Microsoft continues to roll out Windows 10 in waves, beginning with the Windows Home edition. Security expert Sean Sullivan warns that out of the box, the Home edition includes numerous ties to cloud services that could be abused by attackers. Such services range from "find my device" features, to collaborative document editing, to location-based services (see Windows 10: Security, Privacy Questions).
"I know there's going to be a lot of small businesses out there that are kind of running not Pro, but they're running Windows Home editions, if it's like a five-person business, and they're upgrading to [Windows] 10, and it goes to all the home-user defaults, they're wired up to the cloud," Sullivan says (see Is Apple iCloud Safe?).
Other Windows 10 moves include an attempt to offer more human-language types of error messages, although Sullivan warns that in such cases, less does not necessarily mean more, as one of his colleagues discovered when his attempt to install Windows 10 on a Windows 7 machine aborted, displaying the dreaded "blue screen of death," which reported only that "something happened."
"I think their user experience team trying to make the language more human has kind of made it too vague," Sullivan says. "Seriously, give me something I can search for and hit some technical page if I need to, or at least a link to see behind the scenes, what that means."
Evolution of Windows BSOD screens: from unhelpful to even worse. pic.twitter.com/FX7GJJV9cWï¿½ Merijn (@mrbellek) August 5, 2015
In this interview with Information Security Media Group, Sullivan - a longtime Windows as well as Windows Phone user - also details:
- The brave new world of cloud services being tethered - and tied in - to the Windows 10 operating system;
- Denial of service risks posed by tying together multiple devices and services with a single email address;
- Potential threats posed by new Windows features, including Home edition machines used in the enterprise.
Sullivan is a security advisor at Helsinki, Finland-based security firm F-Secure.