Windows 8 Survival Guide: OS and Browser Security

Sep 13, 2012


Windows 8 Survival Guide: OS and Browser Security

Windows 8 and Internet Explorer 10 may prove to be Microsoft’s most secure OS and browser to date. The company began repairing its abysmal reputation for security with Windows 7; this latest version takes significant steps to provide a more secure operating environment for PCs and laptops

At the top of the list is enhanced application controls using a program called AppContainer. Microsoft ­borrows a page from the security playbook of mobile operating systems by forcing application developers to complete a manifest that explicitly defines what an application can do. If an application attempts to perform actions outside that manifest, the OS will prevent it. The idea here is to stop an application that gets exploited from being used to conduct malicious activity. For example, if an application attempts to access a file folder on a desktop, but that function was not on the manifest delivered by the developer, the OS will prevent it. Thus, while AppContainer can’t prevent an application from being exploited, it can limit the scope of what the exploit can achieve.

Windows 8 also takes advantage of the 64-bit platform to enforce a technique called Address Space Layer Randomization. Using ASLR, an application’s binary code is loaded into memory randomly before the application is executed. This randomness makes it harder for attackers to write exploits that use parts of an ­application in memory. Without ASLR, binaries tend to be loaded into memory at the same address, making it ­easier for ­exploits to use specific functions. Introduced in Windows 7 as an optional setting, Windows 8 extends ASLR and requires every application to use it.

Microsoft also introduces or enhances other security features, including a more robust anti-malware package that comes standard with the OS, more encryption options and password management tools that encourage users to choose more rigorous passwords. We examine the pros and cons of these key security capabilities. (R5690912)

Survey Name  InformationWeek 2012 Windows 8 Survey

Survey Date  June 2012

Region  North America

Number of Respondents  859

Purpose  To gauge adoption plans for Windows 8 at organizations with 500 or more

Methodology  InformationWeek surveyed 859 business technology decision-makers at North American organizations with 500 or more employees. The survey was conducted online, and respondents were recruited via an email invitation containing an embedded link to the survey. The email invitation was sent to qualified InformationWeek subscribers.

Research Report