Want Better Security? Get Windows 8
The new OS and Internet Explorer 10 protect applications and limit the fallout of exploits.
InformationWeek Green - September 24, 2012
InformationWeek Green
Download the entire Sept. 24, 2012, issue of InformationWeek, distributed in an all-digital format as part of our Green Initiative(Registration required.)
We will plant a tree for each of the first 5,000 downloads.
Here Comes Windows 8
Windows 8 and Internet Explorer 10 may prove to be Microsoft's most secure OS and browser to date. The company began repairing its dismal reputation for security with Windows 7; this latest version takes significant steps to provide a more secure operating environment for PCs. Our advice? Upgrade desktops and laptops as soon as you can, especially if you're among the 20% of respondents to our latest InformationWeek Windows 8 Survey still clinging to Windows XP--a bad plan for multiple reasons.
Leading the list of improvements driving us to make this recommendation: enhanced application controls via a platform named AppContainer, in which Microsoft borrows a page from the mobile OS security playbook by forcing application developers to explicitly define what an app is allowed to do. Microsoft also introduces or enhances other security features, including a robust anti-malware package that comes standard with the OS--and must be giving antivirus vendors agita--and a new feature to make passwords easier to remember but harder for attackers to crack.
However, the most significant security change we see in Windows 8 is not so much the actual features; it's Microsoft's mindset. The Win 8 security paradigm is built around applications, particularly those that run in browsers. To that end, Internet Explorer 10 for Windows 8 includes some significant security upgrades, a welcome development because most attacks that target users come from the Web.
Of particular note is AppContainer, an aggressive application permission configuration feature introduced in IE10. AppContainer functions similarly to application sandboxing on mobile operating systems, such as iOS and Android. Under AppContainer, a developer must produce a manifest file that links directly to the application and defines what it can and cannot do. For instance, a developer might indicate on a manifest that an application can initiate outbound connections to the Internet, but it can't receive an incoming connection. If that application is subsequently exploited, and the exploit instructs the application to open a port for an inbound communication, the Windows 8 kernel will prevent the port from opening, thus limiting potential damage.
There are many other permissions within the AppContainer model, including the ability to instruct that an app may talk only to the Internet and not the local network, or vice versa, or decide which Windows 8 libraries, such as music, videos, pictures, or even removable storage, the app can access. We expect Microsoft to add more options for AppContainer in subsequent releases and service packs.
To read the rest of the article,
Download the Sept. 24, 2012, issue of InformationWeek
Windows 8 Survival Guide: OS and Browser Security
Our full report on Windows 8 and security is available free with registration.
This report includes 21 pages of action-oriented analysis with 13 charts. What you'll find:
Detailed analysis of new and enhanced security features
Exclusive survey results
Read more about:
2012About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024