Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

12/20/2012
03:32 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Windows 8 Security Stresses Exploit Prevention

A look at some of the key security features in the Microsoft's new OS

Windows 8 won't be under the Christmas tree for most enterprises this year: It's too new, and Windows 7 remains well-entrenched for now. But with the brand-new Windows 8, Microsoft has continued its strategy of building more security features into the operating system to help deflect attacks.

One key theme in Windows 8 security is repelling exploitation: mainly making sure that when -- that's when, not if -- malware gets in, it can't actually do harm. That's right in sync with a growing sense of fatalism among enterprises and security vendors that has replaced the secure fortress mindset. It's no longer if or when you get hacked, but the assumption that you've already been hacked, with a focus on minimizing the damage.

[The goal is to try to detect an attack as early in its life cycle as possible and to quickly put a stop to any damage, such as extricating the attacker from your data server -- or merely stopping him from exfiltrating sensitive information. See Damage Mitigation As The New Defense.]

Windows 8 comes with security features that fit that major shift in security philosophy and approach. "We've made significant investments in Windows 8 to make sure that even if a vulnerability is discovered, the likelihood of a successful attack will have been minimized, if not eliminated," says Stella Chernyak, a member of the Windows 8 team at Microsoft, in a blog post today.

Microsoft says it focused on three main areas of security in Windows 8: resisting malware, data encryption, and new authentication.

Security experts applaud Windows 8's new features, but question whether they mean much right now, especially since few organizations are ready to make the jump to Windows 8. "The bigger issue is the adoption of Windows 8. Nobody I've talked to is campaigning to implement it. Windows 7 is stable, and it doesn't have a crazy interface" like the new version of Windows, says Andrew Jaquith, CTO of Perimeter E-Security.

Jaquith gives a thumbs-up to the new security features in Windows 8. Still, it remains to be seen whether enterprises that eventually go Windows 8 will adopt the bulk of its security controls, he says.

Here's a look at the three main security disciplines in Windows 8:

1. Malware repellant.
Just like there's no way to stop a determined hacker, there's no way to stop all malware, either. But Microsoft has included the so-called Secure Boot feature, which is based on the new Unified Extensible Firmware Interface (UEFI), which replaces the BIOS.

"Secure Boot prevents a computer from booting into an operating system unless the boot-loader code is digitally signed with a certificate derived from a key stored in the UEFI firmware," explains Paul Henry, security and forensic analyst at Lumension Security.

The new Secure Boot feature in Windows 8 is aimed at blocking stealth malware, such as bootkits and rootkits, that can wrest control of the machine, according to Microsoft.

The digital signature provides verification that the boot-loader code, which the UEFI reads from disk into memory, is from a trusted source. "This effectively mitigates the risk of a malicious 'boot-kit' from being run on boot to facilitate persistent malware," Henry says.

But given the rash of stolen digital certificates over the past year or so to sign and spread malware, "the jury is still out" on the ultimate effectiveness of Secure Boot, he says.

Secure Boot combined with running Microsoft's AppLocker whitelisting feature and banning side-loading attacks is the best combination to prevent malicious code and apps from infiltrating the machine, Perimeter's Jaquith says. "Then you would get something very close to what [some] smartphones have [with] app modules that are trusted, and you can trace them back to a known app source. Integrity can be verified through [Secure Boot]," he says.

Microsoft also has embedded an updated version of its Windows Defender anti-malware application in Windows 8. Microsoft recommends using just one anti-malware application on the Windows 8 machine, whether it's Windows Defender or another product.

Lumension's Henry says Windows Defender has actually fared better than many other AV products in testing. AV Comparatives found that 13 of 17 AV products had equal or inferior heuristics than Windows Defender. "Even when adding behavioral protection into the mix, Windows Defender still beat the performance of four of the 17 well-established commercial products tested," Henry says. Even so, "it shouldn't be your only defense."

Overall, the new Windows Defender version is "more robust" than previous versions, says Nick Skrepetos, CTO of consumer software for Support.com.

2. Protecting the data itself.
Encryption traditionally has had its woes: "One of the biggest challenges is the sheer amount of time it takes to provision encryption to the device. It can take hours, and in the case of some third-party solutions, it can even block end user productivity while the encryption process is taking place," Microsoft's Chernyak says.

Microsoft has beefed up BitLocker and BitLocker to Go, its data encryption features, in Windows 8. The OS offers Data-Only Encryption, where BitLocker encrypts only the sectors on the disk that include data. This trims encryption time down to minutes in many scenarios, according to Microsoft. There's also a new flavor of a self-encrypting drive feature that works with BitLocker to encrypt data on-the-fly, using hardware-based processing to speed up the process.

"BitLocker has a new BitLocker To Go capability that allows the encryption key for BitLocker to be saved in the users' SkyDrive Account," Henry notes.

Next Page: New virtual smart card Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Microsoft Patches Wormable RCE Vulns in Remote Desktop Services
Kelly Sheridan, Staff Editor, Dark Reading,  8/13/2019
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
GitHub Named in Capital One Breach Lawsuit
Dark Reading Staff 8/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15132
PUBLISHED: 2019-08-17
Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocki...
CVE-2019-15133
PUBLISHED: 2019-08-17
In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero.
CVE-2019-15134
PUBLISHED: 2019-08-17
RIOT through 2019.07 contains a memory leak in the TCP implementation (gnrc_tcp), allowing an attacker to consume all memory available for network packets and thus effectively stopping all network threads from working. This is related to _receive in sys/net/gnrc/transport_layer/tcp/gnrc_tcp_eventloo...
CVE-2019-14937
PUBLISHED: 2019-08-17
REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data.
CVE-2019-13069
PUBLISHED: 2019-08-17
extenua SilverSHielD 6.x fails to secure its ProgramData folder, leading to a Local Privilege Escalation to SYSTEM. The attacker must replace SilverShield.config.sqlite with a version containing an additional user account, and then use SSH and port forwarding to reach a 127.0.0.1 service.