As we have reported in many of our posts, there are quite a large number of feature and security improvements in Windows 8, which is expected to release in the last quarter of this year. But, security analysts are now saying that with new features also come some security risks, too. One such major risk is phishing.
Internet Explorer 10 running under Windows 8 Metro looks pretty nice and neat, and expands over the whole desktop to fully utilize screen real estate. Security experts at McAfee have reported that this full-screen feature of Windows 8 Metro poses a serious security risk. By default, the address bar is hidden for Internet Explorer 10 in Windows 8 Metro. This means that the users will not be able to know the domain in which they are in. This lack-of-URL-bar might help phishing sites to exploit the non-visibility of the URL bar. Confused? Let’s look at an example.
Look at the following two screenshots; one of is PayPal while the other is of a fake PayPal website (click on the images to enlarge them):
Do you know which one is the real PayPal website? Yeah, it is difficult without being able to see the URL, isn’t it. The second one is the real one.
If you are as confused as us in the above example, there is no need to panic. Windows 8 Metro does give users the option to manually enable the URL bar. If the URL bar is set to be visible, then the URL bar will turn green while browsing secure websites, making the genuineness easily identifiable to the user (though there are attackers who spoof secure connections — that is a story for another time). Turning on address bar visibility will help users to easily find what domain they are on.
This reporter hasn’t fully explored Windows 8 so there may be a compensating feature for phishing scams which I don’t know about; but it is extremely shocking the brains at Microsoft didn’t see this coming when they decided to go full-screen. Feel free to reflect in the comments below.
[via Softpedia | Image Credit: McAfee]