June 29, 2012, 12:35 PM — The earliest session of the last day at TechEd Europe was all about malware prevention and removal. Chris Hallum, Senior Product Manager focusing on Windows Client Security, and Sunil Gottumukkala, Principal Program Manager Leader, talked about security improvements in Windows 8. They have made some bold claims about the fact that Windows 8 is infinitely more secure than Windows 7. I came away impressed.
1. Pre-Boot Early Launch Anti-Malware
There are varieties of rootkits and viruses around that load even before Windows and long before an Antivirus solution kicks in. In Windows 8, the ELAM (Early Launch Anti Malware) driver starts before ANY Windows boot loader is active and prevents malicious code from taking over. What's interesting with this is that this driver simply launches the currently installed (and compatible) anti-malware product, and that's not necessarily Microsoft's own AV engine (MSE a.k.a Windows Defender in Windows 8). According to Hallum, Microsoft has worked with the antivirus vendors to help them develop their own ELAM component. I expect names like Kaspersky or Symantec to be among the first to offer a dedicated Windows 8 ELAM component.
2. Measured Boot
In Windows 8, Microosft introduced a foundation called "Measured Boot." The entire boot process is now signed and stored in the TPM chip in order to prevent malware from infecting the system. This information can even be verified remotely to check upon the security state of a client. Microsoft also provided a 1.8 MB whitepaper covering Measured Boot in detail.
3. Post-Boot Security: Windows Defender 2.0
Windows Defender has now been updated and is, according to Microsoft, a full-blown anti-malware solution. It no longer just tries to fight adware or spyware but malware as well while offering real-time protection.
The reason Microsoft built its own solution (and in essence spit in the face of their partner) is simple, as Microsoft's Gottumukkala explained: "According to our telemetry, 95% of all systems shipped with an antimalware software.... However, our data showed that after 6 months, 25% of those systems were vulnerable because the AV solution expired!"
Microsoft also made it very clear that they're not trying to mess with their existing security software partners. In fact, Microsoft's "Windows Defender" is not even in the taskbar when you install Windows 8. It's active as a background service and only a manual search will lead you to the UI: