Feeds

Windows 8

Apple iOS 7 makes some users literally SICK. As in puking, not upset

Excessive zoom and 3D-effect graphics in Apple's latest iOS is leaving some users reaching for the sick bucket

You know who else hates Windows 8? Hackers

Antivirus makers heap praise and scorn on new security features

High performance access to file storage

Microsoft's emphasis on the mobile nature of Windows 8 and its bold touch-friendly user interface may lead some to fear the software giant has taken its foot off the pedal in terms of security.

However there are plenty of changes under the bonnet to merit an examination of the new operating system's defences. Judging by the buzz among security researchers and IT dept bods, the most interesting changes are: the built-in tool Windows Defender now tackles all kinds malware rather than just spyware; the use of digital certificates to ensure the machine doesn't boot up a compromised or tampered Windows installation; and the new Early Launch Anti Malware (ELAM) system that scans the operating system for malware and ensures antivirus software is the first thing to run on a freshly booted computer.

That's according to Aryeh Goretsky, a top brain at security software biz ESET, who wrote up his thoughts in a whitepaper [PDF] titled Windows 8: FUD for thought. He is broadly positive about Windows 8's security improvements.

Most Windows 8 machines will ship with Windows Defender, a rebadged version of Microsoft Security Essentials, included. Goretsky describes it as a good product that offers a "decent level of protection", especially when compared against other free anti-malware programs, if not paid-for products from the likes of, er, ESET. His verdict:

Windows Defender provides a good level of protection, but is mainly targeted at those who are unwilling - or unable - to purchase a commercial anti-malware solution. While any protection is better than none, and Microsoft is to be applauded for including a product of this caliber in Windows 8, Windows Defender should be thought of as the minimum bar for levels of protection and support that computer users should expect from their anti-malware software.

An advantage that Windows Defender has over other free anti-malware programs is that it does not attempt to up-sell the user to a paid-for product and toolbars or banner advertisements, nor does it modify existing search settings.

A big change in lower levels of Windows 8 is the requirement for computer makers to switch from using PC BIOS firmware in their machines and use UEFI firmware instead. UEFI, which powers up the computer and helps the operating system access some of the hardware, isn't particularly contentious, but it does have a feature called Secure Boot that Microsoft has wielded with gusto. Secure Boot prevents a computer from running an operating system unless its boot loader code is digitally signed with a key stored in the UEFI firmware.

Blocking unsigned startup code can effectively prevents malicious software, such as rootkits that spy on users, from hijacking the boot process to ensure it remains hidden from detection. But the technology also makes it difficult for free software enthusiasts to run GNU/Linux and other alternative operating systems on machines certified to run Windows 8.

Red Hat and Ubuntu-maker Canonical Ubuntu have come up with ways to support UEFI's Secure Boot. While Microsoft has said that although the ability turn off Secure Boot must be present in order to pass Windows 8 certification tests, the technology must be enabled by default. Goretsky argues that open-source loyalists critical of Secure Boot should lay off and recognise that the technology is the best available to combat an all-too-real threat. Goretsky, a Microsoft "Most Valuable Professional", wrote:

While it’s too soon to know the long-term effects on security of Microsoft’s Secure Boot requirement, in the short term it greatly reduces the attack surface currently exploited by bootkit forms of rootkit malware on systems using BIOS-based firmware.

It is disappointing that Microsoft’s efforts to repair the hole in the chain of trust of the PC boot process, which has been in existence for two decades, is being met with skepticism and outright hostility at a time when sophisticated attacks are on the increase. We hope that Microsoft and the critics of its stance on UEFI can work out their disagreements so that the security of all operating systems, not just Microsoft Windows, can be enhanced.

Microsoft's stance on Secure Boot has been much debated, but one security feature in Windows 8 that has so far drawn little comment is the Early Launch Anti Malware (ELAM) system. This sits in a software layer just above the secured boot process, and ensures a configured anti-malware product is the first third-party code to run while the operating system is still loading - heading off viruses and other nasties before they can compromise a system.

Goretsky describes it as a potential useful tool against sneaky forms of malware, such as bootkits, that try to hide on infected machines:

While the effectiveness of ELAM is as yet unproven, the concept behind it is fundamentally sound and it should prove to be a major deterrence to boot-time malware. The technology, however, may need to be periodically updated to overcome existing limitations and provide additional functionality. Advanced functionality for memory and disk manipulation would be useful for enhancing the detection and removal capabilities of anti-malware programs.

Combat fraud and increase customer satisfaction

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
New Facebook phone app allows you to stalk your mates
Nearby Friends feature goes live in a few weeks
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.