Software // Operating Systems
Commentary
10/24/2012
01:23 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Windows 8: A Win For Enterprise Security

Windows 8 makes securing enterprise PCs and tablets easier--and shows that the future of enterprise Windows security is proper control of applications.

For years, the Windows platform has built an amazing security feature into the core of the operating system, one that has been both a bane and benefit to security professionals everywhere, Group Policy. The newest edition of Windows extends these capabilities, while also providing new enhancements to address the biggest threat in the enterprise: the browser. These features make Windows 8 a no-brainer upgrade for the enterprise.

Microsoft's App Mindset

The most significant change in Windows 8 security is not so much the actual features, but Microsoft's architecture and mindset. Windows 8's new security paradigms focus on the apps. Everything--the new AppContainer, Advanced ASLR, and even the Windows Store--indicates that the future of Windows security for the enterprise is about properly controlling applications.

This security mindshift is critical to the future of security professionals tasked with budget-friendly enterprise security. The growth of BYOD has many organizations rethinking how employees access corporate data. Microsoft's focus on application security within Windows 8 and Windows 2012 is a massive step forward in centralizing management of application security settings for enterprises (without having to purchase an additional product) under the familiar Group Policy interface. Oh, and the Surface tablet supports these features, too, so the new tablet, from day one, has centralized security and management capabilities.

[ For a deeper dive into Win8 security, see Want Better Security? Get Windows 8. ]

Picture Passwords

There are some other new security features that have both utility and a cool factor for everyday users of Windows 8. A feature called Picture Password, which is similar to the Android Password Lock Pattern screen, where the user connects a set of dots with a finger, instead of typing in a password, is bundled with Windows 8. With Picture Password, the user draws a pattern made up of three gestures on a picture or photo that he or she provides. The gestures use points, lines, and circles. For example, you could choose a picture of your kids and draw a smiley face on your youngest child's face. Whenever you want to log in to your Windows 8 device, you simply draw the same smiley face on the proper child and you are logged in.

While this is mostly targeted as a tablet feature for consumers, it can also be used on PCs with a mouse, which gives companies a security option besides passwords for logins. The problem is that, according to our Windows 8 security survey, 21% of respondents with Windows 8 migration plans say they won't use Picture Password. Another 56% say maybe, but they will investigate its security first. We think it isn't ready for primetime yet, but is very promising.

Internet Explorer Enhanced Security

Five or six years ago, the operating system itself was most targeted by attackers, but now it's the browser. Drive-by downloads, malicious websites, etc., are the fastest-growing security vector and one that most security professionals deal with every day. Microsoft has listened and improved the Internet Explorer security model, too.

IE10 also has a much more aggressive application permission configuration. Named AppContainer, this operating system enhancement gives developers the ability to apply finely grained application access control. This feature can outright prevent Web-based exploits, or at least limit the extent of an exploit.

AppContainer is similar to application sandboxing on mobile operating systems such as iOS and Android. Under AppContainer, a developer must produce a manifest file that is linked directly to the application. This manifest file defines what the application can and cannot do. For instance, a developer might indicate on a manifest that an application can initiate outbound connections to the Internet, but cannot receive an incoming connection. If that application is subsequently exploited, and the exploit instructs the application to open a port for an inbound communication, the Windows 8 kernel will prevent the port from opening, thus limiting the potential damage that an exploit can inflict.

These new browser improvements don't come cheap. You'll need all of your systems to run the 64-bit version of Windows 8, as all of the features within IE10's new security model (named Enhanced Protection Mode) only work on 64-bit architectures for Windows 8. Microsoft has not provided guidance on whether it will back-port these features to IE10 on Windows 7 64-bit.

The Bottom Line

Microsoft has made some significant investments in security for Windows 8 that are applicable to desktops, tablets, and servers. While they are not revolutionary steps, and build on what Microsoft started with Windows 7, they are significant and can reduce risks for companies. Additionally, they don't incur additional costs (beyond the Windows 8 upgrade) and integrate with the existing Group Policy frameworks used by security professionals everywhere.

Our take: Don't simply ignore Windows 8 because of the odd new interface. It is worth your time to look under the hood and see how these new security features can help your company.

Upgrading isn't the easy decision that Win 7 was. We take a close look at Server 2012, changes to mobility and security, and more in the new Here Comes Windows 8 issue of InformationWeek. Also in this issue: Why you should have the difficult conversations about the value of OS and PC upgrades before discussing Windows 8. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Oscar23
50%
50%
Oscar23,
User Rank: Apprentice
12/18/2012 | 7:43:56 AM
re: Windows 8: A Win For Enterprise Security
Computer's security is always our care, especially enterprises. Though Windows 8 have improved in its security. Maybe danger always exist. No matter which system you choose, I think password can be not the problem. There are too many ways can be used to unlock your computer. Anmosoft Windows Password Reset can be a choice. So I think Windows Password can be not the reason that you do not choose Windows 8
fmarshsy2
50%
50%
fmarshsy2,
User Rank: Apprentice
10/31/2012 | 10:34:13 AM
re: Windows 8: A Win For Enterprise Security
Improvements to security of software are to be welcomed, particularly from Microsoft as a somewhat significant player. We just need to remember that security needs to be done with a holistic approach to securing those things that are important. What's important depends on your point of view, and that makes the whole subject so interesting - its not just the techie stuff we need to get right but the processes and people aspects.
Michael A. Davis
50%
50%
Michael A. Davis,
User Rank: Apprentice
10/29/2012 | 6:42:13 PM
re: Windows 8: A Win For Enterprise Security
That is java being exploited, not windows 8.
JPolk
50%
50%
JPolk,
User Rank: Apprentice
10/26/2012 | 1:45:29 PM
re: Windows 8: A Win For Enterprise Security
Unfortunately, enterprise users will probably never see Windows 8 at work. With many companies still on Xp and only beginning to migrate to 7 and the steep learning curve for Windows 8 you'll probably see some other version come to light. All of the security enhancements are hidden under what will be perceived as a carnival atmosphere and that is what is going to keep Windows 8 off the company desk.
crushkittykitty
50%
50%
crushkittykitty,
User Rank: Apprentice
10/26/2012 | 1:36:07 PM
re: Windows 8: A Win For Enterprise Security
unless you take the human factor out windows 8 is now more secure then windows 7 or even xp here is a windows 8 being exploited https://www.youtube.com/watch?...
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Nov. 10, 2014
Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.