However, it appears that some experts have security concerns over the use of Bash on Windows.
Speaking at the Black Hat USA security conference, Alex Ionescu raised concerns over the inclusion of the Linux kernel and bash in the new Windows 10 Anniversary Update. He warned that this new feature would add a new attack surface for hackers.
“In some case, the Linux environment running in Windows is less secure because of compatibility issues. There are a number of ways that Windows applications could inject code, modify memory and add new threats to a Linux application running on Windows…So you have a two-headed beast that can do a little Linux and can also be used to attack the Windows side of the system.”
Ionescu noted that Linux process would not make use of Hyper-V hypervisor, which could isolate the processes. So, Linux has access to the same files as Windows, but without the same protection. Linux apps can also run without getting approval from Window’s AppLocker whitelist.
Ionescu also mentioned that updates are run through Windows Update, instead of using Ubuntu’s apt-get tools.
He did acknowledge that these problems might not affect many people because you need to enable developer mode and install extra packages to get Bash working. He also notes that most hackers don’t target problems with newer software because it’s not widely adopted. As more people start to use Bash on Windows 10, it will become more attractive to hackers.
You can find the slides from Ionescu’s talk on Github.
Have you used Bash on Windows? Has this security problem changed your mind about using Bash on Windows?