Security Advisor

How Secure Are Windows Store Apps?

Can Microsoft's sandbox protect applications from the attacks of yesterday?

Windows is going for a whole new approach when it comes to pushing security updates to its built-in apps for Windows 8 and Windows RT. Well, not exactly a whole new approach, but a different approach (for Microsoft).

Just like the Windows Store app system, Microsoft is once again mimicking the mobile platform by pushing through security updates for its built-in apps (Bing, SkyDrive, News, Video, Mail, etc.) as soon as they're ready -- something iOS and Android users have been used to.

This is a change in strategy for Microsoft, which, unless dealing with an imminent threat with an out-of-band patch, would wait to release all security updates on the second Tuesday of the month.

It's interesting to note, though, that those apps that share both a Desktop and Windows Store app entity will only be addressed in Microsoft's monthly patch rollout.

You can read more about the new update process, along with the inaugural security update, a "moderate" fix for the Mail app, in Kurt Mackie's news article here.

Speaking more generally on the security benefits of the Windows Store app system, there's no question that Microsoft is looking to replicate the success Apple has shown with its app store. And security firm Viewfinity's CEO Leonid Shtilman, said this is just the next step in Microsoft's dedication to making a more secure OS.

"With Windows 7 and especially Windows 8 Microsoft made several significant steps towards creating a more secure computing environment. I would especially emphasize the introduction of an application store as the sole source of new applications," said Leonid during a recent interview. "This approach will eventually solve the problem of new executables introduced to the system and secure some of the security vulnerabilities we see emerging in the interfaces between operating systems, like Windows, and the applications that run on them. This solution has been especially prevalent in mobile technology and seems to be gradually growing in popularity in the desktop space as well."

And the security strength (or eventual weakness) of Microsoft's app model lies in its sandbox. Security expert Bill Sempf, who recently presented "Hardening your Windows 8 apps for the Windows Store" in March's Black Hat Europe 2013, agrees, saying because of Microsoft's Windows 8 sandbox, "most Windows Store app security testing will focus on the backend services, and flaws in the business logic of the application."

 However, no matter how hard Microsoft has pushed the strength of its sandbox environment, no system is 100 percent protected from attacks. With higher adoption rate of Microsoft's newest OS, we'll start to see hackers turning their skills towards breaking it. And once that happens, I think we will get our first look at how secure Windows Store apps really are.

What do you think? If using Windows 8, have you noticed an increased level of application security compared to earlier versions of the OS? And do you prefer the practice of pushing security updates through as soon as they are ready? Let me know at

About the Author

Chris Paoli is the site producer for and


  • Windows 10 Mobile To Fall Out of Support in December

    Microsoft will end support for the Windows 10 Mobile operating system on Dec. 10, 2019, according to an announcement.

  • Get More Out of Your Outlook Inbox with TakeNote

    Brien comes across a handy, but imperfect, feature in Outlook that lets you annotate specific e-mails. Its provenance is something of a mystery, though.

  • Microsoft Resumes Rerelease of Windows 10 Version 1809

    Microsoft on Wednesday once more resumed its general rollout of the Windows 10 version 1809 upgrade, also known as the "October 2018 Update."

  • Microsoft Ups Its Windows 10 App Compatibility Assurances

    Microsoft gave assurances this week that organizations adopting Windows 10 likely won't face application compatibility issues.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.