May 25, 2012

Windows 8's New Security Tools and Features

If you have played with Windows 8 preview, you know that it could change the way people think about PC. Microsoft has attempted to combine rich functionality with extra security by still maintaining the convenience and simplicity. Most importantly, Windows 8 comes with added security with some interesting changes that will change the face of windows security. Here is a list of security features that you can notice in Windows 8.

1. Built-in Antivirus:

The first security feature that you will clearly notice is Windows Defender. Any complete security solution should have all vital components like virus detection, network intrusion protection, protection from behavior-based threats, and protection from other types of malware attacks. In previous versions, Microsoft offered minimal protection with Defender. Now, Microsoft has decided to include features of
its Security Essentials to Windows Defender. This means you will find a completely revamped Defender that has all components of a complete security solution that can give you out-of-the box protection along with firewall and parental controls without any need for installing additional antivirus software.

Does it mean users needn’t have to bother about real time threats and completely stay away from buying third party security products? The test analysis done on Windows 8 Developer preview build shows that Windows Defender failed to block almost 20% of threats and its performance was quite slower than third party security products. From users’ perspective, having a complete security solution along with Windows is certainly beneficial for them, but we need to wait and see whether Windows Defender is capable of giving full-fledged robust performance like third party security software.

2. Protection against malware applications:

Internet Explorer 9 has SmartScreen filter to detect and block malicious programs that you download from internet. This feature has also helped to block phishing sites. With Windows 8, this feature comes built-in with the operating system itself. So now, any malicious programs will be blocked irrespective of whether you use Chrome, Opera, or any other browser. The feature works by checking the downloaded
program against a list of safe applications, and alerts you in case it has the potential to be a malware. This is definitely an improvement as it cuts down the number of unnecessary alerts as it used to show earlier. Now, with Windows 8, you will see a warning only when something is wrong.

3. Enhanced password protection:

Windows 8 allows you to create a four-digit pin and a picture password apart from having a regular password. Since the Developer preview, users have found that picture password is a convenient alternative to text-based passwords. The picture passwords work like this. You choose a photo to unlock your system and then define touch gestures to be used to unlock the system. Initially, users were skeptical because the smudges on the screen could be used be used by anyone to crack the password.

But, Microsoft has stated that the order, direction and location of gestures are also considered while storing the password, so cracking a picture password on a screen that is used regularly won’t be that easy. For instance, if you have a photo with group of people then randomly circle on someone’s face, and then draw some lines. Would that be easy to crack? If you are still skeptical, you can check Microsoft blog for complex mathematical calculations to prove that picture passwords are safer than
other methods. Additionally, Windows 8 also has four-digit pin password for added protection.

4. Secure Boot:

In spite of having anti-malware technology, almost all PCs remain vulnerable to security attacks. A particularly dangerous type of threat includes malicious programs that could overwrite the contents of kernel of an operating system, and once an operating system is compromised, then no application can be trusted. Now, with Windows 8, Microsoft addresses this problem using secure boot architecture with
Unified Extensible Firmware Interface, Early launch Anti-Malware Driver, and Remote attestation.

a. Unified Extensible Firmware Interface (UEFI):

Windows 8 will fully adopt a computer security architecture called Unified Extensible Firmware Interface (UEFI), developed by Intel. In a boot chain, UEFI makes certain that every module is signed and verifies the signature of the following module before it is allowed to execute. One of the major problem with UEFI is it doesn’t allow untrusted modules to be loaded even if they are part of a multi-boot
configuration. This means UEFI cannot be used on machines that host another OS such as Linux. So users will not have the ability to dual or multi-boot a system with Windows 8 and other operating systems that do not support UEFI.

An alternative is, instead of going for dual-boot system, you can have Linux in a virtual machine and continue to use Windows 8, but that depends on for what purpose you use Linux. Apart from this, UEFI is definitely advantageous as it brings the confidence that rootkit will not be able to tamper the kernel of Windows operating system.

b. Early Load Anti-Malware Driver (ELAM):

With UEFI architecture, the operating system images can be verified, but the trust does not cover critical boot drivers that are essential for starting a system. Windows 8 tackles this by introducing ELAM drivers in the load sequence. To protect against malicious boot drivers, the ELAM driver will be the first non-Microsoft module to get control during a boot sequence, and it will be consulted for every boot driver to be verified and loaded. Finally, ELAM driver will exit after loading all necessary boot drivers. Given that ELAM runs in restricted mode, this will definitely improve security and prevent malware drivers from loading. But daily hundreds of unique threats are coming up, so how much time will be spent on ELAM and how will the boot time performance be affected.

c. Remote Attestation:

This is another layer of boot time protection offered by Windows 8 to ensure that a system is not compromised. To make use of this feature, Windows 8 will have a Trusted Platform Module (TPM), which will record the loaded modules that cannot be modified by any software. This measurement will be kept in a log that will be retrieved remotely and verified. Even though this process is not new,

Windows 8 extends this process all the way down to kernel level. So any discrepancies during the boot sequence will be caught remotely.

These enhanced security measures could put third party security vendors out of business, but only time will tell whether Windows 8 security is tough enough to defend against all types of real time threats and malwares.via[corenetworz]


Post a Comment