29 May, 2017 12:07pm

Windows 10 S: An Interesting Concept

The release of Windows 10 S appears to be a pointless project. But is it set to fall flat on its face or is there promise that lies beneath the Surface (pun intended)?

The month of May has seen a number of fascinating events. Microsoft held three events over the past month while on the 12th, the WannaCry ransomware worm* began ravaging computers in various countries. It is the first of the events held by Microsoft (on the 2nd of May) coupled with the ransomware attack that provide the basis of this article, as we examine what the launch of Windows 10 S can mean for, among other things, the security of its users.


MicrosoftEdu

Microsoft's Terry Myerson highlighting the similarities of Windows 10 Pro and 10 S, during the event.

As mentioned above, Microsoft held their first event on the 2nd. The focus of this event was the education sector and the event was appropriately titled #MicrosoftEDU. A number of announcements were made over the course of this event. It is, however, the release of Windows 10 S that was most intriguing. Windows 10 S, for those unfamiliar, is simply a "configuration" (SKU or edition if you like) of Windows 10, much like Windows 10 Professional or Windows 10 Home. It offers all the features all the features and tools that are found on other configurations. Where it differs from the familiar configurations of Windows 10, however, is that it only allows users to install apps from the Windows Store. In other words, .exe files cannot be run on a computer running Windows 10 S. If this sounds impractical for the day to day needs of most people, it's because it probably is. For instance, the tool currently being used to write this article is an .exe application (that does not have a Windows Store version). This applies to most the software development tools that are required by many in the industry (although Arduino have ported their desktop application to a Windows Store app). It is for this reason that many are projecting Windows 10 S to follow the path of Windows RT due to its impracticality in daily use.

In light of this fact, it is important to consider Microsoft's target market when launching Windows 10 S: Students. Microsoft designed Windows 10 S with educational institutions and students in mind, promising superior security and performance. For both students and institutions, there is the financial benefit of using computers running Windows 10 S, with the prices of these devices starting at the (comparatively) much more affordable amount of about USD 189. A number of features were demonstrated at the event: 1) Windows 10 S is painfully easy to setup; an administrator only has to setup a configuration on a USB drive and use this drive to setup other computers and 2) It is much faster than other confugurations of Windows, taking about 5 seconds to boot as compared to the much longer time taken for Windows 10 Pro to boot. Since this isn't an article reviewing Windows 10 S, however, it shall be left to the reader to, perhaps, do a bit of reading on their own to find out what Windows 10 S can and cannot do for students, lecturers/teachers and administrators alike.

In a bid to attract students (potential users), Microsoft has announced that the Microsoft Office Suite (Word, Excel etc) will be coming to the Windows Store. This means that one gets all the productivity tools they're already familiar with. Other announcements have been made revealing that Spotify and iTunes will also be releasing apps for the Windows Store. Recent sightings have been made by eagle-eyed Windows users that WhatsApp are also readying a Windows Store version of their desktop app, although it still has the limitations of the desktop app. This is big news for Microsoft as these are companies, especially in the case of Apple, that had traditionally been reluctant to have their apps on the Windows Store. It is also seen as a major driver that will attract students and enamour Windows 10 S to them. This news is also likely to attract more developers to either port their existing desktop apps to Windows Store versions or develop native Windows Store versions of their apps.

As a point of interest for the reader, it's not all doom and gloom for someone who acquires a computer running Windows 10 S (either intentionally or accidentally) and wishes to run desktop apps: One can simply upgrade to Windows 10 Pro.


WannaCry

WannaCry, or Wanna Cryptor, can amusingly be likened to a one-hit wonder who bursts on to the scene with a hit song that climbs to the top of the charts in various countries. Be it due to a catchy tune or thought-provoking lyrics, this artist has a song that is being played on the radio, hummed or whistled by different people all across the world. Similarly, WannaCry rose to fame in the space of a weekend, affecting large institutions such as Britain's National Health Service (NHS) and Spain's Telefonica, and in the process becoming one of the most-talked about topics over that weekend. Some numbers estimated WannaCry at having affected computers in over 150 countries.

WannaCry's rise to fame can be traced to the release of the EternalBlue** exploit by The Shadow Brokers, who released a number of exploits used by the US National Security Agency. Microsoft, soon after the revelation by The Shadow Brokers, released a patch that fixed this vulnerability in affected versions of Windows, excluding the long-unsupported Windows XP***. Many organisations, however, had not applied this patch and were inevitably affected when WannaCry came around approximately two months later.

Like our one-hit wonder mentioned at the start of this section, WannaCry was unable to sustain its relative success and its infection rate greatly dropped as: 1) More and more people applied the security updates that had been made available and 2) Various researchers found ways to bypass it and recover encrypted data. It is to be noted, though, that there have been a few iterations of WannaCry that lack the kill switch that was found in initial versions.


The Intersection

While we cannot say for sure how differently the situation would have panned out had Windows 10 S been around (especially due to the fact that WannaCry propagated itself through local networks), the case of the WannaCry ransomware highlights one of the key concerns that Microsoft aims to tackle with this configuration of Windows: Security. School computers are high traffic areas and will invariably encounter various bugs. Many students have found that the document or presentation they spent all night working on has been wiped by a virus found on a school computer. By limiting Windows 10 S to Windows Store apps, a vast majority of attacks are halted before they can even begin since the main vector (.exe files) cannot run. This means that students can plug in all the peripherals they wish without fear of having these infected by one virus or another; they can work on a document or presentation with the assurance that it will still be there when they wish to print or present.

But a question arises: How can I trust that what is on the Windows Store doesn't have some sort of backdoor that will harm my computer?


The Worries

Apple's App Store is the gold standard

Microsoft have taken steps to ensure that the apps available on the Store meet certain standards and have even taken steps to rid the Store of "spammy" apps and apps that don't meet the outlined standards (recently even removing apps that didn't have an age rating). This is a commendable step but one that still needs some work. There are still a number of apps that could fall into the category of being "spammy" and it is crucial that Microsoft continues to take down such apps as these not only provide a bad experience for users, but also drown out developers of high qualtity apps. The gold standard in this regard is Apple's App Store. The standards that have to be met before an app is accepted are high, with a number of developers having had their app rejected until certain changes are made, either in terms of content or in terms of performance. Google Play, on the other hand, can probably be fairly or unfairly considered the haven of "spammy" apps and a warning example of what can happen if app submission standards are not quite as strict.

The unfortunate reality of attacks is that there are a number of vectors apart from .exe files, as any tech-savvy individual worth his or her salt would tell you. A popular vector today is the internet, where many people spend large portions their time. While not a bulletproof solution by any stretch of the imagination, Microsoft has locked Edge as the default browser on Windows 10 S. Why should you care? The long and short of it is that it operates slightly differently from other popular web browsers and, thus, some attacks that are optimised to work on other browsers (particularly JavaScript attacks) may not work on Edge. Additionally, Adobe Flash Player is disbaled by default on Edge as of the most recent update of Windows 10. Lastly, and this is particularly important, is that Edge is becoming a Windows Store app. Again, why should you care? Previously, major updates of Edge were limited to major updates of Windows 10 itself. Shifting Edge to a Store app means that both usability and security updates will reach the user much faster, making the response to new attacks**** faster and more proactive, rather than reactive.

An issue that has afflicted Windows 10 Mobile (like Windows Phone 8/8.1 before it) is Microsoft's seeming lack of commitment to the platform, with the last flagship devices released by Microsoft themselves being the Lumia 950 and 950 XL all the way back in November 2015. Microsoft has taken a step in allaying fears of its commitment to Windows 10 S by releasing new hardware to showcase its performance: The Surface Laptop. While it will remain out of reach for a sizeable portion of Microsoft's Windows 10 S target market, the Surface Laptop provides OEMs (Original Equipment Manufacturers) with a template to follow when building computers running Windows 10 S, namely stylish, performant devices and shows that Microsoft is going all-in with Windows 10 S.


If Microsoft can continue to ensure that apps submitted to the Store are of the highest standard while at the same time encouraging more and more developers to develop for the Store then the perceived gamble that Windows 10 S is making on the success of the Windows Store will turn out to be a huge success story. And if threats from various attack vectors are neutralised, there is no reason why Windows 10 S won't be the most secure configuration of Windows available.

While OEMs will probably be willing to invest in Windows 10 S initally, its staying power will likely be determined by Microsoft's own commitment to this endeavour. And if Microsoft continue innovating to keep Windows 10 S fast and secure, there's no reason why OEMs won't continue backing Microsoft in their vision.

How sustainable is the vision of Windows 10 S? How will it perform in the pressurised, real-world environment of an educational institution? Will developers (big and small alike) build for the Windows Store? Will it succeed in offering a secure, performant system that will overthrow Google's ChromeOS in the education sector? These and more questions can only be answered with time. However, feel free to weigh in to the discussion with your comments and/or questions.


* A worm is self-replicating malicious code that operates in the memory of a computer.

** EternalBlue is an exploit that targets a vulnerability in Server Message Block (SMB) version 1, enabling remote execution of arbitrary code.

*** The support period for Windows operating systems is 10 years after the general availability of the OS (5 years of mainstream support and 5 years of extended support). After the end of the support, users will not receive among other things, security updates. In a rare move, Microsoft released a security update for Windows XP a day after the outbreak of the WannaCry ransomware.

**** A recent vulnerability was discovered on Internet Explorer (remember it?) in older versions of Windows that allowed remote attackers to lock system files, potentially causing a blue screen of death and forcing a reboot.



About Michael

Tech enthusiast. Windows sheep. The author of thought-provoking, informative pieces.

Discover More of Michael's Talks