Differences in security features in Win8 versions

Since Microsoft launched and actively promoted its own trusted computing project, Microsoft added new security features to each version of Windows that it launched and upgraded again and again. The security level of the Windows system. Although the newly released Windows 8 has received mixed evaluations on the new UI and visual effects, it is an indisputable fact that its security performance has been comprehensively improved as always. Let's take a look at the various security features added to the Win8 system.

Windows 8 Basic Security Features

The security features described in this section are included in the various versions of the Win8 system. Whether it's a Windows 8 for home users or a Windows 8 for enterprise, the following security features are available to everyone. :

Support for UEFI Secure Boot

Secure Boot The Secure Boot feature is a very important security feature added to the Windows 8 system, but some people have questioned this feature. Because there are potential problems with this feature in some cases. The main purpose of UEFI (Unified Extensible Firmware Interface - Current Version 2.3.1) was developed as a firmware interface for next-generation computer products, replacing the BIOS interface widely used on traditional PCs. With Secure Boot enabled, Windows 8 can effectively defend against underlying malware attacks such as rootkits. In an operating system with Secure Boot, the system will submit the digital signature of all boot components to the anti-malware driver portion of the system for review to discover suspicious boot components. If the signature of a startup component is abnormal (tampered), the Windows Recovery Environment starts and attempts to repair the operating system. The rootkit attack method is usually to tamper with the system's key startup files, so that it is activated before the system startup process before various anti-virus software. Secure Boot will find any form of tampering and prevent rootkits from being loaded. This feature of Windows 8 is a must for businesses, and companies should prevent employees from disabling this feature.

SmartScreen Filters

SmartScreen Smart Screen Technology first appeared in Internet Explorer and is now officially added to the next generation of Windows operating systems. According to NSS Labs, this feature is the best for detecting and blocking social engine malware in various browser security features on the market. The SmartScreen feature features a URL-based reputation system and a file/application reputation system. The URL reputation system protects users from phishing sites and social engine attacks, while the file reputation system can monitor files downloaded through the browser to ensure files are safe and reliable. If a downloaded file is identified as a suspicious file or a malicious file, the system will block the download activity of the file and feed back the following information to the user:

Figure A

If the downloaded file is not recorded in the file reputation system, or the system does not recognize it, the following warning message will be displayed:

Figure B

For unknown files, most users will bypass the warning message and actively open the file, but due to administrative control, the user cannot close this warning message.

Integrated Anti-Malware Programs Windows Defender

Because Windows Defender has added new technology from Microsoft Security Essentials and has anti-virus capabilities, Windows 8 now has Complete anti-virus and anti-malware solution. The new version of Windows Defender improves performance while reducing memory/CPU usage. Although many companies still use third-party anti-virus software purchased by enterprises themselves, enterprises should also consult third-party anti-virus vendors, especially if their products can support Windows 8 systems, because if they can support Secure Boot, they will let enterprises The safe environment responds faster and reduces potential security blind spots.

Picture Password

The Picture Password function is a new touch screen-based secure login solution for Windows8 system. Users can select a picture in the system and on the picture. Complete three gesture actions in sequence to complete the login behavior. The system records the user's click location and order as the login password, and the clicked location is bound to the image to improve security. For example, the user can select a photo of a couple and draw a smiling mouth on one of the faces, and then click on both eyes on the other face as their login password. This looks a bit more complicated than the traditional password method, but its security is no less than a strong password.

Windows Reader

Windows 8 includes a new document reader, Windows Reader, which also includes a new security feature. Windows Reader supports PDF documents, and PDF documents are one of the most frequently attacked document formats. A lightweight PDF reader built into the operating system and regularly updated via Windows Update will help the system to prevent various attacks based on PDF files and reduce the security blindness of the system.

ASLR and overflow reduction

Address Space Layout Randomization (ASLR) is the address space layout randomization technology that first appeared in Windows Vista, and its essence is through The technique of storing code and data in memory randomly to avoid buffer overflows. In Windows 8, this randomization technique was further enhanced to avoid the known attacks that bypass ASLR technology from damaging the system. Other measures to reduce the risk of spillovers include modifying the Windows kernel and heap, new integrity detection methods, and a random approach like ASLR. These enhancements will also benefit IE10: In addition to the “Enhanced Protected Mode” sandbox, IE10 also has the “ForceASLR” option, which allows all loaded modules to be stored in memory in random, regardless of these modules. Whether ASLR protection is set up (developers can use the /DYNAMICBASE tag to develop modules that support ASLR technology to better take advantage of this technology).

Windows 8 Professional Security Features

The security features I will introduce below are only available for Windows 8 Professional and Windows 8 Enterprise for enterprise users:

Bitlocker and Bitlocker To Go

Bitlocker is a full-disk encryption solution launched by Microsoft in the era of Vista. In Windows 7, the program was renamed Bitlocker To Go and can support Full disk encryption of mobile storage devices. In Windows 8, there is no obvious change to this solution, just the ability to back up the Bitlocker To Go encryption key to your SkyDrive account.

Encrypting File System

The EFS Encrypting File System is Microsoft's solution for encrypting a disk, folder and file. EFS appeared in the Windows NT family twenty years ago, and now due to the introduction of Bitlocker, Bitlocker To Go and various free encryption solutions on the market, EFS has no glory.

Domain Members and Group Policy Objects

In general, these two functions are a distinguish between a consumer version of Windows and an enterprise version of Windows. For centralized management, Active Directory is critical. Once added to the Active Directory, administrators can create Group Policy objects and apply them to domain members to implement various control functions for domain members, thereby improving overall security performance. Windows 8 has established a new strategy for the new operating system: