Sharing of thoughts and information is what blogging is all about. This way we can learn from each other. Post A Comment!These postings are provided "AS IS" with no warranties, and confers no rights. You assume all risk for your use.
Anthony Bartolo Twitter | LinkedIn
Pierre Roman Twitter | LinkedIn
Windows 8 has been since October 30th 2012. And a lot has been said about it. Some may love it as I do, and some may still need another look before being convinced.
One of the many improvements in Windows 8 that has been “baked-in” is definitely the security enhancements. And I’m not talking about the UAC… It’s still in there… But there is so much more that, when all pulled together, makes Windows 8 a very secured, manageable, and flexible platform. This post will look into some of these parts that make the sum a fantastic OS.
Antivirus Comes Preinstalled
In Windows 8, Windows Defender has been upgraded from antispyware to a full-featured antimalware solution. Now, I’m not suggesting that Defender is an enterprise grade Antimalware. I believe that a solution such as System Center End Point Protection has superior reporting and management capabilities.
Defender is mostly targeted for un-managed machines like home PCs. It’s capable of detecting and stopping a wider range of potentially malicious software, including viruses. Windows Defender is primarily intended for unmanaged PCs, more and more people are using their home PCs for work and to connect to the internal network. Therefore, it’s good to know that Windows 8 includes powerful and free anti-malware that is enabled by default
The “SmartScreen Filter” is feature in Internet Explorer that helps detect phishing websites, and can help protect you from downloading or installing malware (malicious software).
It accomplishes that in three ways:
This is also known as UEFI Boot. It’s a modern version of the BIOS that at boot compares the signature of the OS loader and compares it against a list of approved signature stored in the UEFI chip. Because malware Boot loaders are not on the approved list the UEFI process will stop the boot process.
Even with great antimalware, sometimes one will get through… Just think, if one of your friends sends you an email with an attachment. You trust that friend so you don’t think twice about opening the attachment. Boom… You’re infected. On the reboot Windows will realize that it’s been tempered with, and loads a recovery environment to repair itself. That’s trusted Boot. Stephen Rose has a great little video that demonstrate that.
Standard User PIN and Password Change
With Windows 8, users can update their BitLocker PINs and passwords without opening a help desk ticket. Not only will this reduce your support costs, but it could improve your security, too, by enabling users to change their PINs and passwords more often.
Bitlocker is not new but there are improvements. Improvements like Bitlocker Pre-provisioning, Encrypted hard drives, and combined with Windows Server 2012 GPO adds new security scenarios to your environment. Scenarios like denying write access to removable drives not protected by BitLocker to prevent sensitive information to be potentially misplaced or lost.
With Windows 8, you can now turn on BitLocker and the TPM from within the Windows Preinstallation Environment (WinPE) before installing Windows, without any end-user interaction. Because Windows is not installed yet and the drive is nearly empty, enabling BitLocker takes only a few seconds.
Encrypted Hard Drive
BitLocker in Windows 8 supports a new type of hard drive: the Encrypted Hard Drive. When a PC is equipped with an Encrypted Hard Drive, BitLocker offloads the cryptography to the Encrypted Hard Drive’s processor, instantly encrypting the drive and improving desktop performance by decreasing the PC’s processor utilization. Security can be stronger, too, because the drive uses the highly regarded Opal Storage Specification standards. In a nutshell, Windows 8 PCs with an Encrypted Hard Drive can give you the ultimate data security without any performance penalty or management headaches.
AppLocker in Windows 8 gives IT complete control over which desktop and Windows Store apps users can run, and Windows Store apps are even easier to manage than desktop apps.
AppLocker rules for Windows Store apps automatically apply to the app installer and all files included with the app, and you create only simple publisher rules, instead of error-prone hash- or path-based rules. Additionally, a single AppLocker rule can contain rule collections for both desktop apps and packaged apps, making it easy to manage your new packaged apps alongside your existing apps.
You can use AppLocker to reduce the risk of malware by only allowing users to run approved apps. For more information about AppLocker improvements, visit AppLocker Technical Overview.
And so much more…
Windows 8 is truly beautiful, Flexible and the most secure Windows version ever. In combination with group policies in Windows Server 2012 you can control and secure your environments. So download the Windows Server 2012 evaluation, the Windows 8 enterprise evaluation and test it for yourself. You’ll see… It’s worth the look.
Pierre Roman, MCITP, ITIL | IT Pro Advisor Twitter | Facebook | LinkedIn