Since Microsoft launched and actively promoted its own trusted computing projects, Microsoft has added new security features to each version of Windows that it has introduced and has raised the security level of Windows systems again and again. Although the newly released Windows 8 has received mixed evaluations on the new UI and visual effects, it is an indisputable fact that its security performance has been comprehensively improved as always. Let's take a look at the various security features added to the Win8 system.
Windows 8 Basic Security Features
The security features described in this section are included in the various versions of the Win8 system. Whether it's a Windows 8 for home users or a Windows 8 for enterprise, the following security features are available to everyone. :
Support for UEFI Secure Boot
Secure Boot The Secure Boot feature is a very important security feature added to the Windows 8 system, but some people have questioned this feature because in some cases There are potential problems with this feature. The main purpose of UEFI (Unified Extensible Firmware Interface - Current Version 2.3.1) was developed as a firmware interface for next-generation computer products, replacing the BiOS interface widely used on traditional PCs. With Secure Boot enabled, Windows 8 can effectively defend against underlying malware attacks such as rootkits. In an operating system with Secure Boot, the system will submit the digital signature of all boot components to the anti-malware driver portion of the system for review to discover suspicious boot components. If the signature of a startup component is abnormal (tampered), the Windows Recovery Environment starts and attempts to repair the operating system. The rootkit attack method is usually to tamper with the system's key startup files, so that it is activated before the system startup process before various anti-virus software. Secure Boot will find any form of tampering and prevent rootkits from being loaded. This feature of Windows 8 is a must for businesses, and companies should prevent employees from disabling this feature.
SmartScreen Filters
SmartScreen Smart Screen Technology first appeared in Internet Explorer and is now officially added to the next generation of Windows operating systems. According to NSS Labs, this feature is the best for detecting and blocking social engine malware in various browser security features on the market. The SmartScreen feature features a URL-based reputation system and a file/application reputation system. The URL reputation system protects users from phishing sites and social engine attacks, while the file reputation system can monitor files downloaded through the browser to ensure files are safe and reliable. If a downloaded file is identified as a suspicious file or a malicious file, the system will block the download activity of the file and feed back the following information to the user:
Figure A
If the downloaded file If there is no record in the file reputation system, or the system is unrecognized, the following warning message will be displayed:
Figure B
For unknown files, most users will still bypass the warning message and take the initiative. To open the file, but due to administrative control, the user can not close this warning message.
Integrated Anti-Malware Program Windows Defender
Because Windows Defender has added new technology from Microsoft Security Essentials and has anti-virus capabilities, Windows 8 now has a full anti-virus and anti-virus Malware solution. The new version of Windows Defender improves performance while reducing memory/CPU usage. Although many companies still use third-party anti-virus software purchased by enterprises themselves, enterprises should also consult third-party anti-virus vendors, especially if their products can support Windows 8 systems, because if they can support Secure Boot, they will let enterprises The safe environment responds faster and reduces potential security blind spots.
Picture Password
The Picture Password function is a new touch screen-based secure login scheme for Windows8 system. Users can select a picture in the system and complete three gestures in sequence on the picture. Complete the login behavior. The system records the user's click location and order as the login password, and the clicked location is bound to the image to improve security. For example, the user can select a photo of a couple and draw a smiling mouth on one of the faces, and then click on both eyes on the other face as their login password. This looks a bit more complicated than the traditional password method, but its security is no less than a strong password.
Windows Reader
Windows 8 includes a new document reader, Windows Reader, which also includes a new security feature. Windows Reader supports PDF documents, and PDF documents are one of the most frequently attacked document formats. A lightweight PDF reader built into the operating system and regularly updated via Windows Update will help the system to prevent various attacks based on PDF files and reduce the security blindness of the system.
ASLR and Overflow Reduction
Address Space Layout Randomization (ASLR) is an address space layout randomization technique that first appeared in Windows Vista, and its essence is by putting code and data in memory. A technique for random storage to avoid buffer overflow vulnerabilities. In Windows 8, this randomization technique was further enhanced to avoid the known attacks that bypass ASLR technology from damaging the system. Other measures to reduce the risk of spillovers include modifying the Windows kernel and heap, new integrity detection methods, and a random approach like ASLR. These enhancements will also benefit IE10: In addition to the "Enhanced Protected Mode" sandbox, IE10 also has the "ForceASLR" option, which allows all loaded modules to be stored in memory randomly, regardless of whether these modules are set up. ASLR protection (developers can use the /DYNAMICBASE tag to develop modules that support ASLR technology to take advantage of this technology).
Windows 8 Professional Security Features
The security features I will introduce below are only available for Windows 8 Professional and Windows 8 Enterprise for enterprise users:
Bitlocker and Bitlocker To Go
Bitlocker is a full-disk encryption solution launched by Microsoft in the era of Vista. In Windows 7, the program was renamed Bitlocker To Go, which supports full-disk encryption of mobile storage devices. In Windows 8, there is no obvious change to this solution, just the ability to back up the Bitlocker To Go encryption key to your SkyDrive account.
Encrypting File System
The EFS Encrypting File System is Microsoft's solution for encrypting a disk, folder and file. EFS appeared in the Windows NT family twenty years ago, and now due to the introduction of Bitlocker, Bitlocker To Go and various free encryption solutions on the market, EFS has no glory.
Domain members and group policy objects
In general, these two functions are a distinguish between the consumer version of Windows and the enterprise version of Windows. For centralized management, Active Directory is critical. Once added to the Active Directory, administrators can create Group Policy objects and apply them to domain members to implement various control functions for domain members, thereby improving overall security performance. Windows 8 has established a new strategy for the new operating system:
Figure C
Windows 8 Enterprise Security Features
The last security feature I want to introduce is only available in Windows. In the Enterprise Edition, these security features include:
Applocker
Applocker is Microsoft's solution for application control. The program first appeared in the Windows 7 system, through the blacklist and whitelist way to achieve control of the application. With Applocker, administrators can establish appropriate policies that restrict or allow users to install certain applications on their computers. The new Windows 8 Applocker can manage both traditional desktop applications and the new Metro aPPS.
DirectAccess
In terms of personal computer and corporate network security connections, Microsoft introduced DirectAccess to replace traditional VPN. Because DirectAccess does not require additional applications to be launched, it can be easily applied to strategically to enable remote connectivity and secure connection protection on mobile computing devices. At present, there is no change in DirectAccess in Windows 8 and DirectAccess in Windows 7.
Windows To Go
With the development of BYOD (portable with personal devices), Microsoft also released Windows To Go in due course. This is a fully managed Windows 8 enterprise image system that can be stored by the administrator on a USB flash drive and booted on any PC with an x64 hardware structure. As a complete enterprise PC image, Windows To Go includes a variety of management features, such as Windows Update policy management, enterprise anti-malware solutions and Bitlocker encryption tools. Currently Windows To Go requires a USB flash drive of at least 32GB and can only be booted on an x64 computer. Despite these limitations, Windows To Go is still a very useful feature in multiple environments. Whether it's the security risks of BYOD trends that companies are worried about, or the disaster recovery of enterprise data, Windows To Go can play a role. Certain effect.