Windows 8 Malware Protection Detailed
by Andrew Cunningham on September 15, 2011 6:00 PM ESTEvery new version of Windows has done something to help alleviate the platform's chronic malware problem, and Windows 8 will be no different: Microsoft's Jason Garms takes to the Building Windows 8 blog today to explain some of the mechanisms Windows 8 will employ to keep your PC malware-free.
The full list of fixes and enhancements is typically long and detailed, but I'll provide some of the highlights: for one, the Address Space Layout Randomization (ASLR) feature, which moves code and data around in memory to prevent attacks using the location of that data or code, has been improved, and elements of it have been extended to protect the Windows heap and to Internet Explorer.
Windows Defender has also been improved, and appears to be picking up many of the enhancements previously offered by the Microsoft Security Essentials add-on, including the ability to remove all types of malware (past Defender versions could remove only a subset). In addition to this, Windows Defender can now verify that firmware and firmware updates are malware-free on UEFI-based machines.
The last major improvement mentioned by Garms involves Internet Explorer's SmartScreen filter, which identifies URLs known and suspected to be malicious - the SmartScreen filter can now work OS-wide, and will warn you before running any potentially unreputable executables.
Windows 8 looks to be a firm step forward for malware protection in Windows, but no malware prevention system offers complete protection - yoru best bet is still to practice safe browsing, keep your software up-to-date, and whenever possible, run as a standard user instead of an administrator.
Source: Building Windows 8 Blog
13 Comments
View All Comments
Filiprino - Thursday, September 15, 2011 - link
"but no malware prevention system offers complete protection - yoru best bet is still to practice safe browsing, keep your software up-to-date, and whenever possible, run as a standard user instead of an administrator."That's it. I don't use any malware prevention tool apart from the one that comes with Windows 7. The rest of free antivirus programs or prevention software have the same effectiveness, they aren't proactive tools, something that hurts hard on performance.
I used to pay for antivirus software but it was useless: it didn't detect nothing because I simply didn't give it the opportunity to alert me: good usage practices.
Finally, any kind of protection is also useless against the user desire to install something. If he gives privileges, the malware will be installed no matter what you have on your system. Antivirus only add confusion to your daily work and give a false sense of protection either by detecting false positives or by not detecting true menaces.
danielgardiner81 - Friday, September 16, 2011 - link
The problem with that logic is that some exploits dont require you to do anything, Just visiting a site or viewing an image could infect you.Though I broadly agree with your point of view. I dont use AV software anymore, I think its good to think its because you are "smart" about what you do. Though I think its most likely savvy users dont browse around as much. Having a routine keeps the surface area small.
AV at work tends to just show "cookies" as a problem lol. Though in an office its easy to see how an exploid can explode through the whole place in no time.
Of course we could both be rootkitted but have no idea :)
Filiprino - Friday, September 16, 2011 - link
Well, I don't use Internet Explorer and the malware utility that comes with Windows also detects some cookies and even some downloaded executable files which I know they aren't dangerous.Of course I stopped visiting crack sites and only download from bittorrent sites with comments and files from known teams.
Speaking of adult content, most danger can come from pop ups and ads, things that are blocked by the AdBlock extension and other extensions on Firefox like NoScript and such.
For the most part, rootkits aren't detected by antivirus too, so we're all in the same boat.
All in all, all current Windows XP installations connected to the Internet should be completely wiped, specifically illegal installations without proper updates, not all updates are received by illegal OSes, just the most critical.
Fox5 - Thursday, September 15, 2011 - link
I agree with Filiprino, the OS should be responsible for providing protections from malware even executing, it's in the best position to do it, and Microsoft should have far more data on what's messing with their systems than the antivirus vendors do.The two big security problems:
That malware/viruses can gain execution to do something useful on the OS. The OS can put in all sorts of safe guards and privilege restrictions to minimize data down to a single app (or less). Microsoft needs some SELinux.
That on windows, running something is accomplished the same as opening something or installing something. Just click on it. The windows usage model needs to be changed. Pop-ups warning about malicious programs is a start, but they'd be more secure if they pushed everything into app stores (doesn't have to be just one) that are secure, trusted applications, so that installing something was a very separate activity from running a program or viewing a document. For backwards compatibility reasons, the windows usage model will change slowly with each windows version, but I expect it will get there eventually.
B3an - Friday, September 16, 2011 - link
You first point is somewhat dealt with in Win 8. But this article does not mention it (so please add this stuff it if you read this Andrew).Windows 8’s Metro-style applications run in security containers (sandboxes) where permissions are granted based on a capabilities model (Android-like permissions). An application only is granted the capabilities which are specified in its package manifest.
All Metro apps can only be downloaded from the Win 8 store (atleast for ARM, not sure about x86).
All apps on the Metro store are checked by MS for anything malicious.
Also with Metro version of IE10 it does not run ANY plugins. Which helps with security but IMO is a bad idea - no Flash, no full web access. They're doing a Apple. You could still switch to the desktop and run any desktop browser to get plugins, but on a mobile touch device this isn't ideal.
danielgardiner81 - Friday, September 16, 2011 - link
Low priv accounts is the basic form of sandboxing you are talking about, which has been improved a lot by microsoft over the last half decade.Though a priv elevation exploit means you are screwed. UAC is attempting to alert you that this has happened, though generally you have no idea why it is popping up.
Also, the idea that something is "secure" is nonsense logic. If you install a "trusted app" but its malicious.. then you are really boned.
Complete sandboxing is great protection.. but of course that means you cant keep any of your data in that sandbox or its vunerable. Which brings up another load of issues.
Targon - Friday, September 16, 2011 - link
You are one of the sorts of people who seem want to have your machine locked down "for your own protection", rather than letting the user decide what to install, and that is what all these "app stores" would do, lock things down so only those applications on an app store can be downloaded. The big problem is the registry itself, since if applications could not touch the way the OS runs, it would be relatively easy to keep malware out compared to the way things are today. When apps all had their own INF file and you just kept them in their own directory, the OS wouldn't need to have apps that interact with the OS settings in any way, shape, or form. An install would simply be an announcement to the OS that there is a new program installed, and what directory it can be found in, the INF would provide the information the program itself would want/need.yankeeDDL - Tuesday, September 27, 2011 - link
Am I the only one who finds entertaining listening to MS talk about security?Yes, Windows is targeted because it is (by far) the most popular OS.
Yes, most times infections are due to user's incompetence.
Nevertheless, Windows, as an OS, has always offered thousands of hacking opportunities and the fact is, today, there are thousands of viruses, malware, scareware, ransomeware ... designed to hit a Windows PC which is even just slightly not up-to-date.
I disagree with Filiprino's comments on "safe browsing". Of course that helps a lot, no questions, however as you probably know, in the past few months a lot of "normal" websites were hacked. To nale one, Kernel.org (the house of Linux kernel).
It is "simple" if you think about it: bugs are disclosed once a patch appears, however only a small fraction of PCs are regularly kept up to date, so it suffices to exploit recent bugs to hit millions of PCs.
One just needs to hack a website and include his malware to infect just about anyone passing by.
So what can be done?
If you're interested in security, I suggest you read this interview:
http://www.tomshardware.com/reviews/qubes-os-joann...
It explains quite clearly what can be done, what makes sense doing and what doesn't.
Particularly, with an OS like Windows, with a huge Kernel (understandably so) any action taken against malware is welcome, but will only delay the inevitable (which is, find an "easy" way around, much like the jailbreaking in iOS).
dagamer34 - Thursday, September 15, 2011 - link
Probably the best protection against malware in WIndows 8 will be fact that users will probably only want to install software from a trusted source, such as the Windows Store. Perhaps drive-by downloads will still occur, but I think users are less likely to install COOLGAME.exe if most of their games aren't downloading from their Internet browser.Exodite - Friday, September 16, 2011 - link
You you've just got to love the early-80s era mono graphics of that requester. :PI'll try not to sound overly bitter but it's hard not to, at least if you were around when computer interfaces actually looked like that all the time.