Neil MacDonaldI’ve been out the past two weeks visiting with clients and have been meaning to summarize my impression of the upcoming Windows 8 (expected mid 2012) from a security point of view. I attended Microsoft’s recent BUILD conference for developers where Windows 8 made its first official appearance. You can see my real-time tweets and observations from the conference on twitter under @nmacdona.
Like Windows 7, Windows 8 will continue to raise the bar in terms of security capabilities of the base OS. Here’s a list I compiled of the new capabilities:
- Antimalware protection built into the OS – basically Microsoft’ Security Essentials (beyond just Windows Defender included with Windows 7)
- Earlier loading of security protection in the boot process to thwart rootkits and other boot-level malware
- File reputation services (SmartScreen) – was included with IE9, now expanded to protect the entire OS.
- Root of trust measurements of the OS based on UEFI – if we need this for hypervisors, why not all OSs? Microsoft has had something similar with BitLocker using TXT and has now extended this to all versions.
- Windows Refresh – to restore Windows back to a known good state, while preserving end user personalization, enabling Systematic Workload Reprovisioning.
- Windows now supports boot from USB – quite useful in specific scenarios. Combined with BitLocker and root of trust measurements, this becomes a way to place an unknown terminal device into a high assurance state.
For the new “Metro Style” side of Windows 8 (the WinRT side), it is clear that the security model of Apple and the iPhone/iPad has had an impact:
- Reduced rights and strengthening of mandatory integrity controls of the OS.
- Metro-style applications can only be delivered through the Microsoft application store which now includes security testing (a form of implicit whitelisting).
- Sensitive API access is proxied through a security policy enforcement mechanism which validates the application’s right to use them
- “Picture Password” as a touch-native way of authenticating yourself to Windows 8
Overall, Windows 8 provides evolutionary – not revolutionary — improvement in security capabilities and raise the bar in terms of what an OS should deliver in terms of security protection.
Category: Beyond Anti-Virus Information Security Microsoft Security Windows 7 Tags: Apple, Beyond Anti-Virus, Defense-in-Depth, Information Security, Microsoft, Microsoft Security, Whitelisting, Windows
1 response so far ↓
1 bluestar September 29, 2011 at 1:39 pm
Windows 8 ARM support: A blow for Intel http://morldtechgossips.blogspot.com/2011/09/windows-8-arm-support-blow-for-intel.html