Windows 8 stresses security from the start
Early detection is at the heart of Windows 8's security improvements.
The launch of Windows 8 could well be remembered as a defining moment for Microsoft, as the operating system promises to revitalize brand appeal and potentially lead the market into the post-PC era. Only time will tell how these storylines play out, but at present, several points are already clear. Most importantly, Windows 8 incorporates a handful of smart security changes that could both strengthen and simplify threat management.
Battling bootkits
Boot level rootkits, or bootkits, have become an increasingly popular and dangerous attack vector in the cybercriminal community. The appeal is obvious, according to CSO Online's Antone Gonsalves, as it allows hackers to get their malware up and running before an operating system – and its associated antivirus programs – are fully loaded. The malevolent strands replace boot code and disable these defenses without the user's knowledge.
This tactic has recently evolved from frustrating to fearsome, according to Gonsalves, as more sophisticated rootkits have been used in targeted attacks such as the theft of defense contractor documents by foreign programmers. To stem the tide, Microsoft has decided to do away with its 30-year-old BIOS firmware and replace it instead with the Unified Extensible Firmware Interface (UEFI) that Apple has been using to great effect in its machines.
UEFI makes it more difficult to load rootkits by requiring signed certificates for all initial boot up coding.
"Nearly all security products lack the ability to peer below the operating system to detect malware," computer forensics expert Paul Henry told CSO Online. "Perhaps these new capabilities from Microsoft in Windows 8 will bring about that much needed capability."
The second early detection feature that has been added to the Windows 8 security arsenal is Early Launch Anti Malware (ELAM). This enables antivirus vendors to run their programs while the operating system is still loading and conduct an initial sweep even sooner. According to Trend Micro threat research manager Jamz Yaneza, each loaded device driver is checked against a whitelist to prevent bootkits from taking hold in their preferred manner. When coupled with UEFI and executed correctly, this could potentially make bootkits a desktop security concern of the past.
Lingering issues
Windows 8 may be a significant step forward, but no system is without its faults. According to TechNewsWorld, backwards compatibility could be both a blessing and a curse for Microsoft users.
The new operating system has garnered praise for its application security, running each program in its own sandboxed environment to stop the spread of potential infections. However, this luxury is only afforded to native Windows 8 apps.
"As good as the Windows 8 interface is from a security standpoint, I don't think more than 1 percent of Windows users will remain exclusively in it," Bitdefender product manager Alex Balan told TechNewsWorld.
As a result, the legacy apps that users load onto their new machines won't be covered by the improved protection. But with the Windows application ecosystem still relatively weak, Microsoft had to leave the door open for these migrations.
The other inconvenient truth is that cybersecurity will always be a moving target, and it is only a matter of time before hackers discover a new competitive advantage.
"These bad guys are bent on circumventing stricter and improved solutions," Yaneza wrote. "After all, security is an ongoing rat race – as long as there is money and information be be gained and sold, issues are likely to surface."
As Gonsalves noted, even traditional phishing attacks have been difficult to contain and control. And in the absence of features comparable to Mac OS X's Gatekeeper, a Microsoft user could still be baited into being the unwitting accomplice to their machine's demise.
Security News from SimplySecurity.com by Trend Micro
Spotlight
Cloud Computing
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
- Desktop virtualization can enhance security performance
- Cybersecurity cooperation becoming military necessity
Virtualization
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Internet Safety
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Vulnerabilities & Exploits
CTO Insights
First Line of Defense
Newsletter
Stay up to date with the latest news and information on online threats.
Recent News
- FBI trying to train financial execs on cyber threats
- Wall Street has data security concerns over Bloomberg reporting
- Security in backups means more than just encryption
- Employees must buy into the company policy for better cloud security
Tag Cloud
cloud cloud computing cloud computing security Cloud Security Compliance & Regulations Consumerization Current News cybercrime Data Privacy data security Encryption Government Policy Internet Protection Internet Safety Internet Safety - DO NOT USE Internet Security Malware Mobile Security Mobility Policy Policy - DO NOT USE Privacy Privacy & Policy Private Cloud Public Cloud Reports Research Spotlight threat intelligence threat research Trend Labs Underground Economy virtualization Vulnerabilities Vulnerabilities - DO NOT USE web security web threats
Comments
No comments yet