Feeds

Windows 8 to ship with built-in malware protection

'Tons of security features' added

Seven Steps to Software Security

Microsoft's next version of Windows will ship with "tons of security features," including one that automatically scans boot drives for malware and a revamped version of the Windows Defender antivirus program, company executives said.

At the company's BUILD conference in Anaheim, California on Tuesday, Corporate Vice President of Windows Planning and Ecosystem Michael Angiulo demonstrated an early version of Windows 8 that automatically scanned an infected USB drive used to boot the next generation operating system. Before the OS was able to load, the computer stopped the process and displayed a warning that the boot volume contained an "invalid signature" indicating it had been compromised.

He was able to get the valid version of Windows to load by turning off the system and turning it back on. The presentation starts around the 1:08 mark in the following video:

The technology making this possible is known as UEFI, short for Unified Extensible Firmware Interface. A successor to the BIOS ROM firmware that Microsoft operating systems have relied on since their beginning, UEFI was designed to shorten the time it takes a PC to start up. It was built by Intel, but is designed to work with a variety of CPU architectures.

"It's not just about speed and having a boot that looks better," Angiulo said during Tuesday's keynote, referring to UEFI. "It's about security, too."

Steven Sinofsky, president of Microsoft's Windows and Windows Live division, went on to say that Windows 8 developers "have taken Defender and we've actually built a whole new range of protection, all the way up though antimalware, antivirus." Users are free to run Defender or security software supplied by another company. In all, the new OS will offer "tons of security features," he added.

The company issued a statement Wednesday saying Windows 8 would include "low-level security features such as Secured Boot to help defeat classes of threats, and user facing features including Windows Defender and SmartScreen" spam-filtering. The statement didn't elaborate.

Windows 8 will also offer a new way to log on to PCs equipped with a touchscreen. Sam Bowne, a security instructor at San Francisco City College, provided a screenshot here that describes the feature this way: "You choose the picture – and the gestures you use with it – to create a password that's uniquely yours."

Bowne and his students have been testing the security features in the new Windows beta, and he reported on their progress to The Register.

"There is built in antivirus, and it works!" he wrote "It stopped not only thr EICAR test file, but more than a dozen malware items in Metasploit. So it might be time to sell your Symantec stock." ®

This article was updated to add comment from Bowne.

Mobile application security vulnerability report

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.