Windows 8 isn't even out yet, but it's already under attack from both the good guys and the bad guys in the security community.
The operating system's built-in anti-virus software " doesn't move the needle much," according to Symantec, and other experts have dismissed it as a "last resort," or a safety net meant to protect users who won't install anti-virus software anyway.
But some soon-to-be purchasers of Microsoft's latest flagship product may not even know at all that the OS includes dedicated virus protection — and that's what scammers are banking on.
Online crooks are infecting their victims and then trying to extort them for the privilege. After a Windows user visits an infected website, malware called "Windows 8 Security System" installs a rootkit driver deep inside the operating system's guts.
Once it has made itself at home, the rootkit can see and control all OS operations. From there it makes the system flash up various security alerts that prompt the user to run anti-virus checks. But instead of running the real anti-virus software up pops a bunch of fake scans and scary-looking notifications.
Trying to manually remove Windows 8 Security System on your own could lead to lasting damage to your computer. The malware creates a number of registry elements that are stored in various places. Failure to delete one, or deleting the wrong file, could cause your system to behave erratically or misbehave entirely.
Beta-testers of the new OS learned of another gaping security flaw last week too. The Adobe Flash Player baked into Internet Explorer 10, Windows 8's default Web browser, is missing key security patches. Only Windows can push the Flash update to IE10 now that the player comes onboard instead of as a third-party plug-in.
Windows 8 users weren't expecting a fix until late October — Adobe sticks to a very strict update schedule — but Microsoft announced this week that it will be providing the much-needed patch sometime next week.
Windows 8 goes on sale Oct. 26.