SecureState Blog

Read SecureState's award winning blog.

Windows 8 is here, and after a quick look under the hood, I’m impressed.  Microsoft has expanded the support for embedded hardware security, bundled an entire security suite into the operating system, enabled authentication schemes, and introduced the highly debated Secure Boot and signed applications.  Not all enterprises however, are ready to adopt a brand new operating system; in fact SecureState still discovers Windows XP and Windows Server 2000 throughout many client networks.  Most enterprises won’t look to implement Windows 8 right away, as many are still in the process of converting from Windows XP to Windows 7.  There are reasons, however, as to why your enterprise should.

 

 How Windows 8 Affects the Enterprise

Microsoft built Windows 8 with several innovations that are specifically aimed at enterprises.  After reviewing the several additions of layered security that Microsoft has added, it is clear that Microsoft has made an effort to ensure that this is the most secure iteration of Windows produced.  Below, SecureState has provided a list of the top new features that will affect Enterprises:

  • Antivirus
  • SmartScreen
  • Picture Password
  • AppContainer
  • Secure Boot

 Antivirus Improvements

Microsoft has retooled Microsoft Security Essentials and enabled it by default for Windows 8 users.  This means that corporations or users who do not implement an antivirus solution will have something in place ready to go on startup.  For enterprises, it should be noted that while Windows Defender cannot be uninstalled, it can be disabled to install a separate security product such as Symantec, Trend Micro, or Sophos.  Regardless of which security product is used, Microsoft has refined the loading process (Early Launch Anti-Malware) so that security software is initiated first.  This process ensures that the first software driver loaded into Windows 8 belongs to the user’s antivirus software.  Typical malware will attempt to load into memory before the operating system and antivirus, ensuring that the detection and removal of the malicious software is difficult.

 SmartScreen

SmartScreen is an addition to Windows 8 that implements a rating system when a user downloads a file.  The SmartScreen will check to see if other users have downloaded the same file and if they have rated it good or bad.  When users attempt to download a file that has a low rating, SmartScreen will display an error message that states “Windows SmartScreen prevented an unrecognized program from starting.  Running this program might put your PC at risk.”  While this will not completely protect users, it will provide more feedback and awareness to what is being executed on the system.SettingsPicture Password

Picture Passwords is a new password implementation that allows a user to rely on a picture instead of alphanumeric characters for passwords.  When this feature is used the user will select a photo from the system’s image library and then define three gestures on the photo using any combination of circles, straight lines, and taps.  This feature is mainly a tablet feature but it can be used to give companies an alternate security option besides just passwords for logins.  The most common way SecureState breaks into companies from an external perspective is weak passwords.  This option gives users a unique way to log in and not specifically rely on a standard easily guessed password.

AppContainer

One of the better features implemented into Windows 8 is the AppContainer.  The AppContainer acts as a sandbox environment where Windows 8 Applications reside.  Sandboxing means that an application will only be able to read and write to the private space that the application is allowed.  If the application needs access to anything outside of its area (a network share, etc…) an exception will need to be granted for the application.  This is defined by incorporating integrities (Low, Medium, High).  AppContainer will block an application or program from reading and writing to objects marked with a higher integrity level.

 Secure Boot

Secure Boot was one of the more publicized features, as a user would have to manually disable Secure Boot to install a non-Windows operating system on Windows 8 hardware.  Microsoft designed Secure Boot to help protect systems from low-level exploits such as rootkits and bootloaders.  This security process between the operating system and Unified Extensible Firmware Interface (Microsoft’s replacement for BIOS), requires all applications running during the booting process to have a valid pre-signed digital certificate.  By having these certificates in place, Windows 8 is able to verify that the files have not been tampered with.  If a change has been made, and a program such as a bootloader attempts to load during the boot-up process, Secure Boot will undo all changes and boot as normal.

These are a few of the changes Microsoft has developed and implemented for Windows 8.  Overall there have been a lot of improvements that specifically focus on security.  The operating systems is relatively new, so SecureState is still testing features and the Research and Innovation Team is investigating new capabilities and working with SecureState’s Profiling Team to develop new attacks.