Updated 5/23/12: Added info about new
Windows 8 security features and improvements.
Early in 2011 my colleague Paul Thurrott (and Rafael Rivera from Within Windows) ferreted out some details about security improvements to Windows 8, namely the addition of Modern Reader, a potentially more secure alternative to Adobe PDF readers. New security features were also revealed during the Microsoft BUILD conference and via a recent blog post by Jason Garms, Microsoft's group program manager of the reliability and security team for Windows 8 . I've updated this original post with this new information.
Microsoft previewed a new touch-based security login at BUILD called picture password. Here's how it works: The user selects a picture, then makes three touch gestures on top of the image. The system remembers that sequence, and then the user repeats that sequence of gestures to login. For example, a user could have a picture of a pet as their startup screen, then use touch to draw a smile and touch both eyes of the dog. The gesture is tied to the image , and increases login security considerably. (Microsoft applied for a patent for the " sketch-based password authentication" technology behind picture password several years ago.)
Windows 8 Picture Password (image courtesy Microsoft)
Windows Defender improvements
The venerable Windows Defender anti-malware tool gets an upgrade in Windows 8, including an expanded set of malware signatures that have been provided by the Microsoft Malware Protection Center. According to Garms, the Windows 8 version of Defender provide protections from a wider array of hostile software threats, including "all types of malware, including viruses, worms, bots and rootkits."
Exploit Mitigation enhancements
Garms also mentioned a number of improvements at the code level that give Windows 8 enhanced protection against software exploits, including improved Address Space Layout Randomization (ASLR), which works by "randomly shuffling the location of most code and data in memory to block assumptions that the code and data are at same address on all PCs." Windows kernel and Windows heap have been revamped with code improvements and integrity checks, respectively, that should harden Windows 8 and make it even more difficult for software exploits to work properly.
UEFI Secure Boot support
Windows 8 supports the secure boot feature offered in the Unified Extensible Firmware Interface (UEFI), which should provide an additional layer of protection during the system startup process. UEFI was designed to serve as the successor to the decades-old BIOS system and was designed to support mobile and tablet devices as well as PCs. Despite some controversy over how leveraging a UEFI secure boot process could potentially cause problems for dual-booting with other OSes, Microsoft has attempted to debunk those claims.
Microsoft's believes that their SmartScreen URL reputation technology--which debuted in Internet Explorer 9--has been doing an especially effective job at protecting IE users, with Garms stating that "the SmartScreen filter has used URL reputation to help protect Internet Explorer customers from more than 1.5 billion attempted malware attacks and over 150 million attempted phishing attacks."
SmartScreen also warns users when they open files downloaded from the Internet; in Windows 8 the feature will now notify users only when the reputation of the application they're trying to open hasn't been established yet.
Microsoft SmartScreen (image courtesy Microsoft)
One of the most noteworthy potential new features of Windows 8 from a security perspective could be the new Windows 8 integrated document reader, which will reportedly support PDF (and potentially more) file formats. PDF files and flash plug-ins have been notoriously porous from a security perspective, and Modern Reader may signal a move by Microsoft to add yet even more default security to the Windows platform, a move that would echo recent statements about a move toward enhanced platform security made by other Microsoft executives. (See more on Modern Reader from Paul Thurrott and Rafael Rivera here.)
An integrated Microsoft reader would undoubtedly be part of the unified Windows Update OS patching process, which removes the need for users (and admins) to worry about patching products from another vendor using a separate (and non-synchronized) update process, as is the case with Adobe's stand-alone product patching system. That move does fit with Microsoft's recent move to a more aggressive security posture when it comes to making Windows (and other core Microsoft applications) as secure as possible, possibly at the cost of angering Microsoft partners like Adobe.
Regular system backups are a must for any IT professional, and Microsoft (according to WinRumors) is reportedly making an attempt to make that easier, especially on the client side. Here's what Tom Warren of WinRumors writes about History Vault:
The feature will allow Windows 8 users to backup files and data automatically using the Shadow Copies function of Windows. According to one person familiar with the company’s plans, the backup feature will include the ability to restore to a specific time or date on the system. Users will also be able to select files and restore them to different timestamps.
Windows 7 included a host of important security improvements over Vista and XP, including the Windows 7 action center, a revamped Windows firewall, an improved Windows backup system, improved BitLocker drive encryption and a host of other security improvements. Windows 7 made huge strides on the security front, but will Windows 8 do the same?If there's a security feature that you hope Windows 8 will have, send me your wish list by commenting on this blog post or following me on Twitter.