The good news?
Did you all hear the interesting news? During the last Microsoft’s Build developer conference (see https://build.microsoft.com/ ) Microsoft announced the latest tools and technologies and how they can help today’s developers be their most creative and productive. Besides a spectacular improved ‘Cortana’, an innovative HoloLens and a new update of Visual Studio, one specific fact came to us as an interesting surprise. Ubuntu is coming to Windows 10!
Actually it came from a secret project setup by Microsoft and Canonical and it was unveiled at Kevin Gallo’s opening keynote speech during the conference in March. (see https://blogs.windows.com/buildingapps/2016/03/30/windows-10-anniversary-sdk-is-bringing-exciting-opportunities-to-developers/ ) But the good news also has some security implications?
Attracting more developers and … cybercriminals
We are very enthusiastic about it. Isn’t this what a lot of technical people are all waiting for? I really appreciate the convergence of the systems. As people are messing around with Cygwin (Linux-like environment making it possible to port software running on Linux, BSD, and Unix systems to Windows: https://www.cygwin.com/) for so many years now, it could be the reason to upgrade to Windows 10. Actually it will possibly attract even more people to the OS. And it will be very easy to use. You only need to download the Bash App, type ‘bash’ which is opening a command console and there you go. You have full access to the Ubuntu user space with hundreds of commands and with thousands of binary packages available. And this isn’t a virtual machine. It seems to be the real thing! However by attracting even more developers to the system the risk will be that even more cybercriminals will have a look at Windows 10 and explore the possibilities and possible insecurities which is a challenge for the inherent security.
Opening the system more?
As Microsoft has integrated an enormous amount of security features into Windows 10 I’m pretty sure the implementation of running Ubuntu will be done in a very safe and optimal way. By attracting a lot of developers and opening (part of) the Windows system to lots of new people, programs and scripts, it looks that Microsoft is doing exactly the opposite of what Apple is doing. At least with iOS Apple is using the close-system approach to protect that OS from malware and other threats. By integrating Ubuntu in an easy way Microsoft is opening the gates to open source development. This is a serious endorsement by Microsoft on the importance of open source to developers. Indeed, what a fantastic opportunity to combine the world of free and open source technology directly into any Windows 10 desktop. And what a wonderful vector into learning and using more Ubuntu and Linux in public clouds like Azure. (see http://www.microsoft.com/azure ) The question remains and the future will tell: could this not lead to the increase of scripting malware that is currently only prevalent in the world of Unix based servers. Threats might migrate from the almost completely neglected field of consumer PCs. We might even see malware that we haven’t seen before? The more open a system is, the more it will be used. The more it will be used, the more it will be attacked. We have seen this many times in the past.
Scripting and more attack vectors
If you’re an analyst or programmer you possibly loved the ability to use commands in a script format. Lots of developers like it. Unfortunately lots of cybercriminals seems to love it as well. At G DATA we already seeing an increase in script based malware. And we saw script based malware for all flavors of Windows: DOS-scripts, WSH-scripts, PowerShell. The new frameworks have all been adopted and abused in the past in all Windows versions. Now Windows is opening up to Bash and all its fancy and powerful command-line tools. This is a great opportunity for all developers but also for malware developers. A good example is ‘gpg’ (a known encryption tool) which is onboard and could be abused by ransomware. The ransomware CryptVault used to download gpg.exe. That would not be necessary anymore. ‘Curl’ and ‘wget’ (transfer tools) could be misused by Trojan-Downloaders as well. The same applies to Python, Perl and Ruby. It looks like it will become part of the OS. The whole world of Linux script malware is then open to the Windows world. (cf. http://blog.dustinkirkland.com/2016/03/ubuntu-on-windows.html?m=1 for a list of envisioned tools and frameworks). Of course this only works if you installed ‘Bash’ but what if other malware downloaded it already in the background.
Learning about the security issues
Looking at all the points we’ve seen here, Ubuntu on Windows 10 will be a nice new ‘feature’ for everyone, ranging from developers to hobbyists. It will give us a lot of opportunities and will attract a lot of new users from different platforms but it definitely also increases the attack surface. We don’t have to worry already as Microsoft and Canonical probably did very well with the implementation. The only point we want to make here, is that we (the security industry, researchers and developers) and especially Microsoft needs to think about the defense strategies and prevention as some security risks are always there when new improvements and implementations are being made to a new system. Microsoft has build up his security reputation quite well the past years. We’d highly appreciate and are looking forward to learn how Microsoft will address these security issues.
Reactions or comments ???
If you want to react or comment on this article please read the original which is published on LinkedIn here:
https://www.linkedin.com/pulse/ubuntu-windows-10-good-bad-eddy-willems