Windows 8 Gets Security Overhaul

Microsoft will include a beefed up version of Windows Defender in its next OS. That could be bad news for Symantec and McAfee.
Windows 8 Visual Tour: Microsoft's New Desktop
Windows 8 Visual Tour: Microsoft's New Desktop
(click image for larger view and for slideshow)
Microsoft is giving its Windows franchise a security upgrade with the forthcoming Windows 8, a move that could edge out third-party antivirus and malware protection providers and allow Redmond to keep a bigger chunk of the $16.5 billion security software industry to itself.

"Criminal attacks continue to evolve and malware has become their standard weapon against anyone who uses the Internet--on traditional form-factor devices, as well as on mobile devices like tablets and phones," said Jason Garms, a security manager in Microsoft's Windows group. "Malware targets all operating systems and browsers, and in recent years, criminal attacks against applications have increased substantially."

To keep up with the threat, Microsoft is boosting OS-level security as well as the capabilities of Windows Defender, an add-on that's designed to protect host PCs from spyware and malware. Windows 8, which features a fully revamped user interface, will include an enhanced set of what Microsoft calls "mitigations"--a set of features built to disrupt or disable malicious code.

[Is Windows 8 Microsoft's last chance? See Windows 8 Could Make Or Break Microsoft].

One such mitigation, Address Space Layout Randomization (ASLR), shuffles the location of code and data on the user's hard drive in order to frustrate hackers' assumptions about where the information is located. In Windows 8, ASLR has been improved with increased randomization "that will break many known techniques for circumventing ASLR," said Garms, in a blog post.

Similarly, the Windows 8 heap (continuous bits of memory) has also been randomized to defend against attacks that target the heap, and guard pages have been added to counter hacks that attempt to exploit heap overflows.

Also, the Windows kernel itself will also be protected with a number of mitigations. For instance, user-mode processes have been tweaked so that the low 64K of process memory cannot be allocated, which helps protect against a number of kernel-mode vulnerabilities.

Microsoft has also beefed up security in Internet Explorer. Explorer 10, which is designed to work with Windows 8, will feature a number of new built-in countermeasures. Guards have been implemented to defend against "use after free" memory vulnerabilities which, according to Microsoft, accounted for 75% of all Explorer vulnerabilities reported in the past two years.

Windows Defender, meanwhile, is getting an overhaul that's intended to make it an effective tool against a full range of threats, including viruses, worms, bots, and rootkits. To accomplish this, Microsoft is revamping Defender so it can use the full set of malware signatures from the Microsoft Malware Protection Center. Previous versions only included the signatures for spyware and adware. "If you don't have another solution installed, Windows 8 will provide you protection with a significantly improved version of Windows Defender," said Garms.

While that may be good news for PC users, it could make life more difficult for third-party antivirus software makers such as Symantec and McAfee. Both vendors have profited from the fact that Windows' built-in security features, at least in the past, have been somewhat lacking. Garms, however, said Microsoft has no plans to shut out third-party security software. "We're continuing to work with antimalware partners during the Windows 8 development process," he said.

In the new, all-digital issue of Network Computing: Microsoft and Citrix are closing the gap with VMware. Before you roll out the latest edition of vSphere, reconsider your virtualization platform. Download the issue now. (Free registration required.)

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing