively. However, even when running Windows 8 with the default security software, 61 pieces of malware still managed to subvert the system.
Microsoft may have made huge leaps in improving the overall security of their newest operating system, but one cannot still let ones guard down. When it comes to user-mode malware, in the absence of an effective security solution, Windows 8 makes little difference in terms of safety as compared to Windows 7, feels BitDefender, the makers of BitDefender Internet Security.
