Hmmm, who’d have thought! One of the bigger changes that has been implemented in Windows 10 Anniversary Update is the addition of a Linux subsystem.
A feature that basically allows users to run Linux applications on top of Microsoft’s OS.
Now, while this implementation comes very handy for developers, it does create additional risks for the operating system when it comes to security. This is, according to Alex Ionescu, the chief architect at Crowdstrike, a security firm.
And that is because Redmond has, in order to improve the performance of the Linux subsystem on Windows 10, offered direct access to raw hardware.
Simply put, Linux applications are not launched in a Hyper-V container that can isolate processes and any threats that might come with it. Linux having full system access this way is certainly a double-edged sword that might play into the hands of hackers that can inject malicious code into a Linux application.
Plus, since Linux software has access to the same files and folders that Windows does, a successful attack can potentially wreak havoc on a system.
As explained by Ionescu:
“In some case, the Linux environment running in Windows is less secure because of compatibility issues. There are a number of ways that Windows applications could inject code, modify memory and add new threats to a Linux application running on Windows.”
Luckily, the Linux subsystem is not activated by default in the Windows 10 Anniversary Update, and one can hope that users that manually install the necessary packages take care to keep their system secure.
For its part, Microsoft will deliver its own updates on Patch Tuesday, since it is now using an Ubuntu Linux kernel, but its own custom software.
In fact, the security expert has claimed that his company has already identified and reported several security issues in the way Linux is implemented in Windows 10, and Microsoft fixed many of them before the AU debuted.
But the risk of new vulnerabilities does remain.
source:windows10update
