Security has always been a challenge to Microsoft. Being the most used Operating System, Windows also holds the position of being the most targeted Operating System. With Vista and Windows 7, Microsoft had done an excellent job in making Windows secure by adding features such as the UAC, Windows Defender, Bit locker drive encryption, etc. Now they have gone one step further to improve upon the existing features and have added new ones as well.
Here are some of the major security improvements in Windows 8.
Windows Secure Boot
Windows Secure Boot is a new feature that protects users against malware that affects the boot path. Common malware affecting boot path include boot loader viruses, boot sector viruses and rootkits that try to load as malware. Windows Secure Boot relies on allowing only signed and validated code to load during the boot process in order to the secure the boot path. If the code is unsigned, then the Windows Recovery Environment will be started which will try to fix the problem.
This service will require UEFI based Secure Boot feature to function. A point to note is that, even though the code is validated during the boot process, Microsoft has managed to reduce the boot time in Windows 8 significantly.
Improved Windows Defender
Windows Defender is Microsoft’s anti-spyware program that first debuted with Vista. They have now jazzed it up to add protection against all types of malware such as virus, worms, trojans and rootkits. It will be using the same malware engine as that of Microsoft Security Essentials and has a similar interface. The definition updates will be rolled out through the Windows Update as usual. Windows defender will also have a new file system filter to provide real time protection against malware.
Apart from the new malware engine, Windows Defender will also interface with Windows Secured Boot in real time to check against infection in the boot path.
OS Level Smart Screen Filter
Social Engineering is one of the most dangerous weapons that the hackers have. Even the most tech savvy person can fall prey to these kinds of attacks if proper caution is not taken. IE9 already has a Smart Screen filter which will warn you when you try to visit a page with suspicious behaviour. With Windows 8, Microsoft is implementing this system wide. For this purpose, an application reputation database will be used. When you download a file, a reputation check is triggered and if the application that you downloaded is not rated, a message will be displayed warning the user.
Microsoft has also made many changes internally including changes to ASLR, Windows kernel and Windows heap. Stay tuned for more posts on them.
To see a demonstration of the above features, check out the Building Windows 8 blog.