Is Microsoft’s Windows App Store Secure Enough?
Heading into the Oct. 26 launch of its new Windows 8 operating system, Microsoft has opened Windows Store, the company’s Windows 8 and Windows RT app store, to developers in 120 countries worldwide.
Microsoft’s model is Apple’s very secure App Store for iPhones and iPads, and to an extent Windows Store replicates Apple’s strict “curated” supervision. But Microsoft may not be going far enough, say some experts.
Windows 8 is the Intel version of the new OS, while a second version, Windows RT, is written for the low-power ARM chip. The Windows RT OS is geared to tablets, and is also a front end for the Web-based productivity suite Office 365 and for Windows Azure, the software giant’s cloud-computing services.
Rob Enderle, principal analyst for the Enderle Group in San Jose, Calif., said that this is the first version of a Windows operating system since Windows NT in 1993 that offers support for more than one family of processors.
There’s already an app store for Windows Phone handsets, but this is first time Microsoft has sold and distributed apps for its desktop-based Windows operating system. Previously, consumers could buy apps only from third-party vendors or developers.
Windows Store is a fully “curated” store, in that Microsoft reviews every app before it’s officially offered. But there’s still a chance a malicious app could get through.
“‘Curated’ means that each of the applications that are on there are tested, but they’re not restricted, and the approval process is instrumented so that developers will know where their app is in the approval process,” Enderle said. “Apple has some hard rules with regard to apps that block developers from doing certain things. Currently, most of those restrictions don’t exist in the Microsoft store, though that may change.”
Intel-based Windows 8 and ARM-based Windows RT handle third-party software differently. On Windows 8, as in previous versions of Windows, users can install any software from the Internet or from DVDs. In Windows RT, they can install apps only from Microsoft’s online store.
“On Windows RT the [apps] will be secure,” Enderle said. “But if you have Windows 8, you can install [other] apps, but you will be bypassing the app-store features [including security]. Your safest bet is to use the app store.”
Meeting Microsoft Standards
To get an application into the Windows store, you first have to register as a developer, said Michael Cherry, an analyst at the Kirkland, Wash., consulting firm Directions on Microsoft.
“Then you develop your application and you submit it to Microsoft, and they’re going to review it,” Cherry said.
One criterion in Microsoft’s approval process, Cherry said, is that an app has to have some basic function — it has to actually do something.
“Apparently in some stores, there are apps and all they are is like whoopee cushions, and all they do is make rude noise apps,” Cherry said. “I don’t know if they can actually stop apps like that, but they will make sure it’s clear [to users] that’s all the apps do and they don’t add a lot of value.”
Additionally, he said, Microsoft will review apps for their age appropriateness.
“So they mark an app as to whether it’s suitable for children or teenagers or adults,” Cherry said. “My understanding is that there’ll be safeguards in place to ensure that [children or teenagers] don’t download restricted apps. But these things aren’t foolproof. They rely on people being honest.”
As part of the certification process, Microsoft is going to ensure the apps do what they say.
“If they say they’re not collecting personal information or they’re not using your location information, I believe that Microsoft is going to test and make sure that’s the case,” Cherry said.
Microsoft is also to ensure that none of the apps in its Windows store contain malicious code.
“But the people who are writing this stuff are getting trickier and trickier,” Cherry said. “Microsoft can test for the known types of things that people do [now], but somewhere down the road there will probably be some sort of exploit.
“There has been within the Apple store,” Cherry added. “Everybody is trying to do the right thing with this, and Microsoft has set up a system to do as good as anybody is doing today with it.”
This article originally published at TechNewsDaily
Leave a Reply
Previous Post: Bulldog Sings With Owner In The Car
Next Post: Strong banking system a top priority, says Jaitley