The earliest session of the last day at TechEd Europe was all about malware prevention and removal. Chris Hallum, Senior Product Manager focusing on Windows Client Security, and Sunil Gottumukkala, Principal Program Manager Leader, talked about security improvements in Windows 8. They have made some bold claims about the fact that Windows 8 is infinitely more secure than Windows 7. I came away impressed.
1. Pre-Boot Early Launch Anti-Malware
There are varieties of rootkits and viruses around that load even before Windows and long before an Antivirus solution kicks in. In Windows 8, the ELAM (Early Launch Anti Malware) driver starts before ANY Windows boot loader is active and prevents malicious code from taking over. What's interesting with this is that this driver simply launches the currently installed (and compatible) anti-malware product, and that's not necessarily Microsoft's own AV engine (MSE a.k.a Windows Defender in Windows 8). According to Hallum, Microsoft has worked with the antivirus vendors to help them develop their own ELAM component. I expect names like Kaspersky or Symantec to be among the first to offer a dedicated Windows 8 ELAM component.
2. Measured Boot
In Windows 8, Microosft introduced a foundation called "Measured Boot." The entire boot process is now signed and stored in the TPM chip in order to prevent malware from infecting the system. This information can even be verified remotely to check upon the security state of a client. Microsoft also provided a 1.8 MB whitepaper covering Measured Boot in detail.
3. Post-Boot Security: Windows Defender 2.0
Windows Defender has now been updated and is, according to Microsoft, a full-blown anti-malware solution. It no longer just tries to fight adware or spyware but malware as well while offering real-time protection.
The reason Microsoft built its own solution (and in essence spit in the face of their partner) is simple, as Microsoft's Gottumukkala explained: "According to our telemetry, 95% of all systems shipped with an antimalware software.... However, our data showed that after 6 months, 25% of those systems were vulnerable because the AV solution expired!"
Microsoft also made it very clear that they're not trying to mess with their existing security software partners. In fact, Microsoft's "Windows Defender" is not even in the taskbar when you install Windows 8. It's active as a background service and only a manual search will lead you to the UI:
I guess it's their way to not fall out of grace with their partners and still protect users. The general user will not know he's even protected and will continue to think about Antivirus products (or NOT!).
4. App Security
Building a new development model from the ground up has its advantages: You can -- from Day 1 -- start to think about security:
- Windows Store: Before an app goes live on the Windows Store, Microsoft performs some rigorous screenings to ensure it's malware free. Plus,
- Installation: All the apps are both verified from Windows Store (signature-based) and from the client (Smart Screen, Defender. etc.).
- App Container: All apps run with extremely low privileges and have limited access to resources. The only ways to access data or other apps is being handled by "Contracts" (such as the Share contract you see in the charms bar of Windows 8).
I guess we'll soon see how effective these measures are when Windows 8 rolls out globably sometime in September or October, though I'm not expecting any sort of major breaches.
5. Internet Explorer 10
The team also talked briefly about browser security and mentioned that the IE 10 version baked into Windows 8 has an improved ASLR mechanism. Second, all tabs and IE processes are completely isolated. Something in tab 1 couldn't tamper with tab 2 or capture any of the data.