Windows 8 Comes with Security Improvements to Protect You From Malware

Recently we posted a detailed review of Windows 8 in which we told you about new SmartScreen feature found in Windows 8 Explorer:

[Windows 8 Review] What’s New in Windows 8?

Today Microsoft has made another post at Building Windows 8 blog which details lots of security improvements in Windows 8.

According to Microsoft, Windows 8 will better protect you against the constantly changing landscape of malicious software (“malware”) with the help of enhancements to mitigation features that help protect you against exploits used by malware, improvements to Windows Defender to provide you with real-time protection from all categories of malware, and the use of URL and application reputation to help protect you against social engineering attacks.

Microsoft uses the Security Development Lifecycle (SDL) to build Windows with the best security design, development and testing practices available. Some highlights include:

• Threat modeling and security design reviews. During the design process we consider how criminals might seek to attack features and scenarios, and incorporate this analysis into our designs.
• Writing secure code. Training and code quality tools help to prevent common coding issues from entering the Windows source code.
• Penetration testing. Security engineers take an attacker’s perspective when reviewing a completed set of features that make up a scenario.
• Security code reviews. Security engineers provide additional security-oriented code reviews for highly sensitive components.
• Security tools. Tools continuously updated with the latest state of the art in finding and exploiting software provide a scalable solution to improve existing code.

Windows 8 includes mitigation enhancements that further reduce the likelihood of common attacks. Some of these improvements include:

• Address Space Layout Randomization (ASLR). ASLR was first introduced in Windows Vista and works by randomly shuffling the location of most code and data in memory to block assumptions that the code and data are at same address on all PCs. In Windows 8, Microsoft extended ASLR’s protection to more parts of Windows and introduced enhancements such as increased randomization that will break many known techniques for circumventing ASLR.
• Windows kernel. In Windows 8, Microsoft brings many of the mitigations to the Windows kernel that previously only applied to user-mode applications. These will help improve protection against some of the most common type of threats. For example, Microsoft now prevents user-mode processes from allocating the low 64K of process memory, which prevents a whole class of kernel-mode NULL dereference vulnerabilities from being exploited. Microsoft also added integrity checks to the kernel pool memory allocator to mitigate kernel pool corruption attacks.
• Windows heap. Applications get dynamically allocated memory from the Windows user-mode heap. Major redesign of the Windows 8 heap adds significant protection in the form of new integrity checks to help defend against many exploit techniques. In addition, the Windows heap now randomizes the order of allocations so that exploits cannot depend on the predictable placement of objects—the same principle that makes ASLR successful. Microsoft also added guard pages to certain types of heap allocations, which helps prevent exploits that rely on overrunning the heap.
• Internet Explorer. For Windows 8, Microsoft implemented guards in Internet Explorer to prevent an attacker from crafting an invalid virtual function table, making these attacks more difficult. Internet Explorer will also take full advantage of the ASLR improvements provided by Windows 8.

Improved Windows Defender:

Windows 8 will also provide you protection with a significantly improved version of Windows Defender. The improvements to Windows Defender will help protect you from all types of malware, including viruses, worms, bots and rootkits by using the complete set of malware signatures from the Microsoft Malware Protection Center, which Windows Update will deliver regularly along with the latest Microsoft antimalware engine. This expanded set of signatures is a significant improvement over previous versions, which only included signatures for spyware, adware, and potentially unwanted software.

In addition, Windows Defender will now provide you with real-time detection and protection from malware threats using a file system filter, and will interface with Windows secured boot, another new Window 8 protection feature.

Windows Secured Boot:

When you use a PC that supports UEFI-based Secure Boot, Windows secured boot will help ensure that all firmware and firmware updates are secure, and that the entire Windows boot path up to the antimalware driver has not been tampered with. It does this by loading only properly signed and validated code in the boot path. This helps ensure that malicious code can’t load during boot or resume, and helps to protect you against boot sector and boot loader viruses, as well as bootkit and rootkit malware that try to load as drivers.

These improvements benefit energy efficiency, meaning Windows Defender consumes less power, and gives you longer battery life.

Microsoft SmartScreen for Windows:

Windows 8 will help protect you with reputation-based technologies when launching applications as well as browsing with Internet Explorer. In Windows 8, SmartScreen will notify you when you run an application that has not yet established a reputation and therefore is a higher risk.