Windows 10 Linux Feature Brings Real, But Manageable Security Risks

It should have come as no surprise when it was revealed at the Black Hat USA conference that Windows 10’s ability to run some Linux commands through the inclusion of the Bash shell command language also created a security risk.

The fact is that any time you introduce a new way to interact with software as complex as Windows 10, you will also introduce new avenues for a security breach. The more important questions are: How serious is the potential breach and how likely is it to be exploited?

It’s not likely to be exploited mainly because the Ubuntu Linux command line isn’t enabled by default in Windows 10 and few users will find and enable it, unless they are developers or perhaps hackers who want to do something nefarious.

Read More: Windows 10 Anniversary Update – What you need to know

Windows 10 Linux

Without the Bash shell and the accompanying command line, there’s no way to use the Linux commands to launch a cyber-attack. But the fact is that the Bash shell does exist, and unless you’ve set up your company’s computers so that users can’t access the setting that turns it on, you could find yourself with employees who want to experiment with the new capability.

Just so you know where to find it, this is how you enable the Windows Subsystem for Linux. First you open the Settings function, which is now represented by a gear icon when you press the Start button. Then you go to Updates and Security and click on the For Developers choice.

While you won’t see the Linux button there, you can search for “Windows Features.” That will take you to a list of functions you can select and deselect with check boxes.

Loading ...

One of those selections will let you enable the Windows Subsystem for Linux. Check that box, click on Apply and, after Windows finds the files, you’ll be prompted to reboot your computer. After that you can type “Bash” in the command line, and it’s ready to work.

Even though Microsoft worked with Canonical to create this Linux-like experience, what you’re running isn’t really Linux because there isn’t full Linux kernel inside Windows. But there’s enough of the kernel to allow access through that Bash shell to enable malware to bypass some of the normal Windows security features.

While the new Ubuntu Linux capabilities aren’t supposed to include the ability to run graphical applications or the Ubuntu desktop, in fact the method for doing that is already public.

There’s nothing inherently insecure about running graphical Linux applications such as Firefox or using the Ubuntu desktop.

Continues On Page 2…

Originally published on eWeek

Page: 1 2

Wayne Rash

Wayne Rash is senior correspondent for eWEEK and a writer with 30 years of experience. His career includes IT work for the US Air Force.

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

16 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

17 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

18 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

20 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

22 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

23 hours ago