Windows 8 Security Stresses Exploit Prevention
A look at some of the key security features in the Microsoft's new OS
3. Authenticating and controlling user access.
Windows 8 features Virtual Smart Card, a simplified multifactor authentication feature. It's a software-based technology that can be used in lieu of physical smart cards. It works with existing smart card apps and management products, and doesn't require a physical card reader.
"The virtual smart card feature can be used in place of existing smart cards with any application or solution that is smart card compatible -- no server- or application-side changes are required," according to Microsoft's technical overview of the feature. The idea is to make smart cards more "mainstream" and inexpensive to deploy.
More Security Insights
- Forrester Study: The Total Economic Impact of VMware View
- Securing Executives and Highly Sensitive Documents of Corporations Globally
- Top Big Data Security Tips and Ultimate Protection for Enterprise Data
- Client Windows Migration: Expert Tips for Application Readiness
Windows 8 also comes with a new access control function called Dynamic Access Control (DAC). It's a rules-based approach that eliminates the static list approach.
Among some of the other security features in Windows 8 are sandboxing and upgraded versions of Microsoft's Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) attack mitigation technologies. "The improvements to ASLR and DEP are combined with the new Windows 8 application sandboxing capability that effectively limits the access of a compromised application. This feature means the bad guys will be fighting an uphill battle to deliver effective exploits for Windows 8," Lumension's Henry says.
Meanwhile, security researchers are already hammering away at Windows 8 for bugs. So far, most of the attacks targeting Windows 8 have basically been scams aimed at confusing and duping new Windows 8 users. Support.com's Skrepetos says his team has mostly seen rogue apps trying to mimic the Windows 8 user interface and trying to get victims to click on a link to "protect" Windows 8 with security applications, for instance.
"Windows 8 is still unproven ground. Windows 7 has been around long enough, so there's been more time to [attempt to] exploit it," Skrepetos says.
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.