Is Security Better in Windows 8?

Microsoft is receiving wide praise for the security features it has built in the upcoming Windows 8 OS.  Here are some of the major ones.

Windows Defender

Windows Defender has been improved as an antivirus software, replacing and incorporating the best features of Microsoft Security Essentials. Although Microsoft will continue to update the latter for versions of the OS, it will update Defender as well.

Defender will function as a standalone antivirus package, comfortable to the other major antivirus packages and able to protect computers against, viruses, spyware and malware. Users may use other antivirus software that OEMs have installed and will be given short time to do so or activate the powerful  Windows Defender.

BitLocker

Microsoft’s encryption software has proven to be essential for businesses by allowing protection of data from main drives to portable devices. Introduced in Vista, Windows 8 offers several improvements in BitLocker for the user and better and faster deployment in client and server scenarios.

Administrators can now pre-provision BitLocker encryption in drive volumes before the operating system is installed. This saves time from the previously required full-scale application of the program.

The software also has a new feature that allows encryption of only the used part of the drive’s volume. This procedure is especially fitting for new drives. Additionally, a user can now change passwords or initial PINs reducing administrative time. This can also be limited at the Group Policy level.

Secure Boot

In the late 1990s, Intel began working on a programmable shell that could code system protection procedures in the system processor as trusted platform modules (TPM). TPMs mechanisms create digital signing keys that could be fed into the BIOS firmware and recognize only legitimate executables and drivers to run, effectively keeping rootkits outside the booting process.

Intel soon joined an industry consortium that included AMD, ARM and Microsoft to produce Unified Extensible Firmware Interface (UEFI). Essentially, the kernel of the Windows 8 operating system protects and authenticates itself from instructions written in the CPU. The Secure Boot process in this way becomes a Trusted Boot process.

Under Microsoft’s UEFI, each component in the BIOS is digitally signed by the company and verified by a TPM key in the BIOS, allowing the main bus and peripherals to boot up and open the OS. This procedure is nearly ironclad in protecting the booting process from rootkits. As one industry pundit puts it, like Apple, Microsoft has practically married its operating system to its hardware.

UEFI also denies boot entrance of other operating systems such as the various varieties of Linux. These vendors must get digital signature keys, functioning basically as code certificates,that can be mapped in the firmware and authenticated as be part of the secure boot system. Several Linux vendors are in discussion with Microsoft regarding Windows 8 while several antivirus vendors are also adapting their platforms.

Other Features

There are many other features of the full Windows 8 security package.  Metro apps run in low-privilege AppContainers that don’t have deep access to the rest of the machine. This feature is also built in the Internet Explorer 10 browser as the SmartScreen filter improved from Internet Explorer 9. Each tab of the browser runs in a sandbox configuration that doesn’t affect the other tabs. SmartScreen has been proven to outperform other browsers in its ability to block malware.

If Windows 8 becomes corrupt, it can easily restore itself in two ways. Under the Refresh option, factory defaults of the operating system are restored and the user’s personal data are retained. The Reset option, erases all data and Windows 8 is effectively restored. Security is definitely stronger and better in Windows 8.