[+] Wayc0de's Blog[+]


Windows 8 security: Stronger but gentler

Microsoft's next operating system incorporates more security than Windows Vista, with fewer annoying upfront notifications

The Metro GUI is the most visible representation of Microsoft's coming operating system. While the release of the tentatively named Windows 8 is still a year away, the company has not been shy about putting the multicolor tiled interface front and center.

Windows 8's security improvements will be much less visible, and that's just the way Microsoft wants it. The company has added a number of protection features to Windows 8 to better protect the system, all the while making the security less intrusive by limiting the number of notifications a user may receive.

For example, the company's SmartScreen technology for detecting potentially malicious sites -- introduced with Internet Explorer 8 -- will be built right into the OS to allow any file downloaded to a Windows 8 computer to be checked out by the system, yet the protection should not alert the average user more than twice a year, Microsoft says.

The higher signal-to-noise ratio will likely make users pay more attention to the truly dangerous incidents, Steven Sinofsky, president of Microsoft's Windows and Windows Live division, writes in a blog post on Microsoft's Developer Network.
"When they do see (a notice), it will signify a higher risk scenario," he says in a description of the feature.

Using its telemetry data, Microsoft has found that 95 percent of Internet Explorer 9 users do not run malicious software when they receive a SmartScreen warning. Once a user receives a SmartScreen warning, their chance of getting malware if they run the suspect program varies from 25 to 70 percent, according to Microsoft. Some 92 percent of applications downloaded by users already have an established reputation, so SmartScreen does not issue a notification.

Allowing SmartScreen to check applications downloaded by other browsers and applications is not the only feature Microsoft has added. Here are the ones currently announced.

Improving Windows Defender

Microsoft noticed a disturbing trend among Windows 7 users: While almost all users had antivirus protection following the purchase of Windows 7 -- due, most likely, to trial subscriptions shipped with new PCs -- almost a quarter of them let those subscriptions lapse in the ensuing months.

The company plans to make Windows Defender a baseline security solution, which will block all commonly used malware, worms, Trojan horses, and other attacks. Microsoft plans to use a file system filter to better protect critical files.

Making Windows 8 harder to exploit

Like Apple did with its security improvements to Mac OS X Lion, Microsoft plans to harden the operating system to attack. With each release, both Apple and Microsoft have bolstered a key anti-exploit technology known as ASLR (address space layout randomization). Windows 8 is no different: More components of Windows will use ASLR, and the memory randomization will be better.

Microsoft will bring a lot of secuity improvements to the kernel and a dynamically assigned area of memory known as the heap. Finally, the company plans to add defenses to Internet Explorer to eliminate "use-after-free" vulnerabilities, which make up three-quarters of the flaws reported in IE in the past two years. Basically, we can expect Internet Explorer to do a better job of cleaning up after itself and flushing away sensitive data after it has been used.

Supporting UEFI Secure Boot

Finally, Microsoft will use the UEFI (Unified Extensible Firmware Interface) to implement a secured boot process. UEFI Secure Boot allows the firmware to cryptographically verify the integrity of the computer's envrionment, preventing malicious software from executing before the computer boots into the operating system.

Secure Boot uses the Trusted Platform Module, a piece of hardware that has shipped in millions of systems, but largely remains unused. Microsoft had planned a similar feature, dubbed Secure Startup, in Windows Vista in 2005, but faced industry concerns that the company could block the installation of other operating systems on PC hardware.

Hardware OEMs will be required to support the architecture, but otherwise, Microsoft claims it will be vendor neutral. While the company aim is quiet security, expect this feature to create a fairly loud debate.


Tidak ada komentar:

Posting Komentar