Windows 8 security overview - Safest Windows ever?

Filed Under: Featured, Internet Explorer, Microsoft, Windows

Windows 8 logoWindows 8 hit the streets last Friday and lots of folks have been asking, "Should I upgrade? What's new?"

While the primary difference is in the radical changes to the user interface, we here at Naked Security thought it best to stick with our core competency, security.

Folks who are interested in a detailed analysis of the changes in Windows 8 from a security perspective should download our new technical paper, "Windows 8: Redmond's Safest Operating System Ever?"

The most obvious, and controversial, change in Windows 8 security is the new Secure Boot system. New PCs that ship with Windows 8 will be required to use a UEFI BIOS, which is the first component required for securely booting Windows.

The UEFI BIOS begins the loading of the operating system and ensures all of the components are signed with a digital certificate belonging to Microsoft. This should go a long way towards disrupting rootkits and boot kits that depend upon the ability to load before Windows and your anti-virus software.

Microsoft has made minor improvements to the ASLR and DEP technologies used to defend Windows and its applications against buffer overflow and other vulnerabilities.

SmartScreen filtering has been extended to the basic operating system after having proven itself useful in Internet Explorer 9. Another set of eyes looking for nasties is always a good thing, but I am not convinced it is as useful as Microsoft claims it is.

Microsoft Defender has been upgraded to be a proper anti-virus scanner using much of the technology previously branded as Microsoft Security Essentials.

It's nice to see new Windows installations able to defend themselves from the get-go, but it appears to be the bare minimum. Most users expect more and will likely want to install a more fully featured security suite.

There are many other small changes including improvements to DirectAccess VPN, Windows To Go, Internet Explorer 10 and the new "Modern" tile applications.

Windows 8 security tips and papersOur paper "Windows 8: Redmond's Safest Operating System Ever?", with a lot more details on the security improvements in Windows 8 and other Windows 8 tips and information, is available on our Windows 8 area at http://sophos.com/windows8.

It is my opinion that Windows 8 is certainly an improvement in security over previous Windows versions, but Microsoft may be fighting an uphill battle.

In an informal poll at a few conferences I have attended in the last few weeks, only about 50% of organizations have Windows 7 rolled out to the majority of their desktop users.

Windows 8 is a radically different user experience and will likely require quite a lot of effort to both train end users and develop effective policies to manage all of the new functionality.

Planning a Windows 8 rollout at your organization? Leave us a comment below and share your thoughts with our community.

, , , , , , ,

You might like

33 Responses to Windows 8 security overview - Safest Windows ever?

  1. Vishal · 534 days ago

    I don`t think so buddies because I have already heard of the Windows 8 bootkit successfully developed and tested by a security researcher named Peter Kleissner
    who published his bootkit on November 25, 2011 at MalCon 2011.
    Go ahead guyzz and read the paper and it is really awesome....:)

    • Chester Wisniewski · 534 days ago

      This was only successful with Safe Boot disabled.

  2. JimboC · 534 days ago

    Thanks very much for writing this blog post and in-depth PDF on Windows 8 security. The top eight tips on security for Windows 8 are also very helpful.

    Thanks for bringing this often neglected and less published aspect of Windows 8 to a wider audience.

  3. DeadCaL · 534 days ago

    Not being a hardware techie, I have to ask, does UEFI BIOS prevent you from running anything other than Windows 8?

    • JimboC · 534 days ago

      Hi DeadCaL,

      No UEFI does not stop you from running anything but Windows 8. If Secure Boot is disabled in the UEFI BIOS, you can install Linux as normal.

      There was initially a lot of controversy about UEFI and Secure Boot potentially stopping you from running Linux but this turned out to be false.

      Indeed Fedora Linux has plans to feature Secure Boot technology:
      http://www.pcworld.com/article/259801/fedora_linu...

      As one commenter puts at the end of this article,

      “UEFI and secure boot are NOT the same thing. Please do not use them interchangeably, as they are NOT interchangeable”

      I hope this helps. Thanks.

      • DeadCaL · 534 days ago

        Ah OK thanks. So it's a feature that can be turned off and on again?

        • Chester Wisniewski · 534 days ago

          Yes, and thank you @JimboC. I use UEFI to boot Arch Linux on 3 PCs of mine and even take advantage of the new kernel 3.6 boot stub.

          If things work as promised you will be able to sign your own boot loaders and import your certificate into your UEFI BIOS. This way you maintain all the security without vendor lock in.

  4. Encrypted · 534 days ago

    I also have to wonder, if I want to have a fully encrypted hard drive, would that mess up the UEFI BIOS protection?

    • Chester Wisniewski · 534 days ago

      Secure Boot looks at the digital signature of the boot components. This would not be affected by encryption. Ensuring your pre-boot encryption is signed in the appropriate way is the complexity. I would recommend using BitLocker encryption with a more capable management solution for the keys. This way you can take advantage of Safe Boot and still have a consolidated key management strategy.

  5. RMc-Canada · 534 days ago

    Unfortunately, for me personally?, I Hate the ‘Metro’ deal regardless of how much better the security. I want an OS designed for my PC, NOT a tablet or smartphone?.

    I was holding off to buy my OS for the PC im building because of Windows 8, I’m going with 7.

    • Ted · 534 days ago

      Give it a rest mate.
      Just grow up and use Windows 8.

      • Richard · 533 days ago

        Telling people to "grow up" just because you disagree with them is incredibly childish and rude.

      • RMc-Canada · 533 days ago

        @BillBlagger

        TY :-)

        Couldent of said it better myself! LOL!.

      • JohnMWhite · 533 days ago

        That is a ludicrous response. Growing up would be letting other people have their opinions. I'm not a fan of the Metro interface either, but I see some merits to the OS so will likely upgrade. I won't hold it against somebody else who doesn't want to deal with an interface designed for a machine he isn't even using.

  6. BillBlagger · 534 days ago

    "lots of folks have been asking, "Should I upgrade?"" Definitely worth running the Upgrade Assistant first. My PCs aren't so old but won't run Safe Boot and I don't plan to buy new PCs or mobos just to do that.

    @Ted: Not sure what growing up has to do with it, the screenshots I've seen suggest Windows 8 is aimed at pre-school kids, hideously multi-coloured desktop with big boxes to play with. If that's growing up I'll stay sixteen (if only).

    • njorl · 533 days ago

      "My PCs aren't so old but won't run Safe Boot and I don't plan to buy new PCs or mobos just to do that." - possible source of confusion: Windows 8 can be installed on a PC with an ordinary BIOS. The restriction appears to be being imposed on manufactures who have agreements with Microsoft to sell new hardware with Windows 8 pre-installed.

      "New PCs that ship with Windows 8 will be required to use a UEFI BIOS, which is the first component required for securely booting Windows."

    • JimboC · 533 days ago

      Hi BillBlagger,

      My PC from July 2011 is in the same situation as yours. It has UEFI firmware but the Upgrade Advisor tells me that it does not support Secure Boot (it must support UEFI v2.3.1 Errata B and have the Microsoft Windows Certification Authority in the UEFI signature database).

      Any BIOS updates for this PC do not add the Secure Boot feature since this PC was never designed for these features of Windows 8.

      My motherboard, an Asus P8P67 Pro Rev 3.0 is not on the list of Asus motherboards certified for Windows 8, so I am out of luck in being able to use Secure Boot:
      http://event.asus.com/mb/windows_8/#intel

      From what I can tell, ELAM (Early Load Anti-Malware) is also part of Secure Boot so I won't be able to use this either.

      Here are the links I referred to:
      http://msdn.microsoft.com/en-us/library/windows/d...
      http://www.thewindowsclub.com/earlylaunch-antimal...

      However there are numerous other security improvements that I can take advantage of and these are my primary reason for upgrading. These are the same features that Chester discusses in his Windows 8 Security whitepaper mentioned in this blog post.

      Please find below some further information on these:
      http://blogs.msdn.com/b/b8/archive/2011/09/15/pro...
      http://illmatics.com/Windows%208%20Heap%20Interna...

      In summary I am talking about improvements to ASLR, the Windows kernel and the Windows heap. When I read about these improvements some months ago, I made up my mind that I am going to upgrade to Windows 8.

      I hope this information is of assistance to anyone considering an upgrade for security reasons.

      Thank you.

  7. Jon Fukumoto · 533 days ago

    If Windows 8 it truly more secure, why then is the Registry Editor available by default via the Run Menu? I was able to render the Windows 8 Release Preveiw useless in 5 minutes using the Registry Editor. The UAC is useless, as it's just "Cancel" or "Allow". How I went about it was delete a couple of vital keys and reboot. As to which keys I deleted I won't mention it here. After I did so, I rebooted. Windows 8 attempted to repair itself and locked up as a result. This also applies to ALL cleint versions of Windows, from Windows 95 onwards. I accomplished the same thing under Windows 7, and it too wasn't able to repair itself. I wouldn't call Windows 8 secure as a result. As long as the Registry Editor is available by default, Windows 8 is not fully secure against what I described.

    • JimboC · 531 days ago

      Hi Jon Fukumoto,

      I really don’t see the problem here. If access to the registry editor was blocked by default to an administrative account of Windows there would be many complaints about this. If you are concerned about this, please simply use Group Policy and block access to the registry editor (you don’t need to be in a corporate environment to do this, you can block it on your home PC too). I can explain how to do this, if you wish.

      Please bear in mind that 3rd party registry editors may not be blocked by this approach.

      I tried editing the registry in the Administrator account and it was successful, as expected. Trying the same with a Standard account (i.e. limited user), I was unable to edit the registry, but I could launch regedit.

      Unfortunately removing the ability of an Administrator account to edit the registry by default is going to be a draw back. It isn’t Microsoft’s fault that most people don’t follow the principle of least privilege and simply use an Administrator for working on their computer on a daily basis.

      Microsoft provide such advice of using a Standard account on their website, but it is up to the users of Windows to follow it:
      http://www.microsoft.com/security/pc-security/ant...

      I use a Standard User account for almost everything on my PC. I only use the Admin account when I am going to install/uninstall some programs in bulk (i.e. 2 to 3 programs at a time). When I am done, I go back to my Standard account. If I simply need to install/update one program I will use the Standard account and provide my admin password via UAC if prompted.

      UAC is not a security feature of Windows; its function is to allow even an Admin account to run as a standard user until a UAC prompt elevates a program to admin privileges when necessary. It is a common misconception that UAC is a security feature of Windows (the goal it achieves however benefits security).

      If you don’t believe me, read Mark Russinovich’s articles on UAC:
      http://technet.microsoft.com/en-us/magazine/2007....
      http://technet.microsoft.com/en-us/magazine/2009....
      http://blogs.technet.com/b/markrussinovich/archiv...

      For you to say that UAC is useless is incorrect. If you are going to intentionally damage a PC, UAC won’t stop you, that is not its function. Most people don’t read the UAC prompts before blindly clicking Accept or Yes. That is not a problem with Windows.

      Why do I think that having access by default to the registry editor from an Admin account is not a problem, simple, as one other commenter (Snert) of this blog post puts it:

      ---------
      The least secure part of any OS is the using nut; never forget that.
      ---------

      To me this conveys that the user is weakest link in the chain of security and in the vast majority of cases, this is correct and kudos to Snert for pointing this out.

      If the user of the PC is careless enough to modify the Windows registry without knowing what they are doing, that’s not Microsoft’s fault for leaving that capability enabled in Windows 8.

      Unfortunately, the methods of resolving this involve some learning and common sense on the part of the users and it can take a lot of patience and persuasion to convince a person that technology can be mastered and that they shouldn’t be afraid of it. They should be encouraged that if they don’t know how to do something or know how something works, they should learn from someone or other source of information and fill that gap in their knowledge. I have found this approach of encouragement to work really well.

      In a corporate environment, security awareness training can show what risks users should be aware of and what parts of the operating system to leave alone unless they know what they are doing and have permission to do so.

      As for accessing the registry keys that caused Windows to no longer load, I don’t see why you want to hide them. Anybody with a reasonable knowledge of Windows knows what these keys are or could look them up, e.g.:

      The shell key that loads explorer.exe (HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinLogonShell )

      Data Type = REG_SZ, Data=Shell

      The key used to load userinit.exe (HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon )

      Data Type = REG_SZ, Data=Userinit

      The key used to load csrss.exe (HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerSubSystems )

      Data Type = REG_EXPAND_SZ, Data=Windows

      Changing any of the above 3 keys will causes issues, especially the registry keys used to launch userinit.exe and csrss.exe . If a person really wants to do this, not publishing these keys is not going to hamper their progress significantly in doing so.

      There are other keys that when modified could cause issues but these examples convey my point.

      If you still feel that the registry editor needs to be blocked by default from an Admin account of Windows 8, I suggest you contact Microsoft and get in touch with the appropriate teams to make that change happen.

      I hope this info is of assistance to you. Thank you.

  8. Teagle · 533 days ago

    As an engineer, within 1/2 an hour of working my mouse looks like it has been tarred and feathered.
    I don't have the luxury of being able to use a touch screen because of the situation of my industry.
    I cannot see any advantage of upgrading to windows 8, it appears to be another gimmick
    based on the ability to use touch screen.
    Probably more to do with selling new PC's with the new operating system than to us plebs still using older hardware.
    Having looked at windows 8 it seems to have less functionality than windows 7.
    Unless you can afford the luxury of buying new equipment I wouldn't bother.
    Knowing Microsoft and it's pricing it will probably be cheaper to by an iphone/ ipad anyway. in the long run.

    • AKHIL · 479 days ago

      Well you are engineer and certainly you have more knowledge about the stuff you do on computer but I didn't understand hows windows 8 tearing down your mouse? I m just a sales person who sales windows 8 in shop front and even i know outside desktop mode you only go when you have to access some application... otherwise while you working inside the desktop mode you are similar environment of windows 7... :) So what i understand with your comment is you just badly want touch screen and you using windows 8 as an excuse so company buy one you.. :)

  9. Ross · 533 days ago

    Glad they're making improvements in security but as you've implied they've still got a way to go. As with previous versions I'll wait until most of the bugs have been sorted out.

  10. Snert · 533 days ago

    The least secure part of any OS is the using nut; never forget that.

  11. LindaB · 533 days ago

    Will I be able to install W8 on my 6 year old PC that does not have EUFI bios? I know that will be less 'secure' but I don't see why M$ are allowed to force us to buy new hardware just because they say so.

    • JimboC · 533 days ago

      Hi LindaB,

      It is very likely that you will be able to run Windows 8 on your 6 year old PC. If it can run Windows 7, it can most likely run Windows 8.

      Please download and run the Windows 8 Upgrade Assistant (also called the Upgrade Advisor). This will tell definitely if you can upgrade or not.

      You can download the Windows 8 Upgrade Assistant from:
      http://windows.microsoft.com/en-us/windows-8/upgr...

      The system requirements for Windows 8 are also listed on that page.

      My PC has a UEFI BIOS but I cannot use Secure Boot or the ELAM (Early Load Anti-Malware), the Upgrade Advisor told me this, but I can upgrade to Windows 8.

      While it is an advantage to have the above features, they aren’t the only reason to upgrade to Windows 8.

      I hope this helps. If I can be of any further assistance, please feel free to ask.

      Thank you.

  12. SomeGuyinChicago · 533 days ago

    I recall Vista and Windows 7 each being the most secure OS's ever to come from Redmond, yet I don't recall a vulnerability that was thwarted by these operating systems. All Microsoft updates are almost always for all versions. The problem seems to be that the vulnerability existed in the code written a long time ago and each OS is lipstick on a bulldog. The improvement is in the UI and getting true security requires it to rebuilt from the ground up.

  13. manak · 533 days ago

    Windows 8's strong point is low price upgrade. For Innovation?
    Of Course not. Windows 8 is not innovative.
    It is a just hybrid OS for MS tablet.

    Modern UI(Windows RT) + Desktop mode(Windows 7b?)
    There are two types of app. Metro style app and desktop app.
    Of course they are different.
    You have to flip back and forth two OS UI all the time.
    and Microsoft prevents booting straight to Desktop mode in Windows 8
    No choice. Why? They are forcing you to use MS Tablet UI
    for their MS Surface device. They don't care about their loyal customers.

    We know Windows 8 UX for tablet Not for desktop.
    This UX is really joke for desktop PC user in business environment
    It's not seamless. No consistency.
    There is no big performance difference between Windows 7 and Windows 8
    except startup time(8sec faster) and shutdown time (4sec faster).
    Windows 7 supports multitouch technology
    Windows 7 can search apps at Start menu
    Windows 7 has DVD playback and windows media center (not sold separately like 8)
    ..etc

    Software cannot change your current desktop/laptop PC to Tablet.
    If you use desktop/laptop PC with Windows 7. just stay with Windows 7
    and wait Windows 9 or something else.
    If you really like Modern UI Just grab tablet at store. That is smart buy.

    • Guest · 532 days ago

      I disagree with this. I've been using windows 8 on the desktop for awhile now. If you don't want to, you rarely need to enter the Metro UI. Even if you do end up pulling up the UI to search for something, while the full screen transition is jarring at first, it doesn't require any extra clicks or typing than in the previous version of windows. Once i just accepted it as a full screen start menu, I've had no more difficulty using 8 than I did 7. I don't understand why people make such a big deal about Metro on desktops as it, at least for right now, is a minimal part of the experience.

      • AKHIL · 479 days ago

        I think so you nail it... This is my argument and explanation, when customer try to talk what they read on internet without understanding or looking the product at first.. It's not that hard or indifferent but human are evolved from monkey... And they repeat and do same what other do... Well it's common :)

  14. Jack · 532 days ago

    I would also like to know if I have to have a BIOS that supports EFUI (or is EFUI). I have yet to see why I would purchase Windows 8. Only if I had hardware that uses touch screen technology. Of course I would not have purchased one with W8 in the horizon without some guarantee that it is supported by W8.

    Why move to the latest and greatest when they are virtually the same OS and there seems no benefit to a move.

    I'm purchasing a Mac Book Pro, just have to get my wife on board.

    Is security the only real advantage?

  15. AKHIL · 479 days ago

    I remember the fuss around when window's 7 hit the market... :) What happen now suddenly window's 7 is one of the best OS over xp.... Don't mind people will get along with window's 8 when they run out of choices... Always happen like this, We as human cannot except changes easily... :)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.