Windows 8 hit the streets last Friday and lots of folks have been asking, “Should I upgrade? What’s new?”
While the primary difference is in the radical changes to the user interface, we here at Naked Security thought it best to stick with our core competency, security.
Folks who are interested in a detailed analysis of the changes in Windows 8 from a security perspective should download our new technical paper, “Windows 8: Redmond’s Safest Operating System Ever?”
The most obvious, and controversial, change in Windows 8 security is the new Secure Boot system. New PCs that ship with Windows 8 will be required to use a UEFI BIOS, which is the first component required for securely booting Windows.
The UEFI BIOS begins the loading of the operating system and ensures all of the components are signed with a digital certificate belonging to Microsoft. This should go a long way towards disrupting rootkits and boot kits that depend upon the ability to load before Windows and your anti-virus software.
Microsoft has made minor improvements to the ASLR and DEP technologies used to defend Windows and its applications against buffer overflow and other vulnerabilities.
SmartScreen filtering has been extended to the basic operating system after having proven itself useful in Internet Explorer 9. Another set of eyes looking for nasties is always a good thing, but I am not convinced it is as useful as Microsoft claims it is.
Microsoft Defender has been upgraded to be a proper anti-virus scanner using much of the technology previously branded as Microsoft Security Essentials.
It’s nice to see new Windows installations able to defend themselves from the get-go, but it appears to be the bare minimum. Most users expect more and will likely want to install a more fully featured security suite.
There are many other small changes including improvements to DirectAccess VPN, Windows To Go, Internet Explorer 10 and the new “Modern” tile applications.
Our paper “Windows 8: Redmond’s Safest Operating System Ever?”, with a lot more details on the security improvements in Windows 8 and other Windows 8 tips and information, is available on our Windows 8 area at http://sophos.com/windows8.
It is my opinion that Windows 8 is certainly an improvement in security over previous Windows versions, but Microsoft may be fighting an uphill battle.
In an informal poll at a few conferences I have attended in the last few weeks, only about 50% of organizations have Windows 7 rolled out to the majority of their desktop users.
Windows 8 is a radically different user experience and will likely require quite a lot of effort to both train end users and develop effective policies to manage all of the new functionality.
Planning a Windows 8 rollout at your organization? Leave us a comment below and share your thoughts with our community.