Windows 10 Linux Feature Brings Real, but Manageable Security Risks

By Wayne Rash  |  Posted 2016-08-06 Print this article Print
Windows Linux Security

NEWS ANALYSIS: The Bash shell support in the Anniversary Update for Windows 10 is a valuable tool for developers, but it needs to be used carefully because of potential security risks.

It should have come as no surprise when it was revealed at the Black Hat USA conference that Windows 10's ability to run some Linux commands through the inclusion of the Bash shell command language also created a security risk.

The fact is that any time you introduce a new way to interact with software as complex as Windows 10, you will also introduce new avenues for a security breach. The more important questions are: How serious is the potential breach and how likely is it to be exploited?

It's not likely to be exploited mainly because the Ubuntu Linux command line isn't enabled by default in Windows 10 and few users will find and enable it, unless they are developers or perhaps hackers who want to do something nefarious.

Without the Bash shell and the accompanying command line, there's no way to use the Linux commands to launch a cyber-attack. But the fact is that the Bash shell does exist, and unless you've set up your company's computers so that users can't access the setting that turns it on, you could find yourself with employees who want to experiment with the new capability.

Just so you know where to find it, this is how you enable the Windows Subsystem for Linux. First you open the Settings function, which is now represented by a gear icon when you press the Start button. Then you go to Updates and Security and click on the For Developers choice.

While you won't see the Linux button there, you can search for "Windows Features." That will take you to a list of functions you can select and deselect with check boxes.

One of those selections will let you enable the Windows Subsystem for Linux. Check that box, click on Apply and, after Windows finds the files, you'll be prompted to reboot your computer. After that you can type "Bash" in the command line, and it's ready to work.

Even though Microsoft worked with Canonical to create this Linux-like experience, what you're running isn't really Linux because there isn't full Linux kernel inside Windows. But there's enough of the kernel to allow access through that Bash shell to enable malware to bypass some of the normal Windows security features.

While the new Ubuntu Linux capabilities aren't supposed to include the ability to run graphical applications or the Ubuntu desktop, in fact the method for doing that is already public.

There's nothing inherently insecure about running graphical Linux applications such as Firefox or using the Ubuntu desktop.



Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel