Discuss the latest security features of Win8's three major versions

Since the focus has been placed on trusted computing projects, Microsoft has insisted on introducing new security features in every new version of Windows. This approach makes the security posture of the system extremely obvious. improve. It now appears that Windows 8 is no exception in this regard. Although the public has focused on the new user interface and the very polarized use effect, the security update is less noticeable. In this article, we'll take a look at what new security features have been added in each release, what are the differences between them and how they actually work.

Basic security features provided by Windows 8 system

These features will appear in all versions of Windows systems. Regardless of whether it is Win8 for home users or a professional and enterprise version for business users, there are no exceptions:

UEFI Secure Boot feature will be supported

Although this feature is In some cases, the defects that may cause potential problems have attracted a lot of criticism, but the safe start is still a very important security feature provided by this version of Windows. As we all know, the goal of the Unified Extensible Firmware Interface (UEFI—— the latest version is 2.3.1) is to replace the traditional Basic Input Output System (BIOS) as a next-generation firmware interface for personal computers. Now, if the system chooses to use the secure boot feature, Windows 8 can greatly improve the effectiveness of malware such as rootkits. With the support of the secure boot feature, the operating system can verify the digital signature of all boot components, and the anti-malware driver can monitor all tampering operations. If the component signature is found to be incorrect (has been tampered with), Windows will enable recovery mode to attempt to process the operating system accordingly. For rootkit malware, the usual approach is to tamper with critical operating system files before most anti-malware tools are launched and remain active during the boot process. The latest secure boot feature detects all types of tampering and prevents rootkits from loading. For corporate users, the best solution now is to enable this feature directly when deploying Windows 8, and prohibit employees from shutting down.

The coverage of smart window filters is further increased

For smart window technology, the earliest location is the Internet Explorer browser. Now, its coverage will be extended to the operating system. In related tests conducted by NSS Labs, this feature has proven to be the best choice for modern browsers to detect and block social engineering malware. The smart window technology consists of a URL reputation verification system and an application and file reputation verification system. The URL reputation verification system can be used to help users defend against attacks such as phishing and social engineering. The document reputation verification system can fully track the file download status and verify the relevant reputation. If the downloaded file is confirmed to be of a malicious type, it will be blocked and given the warning message as follows:

Figure A

If it If it belongs to a new file, or the system cannot be effectively identified, it will display a warning message similar to the following figure:

Figure B

Because of the unknown type involved When this file is used, this practice is likely to cause the user to choose to bypass the warning message and choose to force open suspicious situations. Therefore, system administrators need to make timely and effective interventions to prevent warning messages from being ignored.

Built-in free anti-malware/virus tools: Windows Defender

In Windows 8, Microsoft will also offer a fully functional anti-malware solution. The approach taken is to add anti-virus features for Microsoft security solutions to Windows Defender. This means that this version of Windows Defender will have higher performance and lower system memory/CPU usage. For enterprise users, it's time to prepare to replace anti-malware products. Therefore, the correct way for the current enterprise is to provide comprehensive consultations to various anti-malware vendors for the solution to the compatibility of Windows 8 planning. After all, with the support of the secure boot feature, companies can now easily build a secure and reliable network environment with fewer potential vulnerabilities and faster response times.

Picture Password

For secure logins, picture passwords are a new way to use touch mode. Now, the user can select a picture and make three touch gestures on it. The system can save the gesture sequence as the user "password", and the user can log in again by repeating the operation. Relying on the association between gesture sequences and graphics, this model can achieve the goal of improving login security. For example, the user can select a picture containing two characters, draw a smile on one of the faces, and touch the other two eyes. Although this model sounds very interesting, how the reliability of the system will remain to be seen compared to the traditional model.

Built-in PDF Reader: Windows Reader

As a new integrated document reader for Windows 8, Microsoft will add a very interesting new security feature to Windows Reade. The reader can support PDF file formats that are currently very popular among attackers. By integrating a simple version of the reader that uses the system's regular update mode, the operating system can reduce the need for potentially risky applications or plug-ins to achieve the goal of increasing platform default security.

ASLR and Reduced Attacks

The first place where Address Space Layout Randomization (ASLR) occurs is in Windows Vista, while the intended goal is to mitigate the random movement of code and data in memory. This led to the notorious "buffer overflow" vulnerability. In Windows 8, the degree of randomization has been further enhanced in order to prevent technical attempts to bypass ASLR. Other measures involved include tuning the Windows kernel and heap, using a similar ASLR-based approach for new integrity checks and randomization. And, for Internet Explorer 10, it will also benefit from these changes: In addition to the "enhanced protection mode" sandbox, there is also an IE10 option called "ForceASLR". It can randomize all modules loaded in the browser's memory, regardless of whether they choose to use protected ASLR technology (by using the optional /DYNAMICBASE logo to create modules, developers can get the benefits of ASLR technology) limits.

Security Features Available in Windows 8 Professional

The features listed below will only appear in Windows 8 Professional and Enterprise editions for business users:

Disk Encryption Tools: BitLocker and BitLocker To Go

In Windows Vista, Microsoft offers Bitlocker as a full-disk encryption solution. In Windows 7, Bitlocker was replaced by Bitlocker To Go. In the new version, the tool has not changed much. However, it also adds a new option to back up Bitlocker To Go's encryption key to a SkyDrive account.