Windows 8 Enhanced Security Features
Microsoft has published the Windows 8 Release Preview Product Guide for Business, the guide describes how Windows 8 changes the work environments and how Windows is reimagined to support people’s unique working styles.
Windows 8 provides enterprise-class security capabilities that keep clients more secure from power-on to power-off.
Windows 8 provides the following enhanced security features:
Trusted boot process
With UEFI 2.3.1 equipped devices, the UEFI Secure Boot feature helps to ensure that malware is not able to start before Windows 8. The Windows 8 Trusted boot feature protects the integrity of the remainder of the boot process, including the kernel, system files, boot critical drivers, and even the antimalware software itself. The system’s antimalware software is the first 3rd party application or driver to start. Moving antimalware into the Trusted Boot process prevents it from being tampered with. In the event that malware is able to successfully tamper with the boot process Windows can automatically detect and repair the system.
Measured boot process
On Trusted Platform Module (TPM)-based systems, Windows 8 can perform a comprehensive chain of measurements during the boot process that can be used to further validate the boot process beyond Trusted Boot. Measured boot process enables all aspects of the boot process to be measured, signed, and stored in a Trusted Platform Module (TPM) chip. This information can be evaluated by a remote service to further validate a computer’s integrity before granting it access to resources. This process is called Remote Attestation.
BitLocker Drive Encryption
BitLocker now supports encrypted drives, which are hard drives that come pre-encrypted from the manufacturer. BitLocker offloads the cryptographic operations to hardware, increasing overall encryption performance and decreasing CPU and power consumption. On devices without hardware encryption, BitLocker allows you to choose to encrypt the used space on a disk instead of the entire disk. As free space is used, it will be encrypted. This results in a faster, less disruptive encryption of a hard drive. In addition, the user experience is improved by allowing a standard user, one without administrative privileges, to reset the BitLocker PIN.
AppLocker
AppLocker enables IT administrators to create security policies through Group Policy to prevent potentially harmful or other non-approved apps from running. With AppLocker, IT administrators can set rules based on a number of properties, including the signature of the application’s package or the app’s package installer and can more effectively control apps with less management.
Windows SmartScreen app reputation service
Windows SmartScreen app reputation is a safety feature in Windows 8. This service provides application reputation-based technologies to help protect users from malicious software that they may encounter on the Internet. This technology checks reputation on any new application, helping to keep users safe no matter what browser they use Windows 8. This helps to prevent malware and other viruses from infiltrating your organization. The Windows SmartScreen app reputation feature works with Internet Explorer’s SmartScreen feature, which also protects users from websites seeking to acquire personal information such as user names, passwords, and billing data.
Claim-based access control
With Windows 8, IT administrators can dynamically allow users access to the data they need based on the user’s role in the company. Unlike previous statically-controlled security groups, Claim-based access control allows IT admins to dynamically control access to corporate resources based on the user and device properties that are stored in Active Directory. For example, a policy can be created that enables individuals in the finance group to have access to specific budget and forecast data, and the human resources group to have access to personnel files.
