01:06 PM

Windows 8: 4 Smart Security Improvements

Will Windows 8 be the most secure Microsoft operating system to date? One security expert sees promising signs.

8 Key Differences Between Windows 8 And Windows RT
8 Key Differences Between Windows 8 And Windows RT
(click image for larger view and for slideshow)
Will Windows 8 be more secure and harder to exploit than previous Microsoft operating systems?

Microsoft is now making several last-minute touch ups to the operating system, which is set to launch Oct. 26, and which has been previewed as the most substantial overhaul of Windows since the debut of Windows 95.

But does the Windows overhaul extend to the operating system's information security performance, and will Windows 8 be harder for attackers to exploit?

[ Get expert guidance on Microsoft Windows 8. InformationWeek's Windows 8 Super Guide rounds up the key news, analysis, and reviews that you need. ]

According to Aryeh Goretsky, a researcher at security firm ESET, "after reviewing the layers of technologies used by Microsoft to protect Windows 8, it is our opinion that it is the most secure version of Microsoft Windows to date." That analysis comes by way of a new Windows 8 security white paper from ESET, authored by Goretsky. While his analysis doesn't review every new Windows 8 security feature--such as AppContainer, for application sandboxing--it highlights what he sees as the operating system's four biggest security improvements:

1. Antivirus Now Active by Default

In clean installs of Windows 8, the free Microsoft antivirus and anti-malware product Windows Defender will be active by default. The "clean installs" caveat, however, refers to PC manufacturers and distributors being allowed to instead install trial versions of their own antivirus and anti-malware software.

"Windows Defender provides a good level of protection, but is mainly targeted at those who are unwilling--or unable--to purchase a commercial anti-malware solution," said Goretsky. While he categorized the software as being effective (though a "minimum bar for levels of protection") he also lauded it for not being nagware. That means it does not "attempt to upsell the user to a paid-for product and toolbars or banner advertisements, nor does it modify existing search settings." That makes it less likely that users might seek to disable the software.

2. Windows Rewrites Target Bootkit Malware

Windows 8 will include new tools for blocking not only rootkits, but also bootkits, which are able to replace boot loaders, thus making the malware active almost once a PC starts up, and very difficult to detect or eradicate.

But Goretsky warned that some legacy Microsoft code won't enjoy the better rootkit protection. "Some of these changes made to operating systems to combat rootkits ... are only available in the 64-bit editions of Microsoft Windows due to support issues: there remains a large base of 32-bit programs which rely, for compatibility reasons, on some insecure functions inherited from earlier Windows versions," he said.

3. BIOS Firmware Gets UEFI Replacement

The BIOS firmware code that becomes active as soon as a PC powers on has also been replaced in Windows 8 by the Unified Extensible Firmware Interface (UEFI). The move has drawn fire from Linux advocates, who fear that Windows 8-compatible machines might be blocked from starting up to Linux, since one feature of UEFI is Secure Boot, which requires that an operating system be digitally signed before the PC will allow it to load.

"What Microsoft has done is place a requirement in the Windows 8 logo tests that computers shipping with a 64-bit version of Windows 8 (which will be most desktop and notebook computers) ship with Secure Boot enabled in their UEFI firmware by the manufacturer," said Goretsky. However, he continued, "The same requirements state that the user must be able to disable this feature." While that will add an extra step for anyone who wants to replace Windows 8, on Windows 8-certified hardware, with another operating system, it means that the Secure Boot will be active by default for everyone else.

As a result, the feature should "greatly [reduce] the attack surface currently exploited by bootkit forms of rootkit malware on systems using BIOS-based firmware," said Goretsky, who also noted that after two decades, BIOS is overdue for a replacement.

4. Anti-Malware Launches Early

Another security improvement in Windows 8 is the Early Launch Anti Malware (ELAM) feature, which allows security software--not just from Microsoft--to be first in line once a PC starts up and begins loading applications. "ELAM is important because, like UEFI's Secure Boot, it vastly improves the security of the computer at an early stage," said Goretsky. "While the effectiveness of ELAM is as yet unproven, the concept behind it is fundamentally sound, and it should prove to be a major deterrence to boot-time malware."

But don't be surprised, he warned, if Microsoft tweaks ELAM--or any of the other new features--after Windows 8 debuts and developers see if the previewed security improvements actually perform as intended.

Upgrading isn't the easy decision that Win 7 was. We take a close look at Server 2012, changes to mobility and security, and more in the new Here Comes Windows 8 issue of InformationWeek. Also in this issue: Why you should have the difficult conversations about the value of OS and PC upgrades before discussing Windows 8. (Free registration required.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
10/12/2012 | 2:56:29 PM
re: Windows 8: 4 Smart Security Improvements
I think you mean the "third bullet point" don't you?

Not sure that your (and Andrew's) criticisms are warranted. UEFI provides many advancements over BIOS including the ability to manage the hardware remotely prior to an OS even being loaded, booting from >2Tb partitions, support for GUID partitions, and the contentious secure boot which requires that an OS be digitally signed. Even the grumps in the Linux community have had their complaints resolved (regarding secure boot) this month.

There is way more upside to using UEFI over BIOS. Especially when you consider the advanced state of malware these days and the largess of botnets and infected systems that have been created around the world.
User Rank: Ninja
10/12/2012 | 11:46:54 AM
re: Windows 8: 4 Smart Security Improvements
Agree, whoever cooked up the second bullet point has little to no clue what BIOS and UEfi are nor what Windows 8 or an OS in general does. That makes me wonder if IW has fired all senior editors and everyone can just post whatever they want. I could see this happening in a lower class blog, but it is a total embarrassment for something that gets passed as editorial content.
Andrew Hornback
Andrew Hornback,
User Rank: Apprentice
10/12/2012 | 4:33:56 AM
re: Windows 8: 4 Smart Security Improvements
A couple of these items - the Antivirus and Anti-malware - it really took THIS long for Microsoft to bake that into their product?

I'm also not quite sure how the UEFI requirement could be considered a Windows 8 feature - it's pre-boot code executed by the hardware. Windows 8's certification logo program may require it, and certainly the venerable Phoenix BIOS has been around the block plenty of times - but what about something based off of another standard like the old AlphaARC/BIOS? Or is that another remnant of history that we've forgotten about?

At any rate, it's good to hear that Windows 8 is the most secure Microsoft OS to date - if it wasn't, we may have another Vista on our hands.

Andrew Hornback
InformationWeek Contributor
Diversity: It's About Inclusion
Kelly Jackson Higgins, Executive Editor at Dark Reading,  4/25/2018
Securing Social Media: National Safety, Privacy Concerns
Kelly Sheridan, Staff Editor, Dark Reading,  4/19/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.