Windows 8.1 preview video was announced, boot to desktop features confirmed by screenshots, more and more details have been mined out, the public understanding of Windows 8.1 is getting deeper and deeper. However, many people are paying attention to the new features and improvements of Win8.1, ignoring something equally important, that is, the security improvement of Windows 8.1.
According to some known information, Windows 8.1 will take more proactive measures on malware protection, adopt new web site security certificate verification methods, and even plan to add encryption and biosecurity technology to each PC.
Windows 8.1 built-in anti-malware tool Windows Defender will be more "caring" browser security, similar to plug-ins and ActiveX controls, before they run, Defender will first scan them securely.
Preventing theft of security certificates
Security certificates are important credentials for many websites (especially those that involve account password login). When users access the website through a browser, the certificate will tell the browser whether these websites are Honest and reliable. Therefore, the hacker will focus on the security certificate. Once the security certificate of the official website is cracked and stolen, it is easy to fool the browser by making a fake website and then adding the stolen security certificate. In this case, I will give my account password to the criminals.
Security certificates have been targeted
In Windows 8.1, Microsoft will track the security certificates of millions of websites in real time, once a website security certificate is found to be stolen or not appearing On the website, you will immediately contact the certification authority to take action in the shortest possible time.
Encryption and BitLocker
Windows 8.1 continues to provide improved BitLocker functionality for enterprise users (a significant increase in speed), but encryption is not exclusive to enterprise users. Encryption is not only about protecting data, but also about the system itself, for example, preventing system files from being tampered with by others.
Data encryption also makes sense for the average user.
If you plan to use Windows 8.1 tablet to save some important data, data encryption and biometric technology can make this data more secure.
Windows 8.1 to view PC health
Windows 8.1 will add a cloud service called "Provable PC Health" which can be stored in TMP (Trusted Platform Module) by comparison The PC security boot record detects if the PC is infected with malware or viruses. This service allows remote analysis of the security status and integrity of PC devices.
When a user's PC is infected with malware, the service can try to restore the system to a secure state and send a security notification to the user.
Check your PC health status at any time. Once your PC is confirmed to be free of malware and viruses, you can even use it as a more reliable authentication method than passwords. Passwords can be brute-forced or obtained through phishing, and it is much safer to use this certified device. If you add another verification method to this PC (such as fingerprint login), the safety factor will be further improved.
Windows 8.1 Fingerprint Sensors
Using fingerprints as an authenticator is a good choice, but existing devices lack a proper balance between price and security, and inexpensive sensors are too large to fit in. Notebooks and tablets, and such sensors are easy to crack. The small size and safety of the sensor is guaranteed to be high, and if used on Win8 devices, it will increase the price.
Fingerprint identification is widely used
It is reported that Microsoft is negotiating with partners to try to introduce low-cost high-quality fingerprint sensors to add a security certification for Windows 8.1 notebooks and tablets.
Windows 8.1 Virtual Smart Card
This is an enhancement for enterprise users. Smart cards and their personal identification numbers (PINs) are an increasingly common, reliable and economical form of two-factor authentication. Because of the corresponding controls, users must have a smart card and know the PIN to access network resources. For WIndows 8.1, it provides a way for network access to devices (such as WinRT tablets) that would otherwise not be able to join the domain but have a TPM. This is a virtual smart card that eliminates the need for a separate physical smart card and card reader as long as the employee's computer has a built-in TPM.
Windows8.1 Selective Removal
Windows 8.1 also includes a "opt-delete" feature that is designed to delete corporate files stored on a personal computer without deleting personal data. Work files related to the enterprise will be protected by encryption, and enterprise administrators can delete these files by remote commands.
With the increasing number of employee-owned devices (BYOD), virtual smart cards allow those personal devices to qualify for the corporate network (without purchasing additional equipment), while the enterprise can keep it in place. The enterprise data on the employee's personal computer, once the employee leaves the company, can delete the enterprise data in time through remote operation.