Windows 8.1 security improvements at a glance

The Windows 8.1 preview video was released. The launch to desktop function was confirmed by screenshots. More and more details were also mined. The public's understanding of Windows 8.1 is getting deeper and deeper. However, many people are paying attention to the new features and improvements of Win8.1, ignoring something equally important, that is, the security improvement of Windows 8.1.

According to some known information, Windows 8.1 will take more proactive measures on malware protection, adopt new web site security certificate verification methods, and even plan to add encryption and biosecurity technology to each PC. .

Windows 8.1's built-in anti-malware tool Windows Defender will be more "careful" browser security, similar to plug-ins and ActiveX controls, before they run, Defender will first secure them. scanning.

Preventing theft of security certificates

Security certificates are important credentials for many websites (especially those that involve account password login). When a user visits a website through a browser, the certificate will tell Whether the browsers are authentic or not. Therefore, the hacker will focus on the security certificate. Once the security certificate of the official website is cracked and stolen, it is easy to fool the browser by making a fake website and then adding the stolen security certificate. In this case, I will give my account password to the criminals.

Security certificates have been targeted

In Windows 8.1, Microsoft will track the security certificates of millions of websites in real time, once a website security certificate is found stolen or appears On websites that should not appear, they will immediately contact the certification authority to take action in the shortest possible time.

Encryption and BitLocker

Windows 8.1 continues to provide improved BitLocker functionality for enterprise users (a significant increase in speed), but encryption is not exclusive to enterprise users. Encryption is not only about protecting data, but also about the system itself, for example, preventing system files from being tampered with by others.

Data Encryption Also Works for Ordinary Users

Data encryption and biometrics make this data more secure if you plan to use Windows 8.1 tablet devices to store some important data.

Windows 8.1 for PC Health

Windows 8.1 will add a cloud service called "Provable PC Health" which can be stored in TMP by comparison The PC Secure Boot Record in the (trusted platform module) detects if the PC is infected with malware or viruses. This service allows remote analysis of the security status and integrity of PC devices.

When a user's PC is infected with malware, the service can attempt to restore the system to a secure state and send a security notification to the user.

Check your PC health at any time

Once your PC is confirmed to be free of malware and viruses, you can even use it as a more reliable authentication method than passwords. Passwords can be brute-forced or obtained through phishing, and it is much safer to use this certified device. If you add another verification method to this PC (such as fingerprint login), the safety factor will be further improved.

Windows 8.1 Fingerprint Sensor

Using fingerprints as an authenticator is a good choice, but existing devices lack a proper balance between price and security, and inexpensive sensors. Larger ones are not suitable for installation on notebooks and tablets, and such sensors are easily cracked. The small size and safety of the sensor is guaranteed to be high, and if used on Win8 devices, it will increase the price.

Fingerprint recognition is widely used

It is reported that Microsoft is negotiating with partners to try to introduce low-cost high-quality fingerprint sensors to add a security certification for Windows 8.1 notebooks and tablets.

Windows 8.1 Virtual Smart Card

This is an enhancement for enterprise users. Smart cards and their personal identification numbers (PINs) are an increasingly common, reliable and economical form of two-factor authentication. Because of the corresponding controls, users must have a smart card and know the PIN to access network resources. For WIndows 8.1, it provides a way for network access to devices (such as WinRT tablets) that would otherwise not be able to join the domain but have a TPM. This is a virtual smart card that eliminates the need for a separate physical smart card and card reader as long as the employee's computer has a built-in TPM.

Windows8.1 Selective Removal

Windows 8.1 also includes a "opt-delete" feature that is designed to delete corporate files stored on a personal computer while Personal data will not be deleted. Work files related to the enterprise will be protected by encryption, and enterprise administrators can delete these files by remote commands.

With the increasing use of employee-owned devices (BYOD), virtual smart cards enable those personal devices to qualify for the corporate network (without purchasing additional equipment), while Master the enterprise data stored on the employee's personal computer. Once the employee leaves the company, the enterprise data can be deleted in time through remote operation.