Sep 13, 2012
Windows 8 Survival Guide: OS and Browser Security
Windows 8 and Internet Explorer 10 may prove to be Microsoft’s most secure OS and browser to date. The company began repairing its abysmal reputation for security with Windows 7; this latest version takes significant steps to provide a more secure operating environment for PCs and laptops
At the top of the list is enhanced application controls using a program called AppContainer. Microsoft borrows a page from the security playbook of mobile operating systems by forcing application developers to complete a manifest that explicitly defines what an application can do. If an application attempts to perform actions outside that manifest, the OS will prevent it. The idea here is to stop an application that gets exploited from being used to conduct malicious activity. For example, if an application attempts to access a file folder on a desktop, but that function was not on the manifest delivered by the developer, the OS will prevent it. Thus, while AppContainer can’t prevent an application from being exploited, it can limit the scope of what the exploit can achieve.
Windows 8 also takes advantage of the 64-bit platform to enforce a technique called Address Space Layer Randomization. Using ASLR, an application’s binary code is loaded into memory randomly before the application is executed. This randomness makes it harder for attackers to write exploits that use parts of an application in memory. Without ASLR, binaries tend to be loaded into memory at the same address, making it easier for exploits to use specific functions. Introduced in Windows 7 as an optional setting, Windows 8 extends ASLR and requires every application to use it.
Microsoft also introduces or enhances other security features, including a more robust anti-malware package that comes standard with the OS, more encryption options and password management tools that encourage users to choose more rigorous passwords. We examine the pros and cons of these key security capabilities. (R5690912)
Survey Name InformationWeek 2012 Windows 8 Survey
Survey Date June 2012
Region North America
Number of Respondents 859
Purpose To gauge adoption plans for Windows 8 at organizations with 500 or more
Methodology InformationWeek surveyed 859 business technology decision-makers at North American organizations with 500 or more employees. The survey was conducted online, and respondents were recruited via an email invitation containing an embedded link to the survey. The email invitation was sent to qualified InformationWeek subscribers.