Since the focus on trusted computing projects, Microsoft has insisted on introducing new security features in every new version of Windows. The security situation has undergone a significant improvement. It now appears that Windows 8 is no exception in this regard. Although the public has focused on the new user interface and the very polarized use effect, the security update is less noticeable. In this article, we'll take a look at what new security features have been added in each release, what are the differences between them and how they actually work.
Basic security features provided by Windows 8 system
These features will appear in all versions of Windows systems. Regardless of whether it is Win8 for home users or a professional and enterprise version for business users, there are no exceptions:
UEFI Secure Boot feature will be supported
Although this feature may be possible in some cases The flaws that lead to potential problems have led to a lot of criticism, but the safe start is still a very important security feature provided by this version of Windows. As we all know, the goal of the Unified Extensible Firmware Interface (UEFI - the latest version is 2.3.1) is to replace the traditional Basic Input Output System (BiOS) as a next-generation firmware interface for personal computers. Now, if the system chooses to use the secure boot feature, Windows 8 can greatly improve the effectiveness of malware such as rootkits. With the support of the secure boot feature, the operating system can verify the digital signature of all boot components, and the anti-malware driver can monitor all tampering operations. If the component signature is found to be incorrect (has been tampered with), Windows will enable recovery mode to attempt to process the operating system accordingly. For rootkit malware, the usual approach is to tamper with critical operating system files before most anti-malware tools are launched and remain active during the boot process. The latest secure boot feature detects all types of tampering and prevents rootkits from loading. For corporate users, the best solution now is to enable this feature directly when deploying Windows 8, and prohibit employees from shutting down.
The coverage of smart window filters is further increased
For smart window technology, the earliest location is the Internet Explorer browser. Now, its coverage will be extended to the operating system. In related tests conducted by NSS Labs, this feature has proven to be the best choice for modern browsers to detect and block social engineering malware. The smart window technology consists of a URL reputation verification system and an application and file reputation verification system. The URL reputation verification system can be used to help users defend against attacks such as phishing and social engineering. The document reputation verification system can fully track the file download status and verify the relevant reputation. If the downloaded file is confirmed to be of a malicious type, it will be blocked and given the warning message as follows:
Figure A
If it belongs to a new file, or the system cannot be valid case identification, then will show a warning message similar to the following:
Figure B
Because when it comes to unknown types of files, this approach is likely to cause the user to choose to bypass the warning message Choose to force open suspicious situations. Therefore, system administrators need to make timely and effective interventions to prevent warning messages from being ignored.
Built-in free anti-malware/virus tools: Windows Defender
In Windows 8, Microsoft will also offer a fully functional anti-malware solution. The approach taken is to add anti-virus features for Microsoft security solutions to Windows Defender. This means that this version of Windows Defender will have higher performance and lower system memory/CPU usage. For enterprise users, it's time to prepare to replace anti-malware products. Therefore, the correct way for the current enterprise is to provide comprehensive consultations to various anti-malware vendors for the solution to the compatibility of Windows 8 planning. After all, with the support of the secure boot feature, companies can now easily build a secure and reliable network environment with fewer potential vulnerabilities and faster response times.
Image Password
For secure logins, picture passwords are a new way to use touch mode. Now, the user can select a picture and make three touch gestures on it. The system can save the gesture sequence as the user “password”, and then the user can log in by repeating the operation. Relying on the association between gesture sequences and graphics, this model can achieve the goal of improving login security. For example, the user can select a picture containing two characters, draw a smile on one of the faces, and touch the other two eyes. Although this model sounds very interesting, how the reliability of the system will remain to be seen compared to the traditional model.
Built-in PDF Reader: Windows Reader
As a new integrated document reader for Windows 8, Microsoft will add a very interesting new security feature to Windows Reade. The reader can support PDF file formats that are currently very popular among attackers. By integrating a simple version of the reader that uses the system's regular update mode, the operating system can reduce the need for potentially risky applications or plug-ins to achieve the goal of increasing platform default security.
ASLR and Reduced Attacks
Address Space Layout Randomization (ASLR) was first introduced in Windows Vista, while the established goal was to mitigate the random movement of code and data in memory, resulting in a notorious " The buffer overflows the harm caused by the vulnerability. In Windows 8, the degree of randomization has been further enhanced in order to prevent technical attempts to bypass ASLR. Other measures involved include tuning the Windows kernel and heap, using a similar ASLR-based approach for new integrity checks and randomization. And, for Internet Explorer 10, you'll also benefit from these changes: In addition to the "Enhanced Protection Mode" sandbox, there is also an IE10 option called "ForceASLR". It can randomize all modules loaded in the browser's memory, regardless of whether they choose to use protected ASLR technology (by using the optional /DYNAMICBASE logo to create modules, developers can get the benefits of ASLR technology) limits.
Security Features Available in Windows 8 Professional
Several features listed below will only appear in Windows 8 Professional and Enterprise editions for business users:
Disk Encryption Tools: BitLocker and BitLocker To Go
In Windows Vista, Microsoft offers Bitlocker as a full-disk encryption solution. In Windows 7, Bitlocker was replaced by Bitlocker To Go. In the new version, the tool has not changed much. However, it also adds a new option to back up Bitlocker To Go's encryption key to a SkyDrive account.
Encrypted File System
As the first encryption solution provided by Microsoft, EFS can support operations on individual files, folders and drives. It first appeared in the Windows NT family of products more than 20 years ago. However, it has been basically replaced by Bitlocker, Bitlocker To Go and a large number of free encryption tools.
Domain members and Group Policy objects
There is no difference between the previous cases, these two features still belong to the main difference between the Windows home and commercial versions. For network environments that require centralized management, adding new members to the Active Directory domain is a critical feature. Once users are added, administrators can create and apply Group Policy objects to domain members to provide complete control over the day-to-day operations, including security. In Windows 8, Microsoft introduced a new strategy for the new operating system:
Figure C
Windows 8 Enterprise Edition security features
Finally, the agreement signed Software Assurance will Opportunity to get Windows 8 Enterprise Edition, it will include several security features listed below:
Application Control Strategy Tool: Applocker
As an application control solution from Microsoft, Applocker with black and white list technology is the earliest It is in Windows 7. With the help of AppLocker, system administrators can establish policies to fully control user installations and activities such as running specific applications. In Windows 8, AppLocker manages traditional desktop applications as well as emerging Metro applications.
Direct Access Features
As an alternative to external computers using VPN to securely connect to the company's intranet, Microsoft introduced direct access. At the time of use, direct access does not require support from other applications and can help companies ensure that remote mode or mobile computers do not have compatibility issues with applications and patching policies. This feature hasn't changed much compared to the initial version that appeared in Win7.
System Mirroring: Windows To Go
Following the development of the "Using Your Own Device" wave, Microsoft also announced the Windows To Go system image feature. Because it supports full management and is completely connection-independent; system administrators can use an external USB drive to save Windows 8 enterprise images and boot on any x64 system. As a complete mirror of the enterprise system, projects including Windows update strategy, enterprise anti-virus solution, and encryption tool BitLocker are manageable. Currently, the minimum requirement for Windows To Go is a USB drive with at least 32GB of space. Despite these many limitations, it is still a very valuable feature for many companies, especially those that focus on their own device initiatives and the security risks posed by disaster recovery solutions.