Windows 8 Security Stresses Exploit Prevention

  /     /     /  
Publicated : 22/11/2024   Category : security


Windows 8 Security Stresses Exploit Prevention


A look at some of the key security features in the Microsofts new OS



Windows 8 wont be under the Christmas tree for most enterprises this year: Its too new, and Windows 7 remains well-entrenched for now. But with the brand-new Windows 8, Microsoft has continued its strategy of building more security features into the operating system to help deflect attacks.
One key theme in Windows 8 security is repelling exploitation: mainly making sure that when -- thats when, not if -- malware gets in, it cant actually do harm. Thats right in sync with
a growing sense of fatalism among enterprises and security vendors
that has replaced the secure fortress mindset. Its no longer if or when you get hacked, but the assumption that youve already been hacked, with a focus on minimizing the damage.
[The goal is to try to detect an attack as early in its life cycle as possible and to quickly put a stop to any damage, such as extricating the attacker from your data server -- or merely stopping him from exfiltrating sensitive information. See
Damage Mitigation As The New Defense
.]
Windows 8 comes with security features that fit that major shift in security philosophy and approach. Weve made significant investments in Windows 8 to make sure that even if a vulnerability is discovered, the likelihood of a successful attack will have been minimized, if not eliminated, says Stella Chernyak, a member of the Windows 8 team at Microsoft, in a blog post today.
Microsoft
says it focused on three main areas of security
in Windows 8: resisting malware, data encryption, and new authentication.
Security experts applaud Windows 8s new features, but question whether they mean much right now, especially since few organizations are ready to make the jump to Windows 8. The bigger issue is the adoption of Windows 8. Nobody Ive talked to is campaigning to implement it. Windows 7 is stable, and it doesnt have a crazy interface like the new version of Windows, says Andrew Jaquith, CTO of Perimeter E-Security.
Jaquith gives a thumbs-up to the new security features in Windows 8. Still, it remains to be seen whether enterprises that eventually go Windows 8 will adopt the bulk of its security controls, he says.
Heres a look at the three main security disciplines in Windows 8:
1. Malware repellant.
Just like theres no way to stop a determined hacker, theres no way to stop all malware, either. But Microsoft has included the so-called Secure Boot feature, which is based on the new Unified Extensible Firmware Interface (UEFI), which replaces the BIOS.
Secure Boot prevents a computer from booting into an operating system unless the boot-loader code is digitally signed with a certificate derived from a key stored in the UEFI firmware, explains Paul Henry, security and forensic analyst at Lumension Security.
The new Secure Boot feature in Windows 8 is aimed at blocking stealth malware, such as bootkits and rootkits, that can wrest control of the machine, according to Microsoft.
The digital signature provides verification that the boot-loader code, which the UEFI reads from disk into memory, is from a trusted source. This effectively mitigates the risk of a malicious boot-kit from being run on boot to facilitate persistent malware, Henry says.
But given the rash of stolen digital certificates over the past year or so to sign and spread malware, the jury is still out on the ultimate effectiveness of Secure Boot, he says.
Secure Boot combined with running Microsofts AppLocker whitelisting feature and banning side-loading attacks is the best combination to prevent malicious code and apps from infiltrating the machine, Perimeters Jaquith says. Then you would get something very close to what [some] smartphones have [with] app modules that are trusted, and you can trace them back to a known app source. Integrity can be verified through [Secure Boot], he says.
Microsoft also has embedded an updated version of its Windows Defender anti-malware application in Windows 8. Microsoft recommends using just one anti-malware application on the Windows 8 machine, whether its Windows Defender or another product.
Lumensions Henry says Windows Defender has actually fared better than many other AV products in testing. AV Comparatives found that 13 of 17 AV products had equal or inferior heuristics than Windows Defender. Even when adding behavioral protection into the mix, Windows Defender still beat the performance of four of the 17 well-established commercial products tested, Henry says. Even so, it shouldnt be your only defense.
Overall, the new Windows Defender version is more robust than previous versions, says Nick Skrepetos, CTO of consumer software for Support.com.
2. Protecting the data itself.
Encryption traditionally has had its woes: One of the biggest challenges is the sheer amount of time it takes to provision encryption to the device. It can take hours, and in the case of some third-party solutions, it can even block end user productivity while the encryption process is taking place, Microsofts Chernyak says.
Microsoft has beefed up BitLocker and BitLocker to Go, its data encryption features, in Windows 8. The OS offers Data-Only Encryption, where BitLocker encrypts only the sectors on the disk that include data. This trims encryption time down to minutes in many scenarios, according to Microsoft. Theres also a new flavor of a self-encrypting drive feature that works with BitLocker to encrypt data on-the-fly, using hardware-based processing to speed up the process.
BitLocker has a new BitLocker To Go capability that allows the encryption key for BitLocker to be saved in the users SkyDrive Account, Henry notes.
Next Page: New virtual smart card

3. Authenticating and controlling user access.
Windows 8 features Virtual Smart Card, a simplified multifactor authentication feature. Its a software-based technology that can be used in lieu of physical smart cards. It works with existing smart card apps and management products, and doesnt require a physical card reader.
The virtual smart card feature can be used in place of existing smart cards with any application or solution that is smart card compatible -- no server- or application-side changes are required, according to Microsofts technical overview of the feature. The idea is to make smart cards more mainstream and inexpensive to deploy.
Windows 8 also comes with a new access control function called Dynamic Access Control (DAC). Its a rules-based approach that eliminates the static list approach.
Other Goodies
Among some of the other security features in Windows 8 are sandboxing and upgraded versions of Microsofts Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) attack mitigation technologies. The improvements to ASLR and DEP are combined with the new Windows 8 application sandboxing capability that effectively limits the access of a compromised application. This feature means the bad guys will be fighting an uphill battle to deliver effective exploits for Windows 8, Lumensions Henry says.
Meanwhile, security researchers are already hammering away at Windows 8 for bugs. So far, most of the attacks targeting Windows 8 have basically been scams aimed at confusing and duping new Windows 8 users. Support.coms Skrepetos says his team has mostly seen rogue apps trying to mimic the Windows 8 user interface and trying to get victims to click on a link to protect Windows 8 with security applications, for instance.
Windows 8 is still unproven ground. Windows 7 has been around long enough, so theres been more time to [attempt to] exploit it, Skrepetos says.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Windows 8 Security Stresses Exploit Prevention