Windows 10 Linux Feature Brings Real, but Manageable Security Risks
However, the tinkering that is already going on in Windows 10 demonstrates that the typically creative Linux crowd will certainly find ways to go far beyond anything that Microsoft or Ubuntu intended. Now that you know where the key to unlock the Linux command line is located, you also know what capabilities to turn off when setting up your company's computers, assuming you haven't done this already. To do that, you'll need to make sure your policy settings reflect this. But you'll also need to make sure you don't prevent your developers from getting access to this, assuming they have a reason to use a Linux command line. Fortunately, the chances of the Linux command line being used as a broadly available exploit are fairly low, if only because very few users will actually be able to find the necessary choices and commands and be successful in implementing the Windows Subsystem for Linux. The problem is that most antivirus software won't necessarily spot malware in the Linux subsystem. While there's very little Linux malware currently in the wild, there is some and at this point it's not clear whether it would work under WSL. But even if existing exploits won't run, there's nothing to prevent a creative cyber-criminal from creating it, assuming the use of the WSL is broadly adopted.What it really means for IT managers is that it's time to get control over exactly what the users in your organization can do with their versions of Windows. If you haven't set up company policies for Windows, now is the time to take this step. And in reality, the release of the Anniversary Update is an even better reason. The changes that are included with the new update to Windows 10 are significant, and they can profoundly affect how your employees use their computers. The time to ensure you have control is now, before the update happens automatically. Once your users learn how to take advantage of those changes, including access to the Linux command line, you might find that taking back control is really hard to do. But while you're working on that, do take a minute to try out WSL. It's really pretty slick.
But perhaps a greater threat may be a malware script that operates in the background to turn on the WSL and then use it for the attack. Is such a thing even possible? I don't know for sure, but I have a feeling that it may be. And by quietly running in the background, a long-running threat could operate quietly away from the notice of both the user and the user's anti-malware package.