Will Windows 8’s new interface herald full-screen scareware?

Graham Cluley
Graham Cluley
@[email protected]

Microsoft has designed a new user interface for Windows 8, with an emphasis on bright colours and friendliness.

Personally, the interface (dubbed “Metro”) reminds me of a child’s toy.

Windows 8 and Simon toy

One of the interesting features of the Metro user interface is that apps are designed to be full-screen, without any surrounding furniture. That means you won’t see scroll bars and the like, unless you interact with the interface.

Sign up to our free newsletter.
Security news, advice, and tips.

One has to wonder whether this will lead to a wave of new scareware/fake anti-virus attacks.

Currently, malicious hackers poison webpages to display what appears to be a warning about malware found on your computer – tricking users into downloading software. The initial alert pops up in your web browser.

Fake anti-virus alert on older version of Windows

These phony alerts have proven to be a very effective way for cybercriminals to fool users into installing their malicious scareware. And it’s very likely we’ll continue to see hackers trick your browser into displaying bogus warning messages

But, with Windows 8, these browser-based fake anti-virus warnings will be shown full-screen, without the tell-tale visible signs that you’re in a browser.

That means it may be even easier to convince a victim into believing they are viewing a genuine security alert from the operating system rather than simply a webpage pretending to be one.

Some will argue, no doubt, that Window 8’s Metro simplistic interface is a sign of progress, making the use of computers less threatening to those who are currently put off by complicated GUIs.

The view may be that people get confused between operating systems, apps and browsers – why not make them all look the same?

But these are the very people who are, perhaps, most likely to be tricked into believing that a fake anti-virus alert is genuine and blindly do whatever the computer screen is advising them to do.

It will certainly be interesting to see how cybercriminals evolve their social engineering attacks to take advantage of a Windows 8 Metro-interfaced world.

Blue screens, cute screens

One thing we’ve already seen is how Microsoft has – after many years – revamped their infamous blue screen of death. Now it’s a cute screen of death instead (and a slightly different shade of blue).

Blue screen of death - is this progress?

Wow, that’s real progress..

One wonders if the blue screen itself will become an attractive disguise for scammers and malicious hackers.

Will they attempt to duplicate the look of the now oh-so-friendly blue screen of death by popping it up in full screen browser sessions, tricking users into making bad decisions?

One thing we can be sure of – if the bad guys think they will make money effectively this way, they’ll do it.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.