Hello folks,

Windows 8 has been since October 30th 2012. And a lot has been said about it. Some may love it as I do, and some may still need another look before being convinced.

One of the many improvements in Windows 8 that has been “baked-in” is definitely the security enhancements. And I’m not talking about the UAC… It’s still in there… But there is so much more that, when all pulled together, makes Windows 8 a very secured, manageable, and flexible platform. This post will look into some of these parts that make the sum a fantastic OS.

UAC_thumb[1]

Antivirus Comes Preinstalled

In Windows 8, Windows Defender has been upgraded from antispyware to a full-featured antimalware solution. Now, I’m not suggesting that Defender is an enterprise grade Antimalware. I believe that a solution such as System Center End Point Protection has superior reporting and management capabilities.

Defender is mostly targeted for un-managed machines like home PCs. It’s capable of detecting and stopping a wider range of potentially malicious software, including viruses. Windows Defender is primarily intended for unmanaged PCs, more and more people are using their home PCs for work and to connect to the internal network. Therefore, it’s good to know that Windows 8 includes powerful and free anti-malware that is enabled by default

defender_thumb[2]

SmartScreen Filter

Smartscreen_thumb[1]

The “SmartScreen Filter” is feature in Internet Explorer that helps detect phishing websites, and can help protect you from downloading or installing malware (malicious software).

It accomplishes that in three ways:

    • As you browse the web, it analyses webpages and determines if they have any characteristics that might be suspicious. If it finds suspicious webpages, SmartScreen will display a message giving you an opportunity to provide feedback and advising you to proceed with caution.
    • SmartScreen Filter checks the sites you visit against a dynamic list of reported phishing sites and malicious software sites. If it finds a match, SmartScreen Filter will show you a warning notifying you that the site has been blocked for your safety.
    • SmartScreen Filter checks files that you download from the web against a list of reported malicious software sites and programs known to be unsafe. If it finds a match, SmartScreen Filter will warn you that the download has been blocked for your safety. SmartScreen Filter also checks the files that you download against a list of files that are well known and downloaded by many Internet Explorer users. If the file that you're downloading isn't on that list, SmartScreen Filter will warn you

Secure Boot

This is also known as UEFI Boot. It’s a modern version of the BIOS that at boot compares the signature of the OS loader and compares it against a list of approved signature stored in the UEFI chip. Because malware Boot loaders are not on the approved list the UEFI process will stop the boot process.

Even with great antimalware, sometimes one will get through… Just think, if one of your friends sends you an email with an attachment. You trust that friend so you don’t think twice about opening the attachment. Boom… You’re infected. On the reboot Windows will realize that it’s been tempered with, and loads a recovery environment to repair itself. That’s trusted Boot. Stephen Rose has a great little video that demonstrate that.

Standard User PIN and Password Change

With Windows 8, users can update their BitLocker PINs and passwords without opening a help desk ticket. Not only will this reduce your support costs, but it could improve your security, too, by enabling users to change their PINs and passwords more often.

BitLocker

Bitlocker is not new but there are improvements. Improvements like Bitlocker Pre-provisioning, Encrypted hard drives, and combined with Windows Server 2012 GPO adds new security scenarios to your environment. Scenarios like denying write access to removable drives not protected by BitLocker to prevent sensitive information to be potentially misplaced or lost.

GPO-Bitlocker

 

BitLocker Pre-provisioning

With Windows 8, you can now turn on BitLocker and the TPM from within the Windows Preinstallation Environment (WinPE) before installing Windows, without any end-user interaction. Because Windows is not installed yet and the drive is nearly empty, enabling BitLocker takes only a few seconds.

Encrypted Hard Drive

BitLocker in Windows 8 supports a new type of hard drive: the Encrypted Hard Drive. When a PC is equipped with an Encrypted Hard Drive, BitLocker offloads the cryptography to the Encrypted Hard Drive’s processor, instantly encrypting the drive and improving desktop performance by decreasing the PC’s processor utilization. Security can be stronger, too, because the drive uses the highly regarded Opal Storage Specification standards. In a nutshell, Windows 8 PCs with an Encrypted Hard Drive can give you the ultimate data security without any performance penalty or management headaches.

http://technet.microsoft.com/en-us/library/hh831627.aspx

AppLocker

AppLocker in Windows 8 gives IT complete control over which desktop and Windows Store apps users can run, and Windows Store apps are even easier to manage than desktop apps.

AppLocker rules for Windows Store apps automatically apply to the app installer and all files included with the app, and you create only simple publisher rules, instead of error-prone hash- or path-based rules. Additionally, a single AppLocker rule can contain rule collections for both desktop apps and packaged apps, making it easy to manage your new packaged apps alongside your existing apps.

You can use AppLocker to reduce the risk of malware by only allowing users to run approved apps. For more information about AppLocker improvements, visit AppLocker Technical Overview.

http://technet.microsoft.com/en-us/library/hh831409.aspx

GPO-applocker_thumb[2]

And so much more…

    • Security Auditing
    • Security Policy Settings
    • Smart Cards
    • Software Restriction Policies
    • Trusted Platform Module
    • Access Control and Authorization    
    • Credential Locker

http://technet.microsoft.com/en-us/library/hh832031.aspx

Windows 8 is truly beautiful, Flexible and the most secure Windows version ever. In combination with group policies in Windows Server 2012 you can control and secure your environments. So download the Windows Server 2012 evaluation, the Windows 8 enterprise evaluation and test it for yourself. You’ll see… It’s worth the look.

Cheers!

Signature_thumb[1]

Pierre Roman, MCITP, ITIL | IT Pro Advisor
Twitter | Facebook | LinkedIn