McAfee spots Windows 8 security risks, sees more threats in 2012

Microsoft’s upcoming flagship operating system Windows 8 may prompt a new wave of attacks targeting hardware, information technology security firm McAfee said in a threat assessment forecast.

 

Some of Windows 8’s security features are tied in to the hardware it is installed into.

 

“Advances in the Windows 8 bootloader security feature have already caused researchers to show how they can be subverted through legacy BIOS; meanwhile, the product has not even been fully released yet,” McAfee said.

 

McAfee added that a cat-and-mouse game between operating system vendors and attackers "is a natural part of the dynamic threat landscape and will never go away."

 

Another incentive for attackers, McAfee said, is to shift their focus to hardware now that Intel’s development of a unified extensible firmware interface, which is meant to enforce secure booting.

 

“We will keenly watch how attackers use these low-level functions for botnet control, perhaps migrating their control functions into graphics processor functions, the BIOS, or the master boot record,” the McAfee report said.

 

It added attackers may soon leverage “new” protocols standards such as IPv6 as network implementations advance along the lines of operating systems.

 

McAfee also warned of attacks on mobile devices, including smartphones and tablets.

 

"Attackers have moved on from simple destructive malware to spyware and malware that maks them money. We’ve seen them exploit vulnerabilities to bypass system protections and gain greater control over mobile devices. In 2012 we expect to see attackers continue what they’ve done and to improve upon their attacks," it said.

 

McAfee also predicted a move toward mobile banking attacks and sees the emergence of a new source of spam.

 

The IT security firm said spam will go "legit," as unsolicited mail will come more from “legitimate” advertising agencies that use techniques heavily derided by the anti-spam community. 

 

"Their efforts result in users’ email addresses getting on advertising lists without their knowledge or consent," McAfee said, adding that these techniques range from blatant purchasing of email address lists that are advertised as offering users who have already consented to receive any advertising. — ELR, GMA News