Microsoft has taken some important steps forward in providing security for the Windows 8 environment. If we consider the key areas of data security, anti-malware and user authentication there are several very welcome additions to the user experience.
Trusted Platform Module (TPM) and Self-Encrypting Drives (SED) are now both natively supported under Windows 8, which should help push user and manufacturer adoption. The TPM provides an important hardware-based means to establish a degree of certainty over system integrity and to securely manage encryption keys, outside of the Operating System and the use of SEDs offloads much of the hard work of encrypting and decrypting data to hardware where it can be accomplished more effectively and more speedily.
In conjunction with TPM, the new Unified Extensible Firmware Interface (UEFI) means that, while a PC is being booted, only authorised code with a valid signature can be executed through the firmware and Operating System startup procedure.
This is designed to effectively limit the possibility that malicious software is loaded before the Operating System bypassing or even disabling key security functionality and hiding its presence entirely (bootkits for example, or rootkits).
In addition to this Early Launch Anti-Malware (ELAM) ensures that the first software driver to be loaded by Windows 8 is the software driver of your chosen security provider again in an effort to stop malware from overriding this protection.
The SmartScreen technology that you are used to seeing in Internet Explorer has now been extended across the entire Operating System so now even if you are using something other than a browser to access Internet resources and downloads, you will still be offered some level of filtering for potentially malicious downloads. Let’s hope this one isn’t as “noisy” as User Access Control (UAC) has been, encouraging more of that “next, next, next” culture.
When it comes to authenticating users, Microsoft have added some functionality obviously designed for those touchscreen devices they are anticipating. Picture or PIN based logins can be used once a user password has been set, as a shortcut to logging in. While this feature may be convenient, research during beta testing demonstrated that an attacker with local admin privileges could access and decrypt the passwords of accounts using this feature.
There are several other features, such as Dynamic Access Control that really build out the enterprise security capabilities of Windows 8 too. I don’t have the space to detail all of them here, but it’s great to see Microsoft continuing to take security seriously and allowing specialist security providers to integrate more deeply with the Operating System.
Microsoft Windows 8 is more secure “out-of-the-box” than it has ever been but remember the integrated anti-malware provides only baseline security (PDF), not the fully featured security of a dedicated specialist.