Sunday, October 21, 2012

Windows 8: 4 Smart Security Improvements

1. Antivirus Now Active by Default In clean installs of Windows 8, the free Microsoft antivirus and anti-malware product Windows Defender will be active by default. The "clean installs" caveat, however, refers to PC manufacturers and distributors being allowed to instead install trial versions of their own antivirus and anti-malware software.
"Windows Defender provides a good level of protection, but is mainly targeted at those who are unwilling--or unable--to purchase a commercial anti-malware solution," said Goretsky. While he categorized the software as being effective (though a "minimum bar for levels of protection") he also lauded it for not being nagware. That means it does not "attempt to upsell the user to a paid-for product and toolbars or banner advertisements, nor does it modify existing search settings." That makes it less likely that users might seek to disable the software.

2. Windows Rewrites Target Bootkit Malware
Windows 8 will include new tools for blocking not only rootkits, but also bootkits, which are able to replace boot loaders, thus making the malware active almost once a PC starts up, and very difficult to detect or eradicate. However, Microsoft code won't enjoy the better rootkit protection. "Some of these changes made to operating systems to combat rootkits ... are only available in the 64-bit editions of Microsoft Windows due to support issues: there remains a large base of 32-bit programs which rely, for compatibility reasons, on some insecure functions inherited from earlier Windows versions,".  

3. BIOS Firmware Gets UEFI Replacement The BIOS firmware code that becomes active as soon as a PC powers on has also been replaced in Windows 8 by the  Unified Extensible Firmware Interface (UEFI). The move has drawn fire from Linux advocates, who fear that Windows 8-compatible machines might be blocked from starting up to Linux, since one feature of UEFI is Secure Boot, which requires that an operating system be digitally signed before the PC will allow it to load.   "What Microsoft has done is place a requirement in the Windows 8 logo tests that computers shipping with a 64-bit version of Windows 8 (which will be most desktop and notebook computers) ship with Secure Boot enabled in their UEFI firmware by the manufacturer,".  The same requirements state that the user must be able to disable this feature; while that will add an extra step for anyone who wants to replace Windows 8, on Windows 8-certified hardware, with another operating system, it means that the Secure Boot will be active by default for everyone else.   As a result, the feature should "greatly [reduce] the attack surface currently exploited by bootkit forms of rootkit malware on systems using BIOS-based firmware."

4. Anti-Malware Launches Early Another security improvement in Windows 8 is the Early Launch Anti Malware (ELAM) feature, which allows security software--not just from Microsoft--to be first in line once a PC starts up and begins loading applications. "ELAM is important because, like UEFI's Secure Boot, it vastly improves the security of the computer at an early stage." "While the effectiveness of ELAM is as yet unproven, the concept behind it is fundamentally sound, and it should prove to be a major deterrence to boot-time malware."  

No comments:

Post a Comment