Windows 8 Security: What's New?
Contents
- Windows 8 Security: What's New?
- Alternate Passwords
Microsoft has been adding and improving advanced security features and capabilities in its Windows operating system and other applications over the past few years. Each iteration of Windows has featured improved security—necessary to withstand the constant barrage of attacks—and Windows 8 coming is no exception.
In Windows 8, Microsoft expanded its support for embedded hardware security, bundling a full-blown security suite into the operating system, introducing secure boot and signed applications, and enableing alternate authentication schemes, to name a few. Some of the latest innovations are aimed specifically at enterprise users and meet business needs, but there are plenty of improvements that end-users will notice right off the bat, too.
"After reviewing the layers of technologies used by Microsoft to protect Windows 8, it is our opinion that it is the most secure version of Microsoft Windows to date," Aryeh Goretsky, a distinguished researcher at ESET, wrote in a whitepaper examining security technologies in Windows 8 released earlier this month. Microsoft is offering three main versions of the new operating system. Windows 8 is the "home" edition, Windows 8 Pro includes features for enterprises, such as support for Hyper-V, BitLocker, a virtual private network client and group policy support, and Windows RT for ARM-powered devices.
Secure Boot
Microsoft designed Secure Boot to protect the computer from low-level exploits and rootkits and bootloaders. A security process shared between the operating system and Unified Extensible Firmware Interface (UEFI, replacing the BIOS), Secure Boot requires all the applications that are running during the booting process to be pre-signed with valid digital certificates. This way, the system knows all the files being loaded before Windows 8 loads and gets to the login screen have not been tampered with.
If a bootloader has infected your computer and it tries to load during the boot-up sequence, Secure Boot will be able to undo all the changes and thwart the attack. Having Secure Boot means it is that much harder for attackers to try to compromise the start up sequence.
While PC makers have to have Secure Boot enabled in the UEFI firmware by default, if they want to be able to slap the Windows logo outside the box, the feature can be disabled within the UEFI interface. Anyone who wants to install a non-Windows operating system on Windows 8-certified hardware would first have to manually disable SecureBoot.
Windows Defender
As PCMag's lead analyst for security Neil Rubenking noted a few weeks ago, Microsoft decided to release Windows 8 with built-in antivirus. This is a much more robust application than Microsoft Security Essentials, the free anti-malware software that users could download and install manually in previous versions.
Windows Defender (Microsoft repurposed the name for the anti-malware product) is enabled by default, right out of the box, which means users have some form of security protection as soon as they turn on the machine. While it can't be uninstalled, it can be disabled if the user wants to install a different security product from another vendor (AV-Test has certified several as being Windows-8-ready). In fact, Windows Defender must be disabled if you want to install a third-party security suite.
Loading the AV First
Regardless of whether you are using Windows Defender or a different anti-malware product, Windows 8 has tweaked its load process so that security software runs first. Early Launch Anti-Malware (ELAM) insures that the first software driver loaded into Windows 8 is a driver from the user's anti-malware software.
In previous versions, if the malware executed and was loaded into system memory before the operating system and the antivirus, it was difficult to detect and remove. SecureBoot prevents rootkits from interfering with the OS, and ELAM ensures that pre-approved anti-malware software drivers are loaded before any other application.
Whether or not it is effective is unknown, but Goretsky noted in the whitepaper that the concept was "fundamentally sound."
SmartScreen
Originally an Internet Explorer security feature, Microsoft added SmartScreen to Windows 8. When a user downloads a program or a file from the Internet, the SmartScreen filter checks to see if other people have downloaded the same file as well. If so, there is a rating for the file based on its popularity and whether it was considered malicious. Users trying to download something with a low rating while Smart Screen is enabled will see a warning message. This can be good for detecting fake antivirus and other rogueware programs.
Since SmartScreen is now part of Windows 8, the filter will kick in regardless of what browser the user is running, not just Internet Explorer.
- 1
- 2