Saturday, June 30, 2012

Windows 8 and Malware Protection

Microsoft's newest upcoming operating system, Windows 8, is said to contain more security features, making it harder for malware to infect the system, says these reports (1) (2).

For instance, one difference between Windows 7 and 8 is including more exploit-mitigation technologies. In that regard, two programs, the Windows Heap Manager and Windows Kernel Pool Allocator will make it far harder for attackers to exploit buffer-overflow vulnerabilities.

A sandbox

There will be a 'security sandbox' for Windows 8. This more restrictive security sandbox will contain the new Windows 8 Apps. This is a mechanism to prevent programs from performing disruptive actions.

App Container
The new App Container provides the operating system with a way to make more fine-grained decisions on what actions certain applications can perform. All apps run with extremely low privileges and have limited access to resources.

Measured Boot

There will be a measured boot. In Windows 8, Microsoft will put in a new boot process signature whereby there is a signature of the entire boot process and stored in the TPM chip in order to prevent malware from infecting the system.

Windows Defender

An update to Windows Defender will be in Windows 8. Instead of it being a spyware/adware program, it is a full-blown anti virus. The interface is questionable, it looks just like Microsoft Security Essentials on Windows XP, Vista, and 7.

Internet Explorer 10

The new version of IE 10 will be put into Windows 8. All tabs and IE processes are isolated from one another. Something in tab 1 couldn’t tamper with tab 2 or capture any of the data.

While these security features do sound good, we won't know how good they are until Windows 8 is under the wrath of malware authors.

Source: Everything-Microsoft

No comments:

Post a Comment

Note: This is Blogger's comment system. This system is a backup for when Disqus can't be reached by your computer, such as when your network blocks connections to The comment policy still applies regardless.