Windows 8: 4 Smart Security Improvements

Will Windows 8 be more secure and harder to exploit than previous Microsoft operating systems?

Microsoft is now making several last-minute touch ups to the operating system, which is set to launch Oct. 26, and which has been previewed as the most substantial overhaul of Windows since the debut of Windows 95.

But does the Windows overhaul extend to the operating system's information security performance, and will Windows 8 be harder for attackers to exploit?

[ Get expert guidance on Microsoft Windows 8. InformationWeek's Windows 8 Super Guide rounds up the key news, analysis, and reviews that you need. ]

According to Aryeh Goretsky, a researcher at security firm ESET, "after reviewing the layers of technologies used by Microsoft to protect Windows 8, it is our opinion that it is the most secure version of Microsoft Windows to date." That analysis comes by way of a new Windows 8 security white paper from ESET, authored by Goretsky. While his analysis doesn't review every new Windows 8 security feature--such as AppContainer, for application sandboxing--it highlights what he sees as the operating system's four biggest security improvements:

1. Antivirus Now Active by Default

In clean installs of Windows 8, the free Microsoft antivirus and anti-malware product Windows Defender will be active by default. The "clean installs" caveat, however, refers to PC manufacturers and distributors being allowed to instead install trial versions of their own antivirus and anti-malware software.

"Windows Defender provides a good level of protection, but is mainly targeted at those who are unwilling--or unable--to purchase a commercial anti-malware solution," said Goretsky. While he categorized the software as being effective (though a "minimum bar for levels of protection") he also lauded it for not being nagware. That means it does not "attempt to upsell the user to a paid-for product and toolbars or banner advertisements, nor does it modify existing search settings." That makes it less likely that users might seek to disable the software.

2. Windows Rewrites Target Bootkit Malware

Windows 8 will include new tools for blocking not only rootkits, but also bootkits, which are able to replace boot loaders, thus making the malware active almost once a PC starts up, and very difficult to detect or eradicate.

But Goretsky warned that some legacy Microsoft code won't enjoy the better rootkit protection. "Some of these changes made to operating systems to combat rootkits ... are only available in the 64-bit editions of Microsoft Windows due to support issues: there remains a large base of 32-bit programs which rely, for compatibility reasons, on some insecure functions inherited from earlier Windows versions," he said.

3. BIOS Firmware Gets UEFI Replacement

The BIOS firmware code that becomes active as soon as a PC powers on has also been replaced in Windows 8 by the Unified Extensible Firmware Interface (UEFI). The move has drawn fire from Linux advocates, who fear that Windows 8-compatible machines might be blocked from starting up to Linux, since one feature of UEFI is Secure Boot, which requires that an operating system be digitally signed before the PC will allow it to load.

"What Microsoft has done is place a requirement in the Windows 8 logo tests that computers shipping with a 64-bit version of Windows 8 (which will be most desktop and notebook computers) ship with Secure Boot enabled in their UEFI firmware by the manufacturer," said Goretsky. However, he continued, "The same requirements state that the user must be able to disable this feature." While that will add an extra step for anyone who wants to replace Windows 8, on Windows 8-certified hardware, with another operating system, it means that the Secure Boot will be active by default for everyone else.

As a result, the feature should "greatly [reduce] the attack surface currently exploited by bootkit forms of rootkit malware on systems using BIOS-based firmware," said Goretsky, who also noted that after two decades, BIOS is overdue for a replacement.

4. Anti-Malware Launches Early

Another security improvement in Windows 8 is the Early Launch Anti Malware (ELAM) feature, which allows security software--not just from Microsoft--to be first in line once a PC starts up and begins loading applications. "ELAM is important because, like UEFI's Secure Boot, it vastly improves the security of the computer at an early stage," said Goretsky. "While the effectiveness of ELAM is as yet unproven, the concept behind it is fundamentally sound, and it should prove to be a major deterrence to boot-time malware."

But don't be surprised, he warned, if Microsoft tweaks ELAM--or any of the other new features--after Windows 8 debuts and developers see if the previewed security improvements actually perform as intended.

Upgrading isn't the easy decision that Win 7 was. We take a close look at Server 2012, changes to mobility and security, and more in the new Here Comes Windows 8 issue of InformationWeek. Also in this issue: Why you should have the difficult conversations about the value of OS and PC upgrades before discussing Windows 8. (Free registration required.)