July 16, 2013, 12:08 PM — Most of the attention on Windows 8.1 Preview emphasizes the many interface changes and new features. In the background, Windows 8.1 also offers a number of security enhancements that will help keep the new OS in step with changing times--how we browse, how we share data among devices, and which devices we use. The improvements range from better browser security to built-in encryption, to remote wiping of business files. We even tracked down a few sneak-preview screenshots of things that have been announced but aren't part of the Preview release.
IE 11 will have better default security
Windows 8.1 will include Internet Explorer (IE) 11, whose flashiest new feature will be support for multiple windows. The browser's security enhancements should help keep the new experience exciting, but not scary.
The Enhanced Protected Mode (EPM) that was added in IE 10 will now be turned on by default in the old-style desktop application, instead of just the IE app in the newer Windows UI. When turned on, EPM enables a sandbox-like feature called AppContainer, which restricts IE tabs from accessing sensitive data and system files. Additionally, EPM uses 64-bit tabs, offering more protection against attacks than 32-bit tabs provide.
IE 11 will also let antivirus programs have deeper access to the browser. This will allow binary extensions--like the often exploited ActiveX controls--to be scanned by an antimalware program before they're executed. This could also reduce the chances of malware infection or attack via rogue extensions and toolbars.
By default, Adobe Flash support will be included with IE 11. Adobe Flash updates will now be distributed via the Windows Automatic Updates (or Group Policy on corporate-managed PCs). This could help reduce the chances of exploits via out-of-date Adobe Flash add-ons.
Windows Defender adds network support
Windows Defender, the native antivirus program provided with Windows, will now include network-behavior monitoring. This will make it easier to detect the newer breed of malware that usually can't be detected via traditional means, but rather through noticing anomalous activity on your company's servers. Defender's traditional virus detection capabilities remain, as well.
Device Encryption embraces all Windows versions
Windows 8 RT is better known for what it lacks than for what it features, but one advantage it's had over full-fledged Windows 8 is device encryption. This feature will now be available for all Windows 8.1 users. It will be enabled by default on most newer computers shipping with Windows 8.1, as well as supported devices that are upgraded to Windows 8.1 with a clean install.
The encryption is basically a simplified form of the BitLocker encryption feature found in the Pro, Enterprise, and Ultimate editions of Windows 8 and previous versions of Windows. The full BitLocker feature is still available in the Pro and Enterprise editions of Windows 8.1, giving power users and corporations more management capabilities. For consumers who create and use a Microsoft account to log in to Windows 8.1 (or use a domain account on a corporate network), your entire PC or device will be encrypted.
Fingerprint recognition supported
Windows 8.1 will enhance its biometric support, including native support for fingerprint authentication for laptops and devices with a fingerprint reader. Instead of typing in your password, for instance, a quick touch with your finger could log you in. This biometrics support is reportedly being added throughout and could be used for things like Windows login, User Account Control prompts, Windows Store access, and other features of Windows. And it's likely that we'll see more biometrics support from third-party software vendors as well.
Assigned Access locks device use to a specific app
One brand-new feature introduced in Windows 8.1 is Assigned Access, which will be available in the Pro, Enterprise, and RT editions. It lets you lock down the computer or device for use with a specified app. This feature can help prevent users from accessing other apps or interfaces, making deliberate or accidental changes, and protecting the privacy of other information on the device. You can see how this would be useful in an educational environment--or even for a family with a Surface RT tablet for the kids. A public location, such as a kiosk, is another likely scenario for Assigned Access.
Remote Data Control can protect selected data
In Windows 8.1, Microsoft has enhanced the OS's remote data control capabilities. Businesses will be able to mark certain data on employee computers and devices that should be kept encrypted, and that data can be wiped remotely if the device is lost or the employee leaves the company. This feature will be especially helpful as the BYOD trend grows (personal files on the device aren't affected).
Windows 8.1 expands VPN support
Many of us use a Virtual Private Network (VPN) to connect securely to a remote network, such as a corporate office. According to Microsoft, Windows 8.1 will support a wider range of Virtual Private Network (VPN) clients, although details aren't available yet. Additionally, Windows will allow third-party apps to initiate VPN connections automatically, possibly eliminating the need for you to start the connection manually all the time.
A better experience and better security
Windows 8.1 Preview has a lot to like, but the security enhancements show that Microsoft is keeping up with the times. The BYOD trend means that personal devices are handling corporate data, so remote wiping and other safeguards are vitally important. Everyone browses the Web, so anything that makes IE safer is a good idea. VPNs and device encryption help thwart sniffers and thieves. And best of all, most of these security features are already available in some form in Windows 8.1 Preview, so you can check them out now.