Details about the latest security features of Windows 8

Since focusing on Trusted Computing Projects, Microsoft has begun to stick to introducing new security features in every new version of Windows, this has significantly improved the security situation of the system. Now, Windows 8 is no exception in this regard. Although the public focuses on the new user interface and the effect of extremely severe polarization, Security Updates become less conspicuous. In this article, we will take a look at what security features are added in each version, what are the differences between them, and what is the actual effect.

Basic security functions provided by Windows 8

These functions will appear in all versions of Windows. No matter whether it is a Win8 for family users or a professional or Enterprise Edition for commercial users, there will be no exception:

The UEFI secure startup function will be supported

Although this feature may cause potential problems and defects in some situations, it is still a very important new security feature provided by the current version of Windows. As we all know, the unified and extensible firmware interface UEFI-the latest version is 2.3.1) is designed to replace the traditional basic input/output system BIOS as the next-generation firmware interface of a PC ). Now, if the system chooses to use the secure boot function, Windows 8 can greatly improve the effective defense capability of rootkit and other malware. With the support of the secure startup function, the operating system can verify the digital signatures of all startup components. The anti-malware driver can monitor all tampering operations. If you find that the component signature is incorrect and has been tampered with), Windows will enable the recovery mode to try to process the operating system accordingly. For rootkit malware, the common practice is to tamper with key operating system files and maintain the active mode during the boot process before most anti-malware tools start. The latest secure startup function can detect all types of tampering operations and prevent rootkit from being loaded in. For company users, the best solution is to enable this function directly when Windows 8 is deployed, and prohibit employees from disabling the function.

The coverage of Smart Window filters is further increased.

The earliest appearance of Smart Window Technology is Internet Explorer. Now, its coverage will be extended to the operating system. In tests conducted in the NSS lab, this function has been proven to be the best choice for modern browsers to detect and block social engineering malware. The Smart Window technology consists of the URL credibility Check System and the application and file credibility check system. The URL credibility test system can be used to prevent phishing and social engineering attacks. The file reputation inspection system can comprehensively track the file download and verify the relevant credibility. If the downloaded file is determined to be malicious, it will be blocked and the following warning information will be given:

Figure

If it is a new file or cannot be effectively identified by the system, a similar warning is displayed:

Figure B

When an unknown type file is involved, this method may cause the user to forcibly open the suspicious information by bypassing the warning information. Therefore, the system administrator must promptly and effectively intervene to prevent warnings from being ignored.

Built-in free anti-malware/virus tool: Windows Defender

In Windows 8, Microsoft will also provide a complete set of anti-malware solutions. The method adopted is to add the anti-virus function used by Microsoft Security Solution in Windows Defender. This means that this version of Windows Defender will have higher performance and lower system memory/CPU usage. For enterprise users, it is time to prepare for the replacement of anti-malware products. Therefore, the correct way for enterprises to do so is to provide comprehensive consultation to various anti-malware vendors on solutions compatible with Windows 8. After all, with the support of the secure startup function, the company can now easily establish a secure and reliable network environment, with fewer potential vulnerabilities and faster response speed.

Image Password

For secure login, image and password are a new way of using the touch mode. Now, you can select an image and make three touch gestures on it. The system can save the gesture sequence as the user's "password", and then the user can log on through repeated operations. Relying on the association between gesture sequences and graphics, this mode can improve login security. For example, you can select an image containing two celebrities, draw a smiling face on one of them, and touch the other two eyes. Although this pattern sounds very interesting, it remains to be observed in terms of system reliability compared to the traditional pattern.

Built-in PDF Reader: Windows Reader

As a newly integrated document reader in Windows 8, Microsoft will add a very interesting new security feature for Windows Reade. This Reader supports PDF file formats that are extremely popular and preferred by attackers. By integrating a simple reader that uses the system's regular update mode, the operating system can reduce the need for applications or plug-ins that contain potential risks, so as to improve the default security of the platform.

ASLR and attack reduction

Address Space Layout randomization ASLR) the earliest appearance is in Windows Vista, the goal is to reduce the danger caused by the notorious "buffer overflow" vulnerability caused by random movement of code and data in the memory. In Windows 8, randomization is further improved to prevent technical attempts to bypass ASLR. Other measures involved include adjusting the Windows Kernel and heap, that is, using ASLR-like methods for completely new integrity checks and randomization. In addition to the "enhanced protection mode" sandbox, Internet Explorer 10 also benefits from these changes: in addition to the "enhanced protection mode" sandbox, it also includes an IE10 option named "ForceASLR. It can randomize all modules loaded in the browser memory, and choose not to use the ASLR protection technology to create modules by using the optional/DYNAMICBASE flag, developers can get the benefits of ASLR technology.

Security features provided in Windows 8 Professional Edition

The following functions will only appear in Windows 8 Professional and Enterprise Edition for commercial users:

Disk encryption tools: BitLocker and BitLocker To Go

In Windows Vista, Microsoft provides Bitlocker as a full-disk encryption solution. In Windows 7, Bitlocker is replaced by Bitlocker To Go. In the new version, the tool does not change much. However, it also adds a new option To back up Bitlocker To Go's encryption key To the SkyDrive account.

Encrypted File System

As the earliest encryption solution provided by Microsoft, EFS supports operations on a single file, folder, and drive. It first appeared in the Windows NT series more than 20 years ago. However, it is basically replaced by Bitlocker, Bitlocker To Go, and a large number of free encryption tools.

Domain members and Group Policy objects

As there is no difference in the previous situation, the two features are still the main difference between Windows home and commercial versions. For network environments that require centralized management, adding new members to the Active Directory domain is crucial. Once a user joins in, the administrator can create and apply Group Policy objects for domain members to fully control daily work including security. In Windows 8, Microsoft introduced a new policy for the new operating system:

Figure C

Security Features in Windows 8 Enterprise Edition

Finally, a company that has signed a Software Assurance Agreement will have the opportunity to obtain Windows 8 Enterprise Edition, which will include the following security features:

Application control policy tool: Applocker

As an application control solution provided by Microsoft, Applocker using the black/white list technology first appeared in Windows 7. With the help of AppLocker, the system administrator can establish policies to fully control the installation and running of activities such as specific applications. In Windows 8, AppLocker can manage traditional desktop applications and new Metro applications.

Direct Access

As an alternative for external computers to connect to the company's intranet using VPN security, Microsoft has launched a direct access function. During the time of use, direct access does not require the support of other applications, and can help the company ensure that the remote mode or mobile computer does not have compatibility issues in application and patch policies. Compared with the original version of Windows 7, this function has not changed significantly.

System Image function: Windows To Go

Microsoft also announced the launch of the Windows To Go system image feature following the development of "using its own devices. The system administrator can use an external USB drive to save the Windows 8 enterprise image and start it on any x64 system. As a full image of the enterprise system, projects including Windows Update policies, enterprise anti-virus solutions, and encryption tool BitLocker are manageable. Currently, Windows To Go requires a USB drive with at least 32 GB space. Despite the many restrictions, many companies, especially those concerned with the security risks caused by their own device initiatives and disaster recovery solutions, it is still a very valuable feature.