Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Security pros pan and praise Microsoft's plans on updating Modern apps in Windows 8, RT

Gregg Keizer | March 15, 2013
Experts like the on-the-fly updating of apps, but the alerts ... not so much.

Kandek agreed. "I'd prefer to have more detailed individual advisories that have enough depth for us to work with," he said.

Storms also knocked Microsoft's plan for not giving advance notice, as the company does currently with both the regularly-scheduled Patch Tuesday updates and those issued out-of-band. Not that IT or corporate security staffs would be able to do much more than warn their users of a security risk and remind them that an update is available to install.

Although IT administrators can control which apps are installed from the Windows Store using AppLocker -- a tool deployed via Windows Server that restricts application installation on Windows 8 Enterprise, a volume license-only edition of the OS -- and even trigger automatic downloads of updates, the update's installation must be initiated by the user.

Windows RT tablets cannot be managed at all, since they cannot join a domain.

At best, enterprise IT departments must leave the most important step -- installing an update -- to the individual. That runs counter to Microsoft's long-standing belief that the less asked of users, the safer they are, as Windows' own Automatic Updates contests.

But the update and security model Microsoft's applied to Modern apps is the same consumer-centric one first promulgated by Apple in its app ecosystems: Users control updates, and the first line of security is the curated store. And while security experts may appreciate the latter, they don't much care for the former.

That could change.

"I think we will see more control functionality in the app stores soon," predicted Kandek. "Maybe close to what Apple has been doing: blocking certain plug-ins from running if they are not updated."

Because Microsoft has yet to issue a security update for any of its Modern apps -- although the Wednesday announcement hints that one may be imminent -- it has not yet created the perpetual advisory which will list fixed apps. When it does, the alert will appear on the company's security advisories page, which shows the five newest warnings, and its advisory archive.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.