How Windows 8 Beefs Up Security
A screenshot of the start screen in the Windows 8 Consumer Preview.
Windows 8 promises to be much more secure than Windows 7 — so much so that some users might not like it.
Chris Valasek, a researcher with the San Francisco security firm Coverity, has been playing with the developer preview version of Windows 8 since last fall.
He told the British tech blog the Register that while the internal structure is not too different from that of Windows 7, there are a few new features that will nonetheless beef up Windows 8's security considerably.
"Overall, I'd far rather write exploits against Win 7 than Win 8," Valasek told the Register.
Microsoft has not set a release date for Windows 8, but it is expected to hit stores sometime this fall.
A couple of the features may seem familiar to users of Apple Macs or iOS devices. For example, Windows 8 will have its own app store, called Windows Store.
It's not clear how Microsoft will examine the apps it lets into the Windows Store, but Valasek explained that all apps will be severely restricted in what they can do within the Windows 8 environment.
"These new Windows 8 Apps will be contained by a much more restrictive security sandbox, which is a mechanism to prevent programs from performing certain actions," he told the Register.
(Tablet users running Window RT, the mobile version of Windows 8, will be able to download apps only from the Windows Store.)
Locking down the browser
Windows 8 will also come with Internet Explorer 10 (IE10), which borrows some security features from Apple's Safari and Google's Chrome browsers — sort of.
In fact, there are two versions of IE10. There's the "Metro" version using Windows 8's bright, visual-heavy interface, which borrows a lot from Windows Phone and the Zune user interface.
The Metro IE10 will have a built-in Adobe Flash player, like Chrome, but it places security ahead of convenience. It will "whitelist" Flash websites so that only approved sites — YouTube, for instance — will be able to load Flash media. (Flash is constantly being exploited by malicious hackers.)
The Metro version of IE10 is all that users of Windows RT will be able to use. Desktop and laptop users, however, will be able to switch to a traditional version of IE10 that will run all Flash and Java media.
If I don't know you, I'm not loading you
Windows 8 will also see the inauguration of the "secure boot" feature, a security initiative that Microsoft hopes all PC manufacturers will eventually follow.
It means that all installed operating systems, whether on a hard drive or on an optical drive, will be checked for digital certificates of authenticity before they're allowed to start the machine.
Secure boot means that corrupted or infected software won't be able to boot a PC, but some open-source software advocates fear it could freeze out Linux and other non-Windows software.
Finally, Windows 8 will have a Microsoft first — a built-in anti-virus software installation.
Called Windows Defender, the product is actually a combination of the existing Microsoft Security Essentials software, currently available as a download for Windows 7 and previous versions, and the Windows Defender firewall, which is currently turned off by default.
For the first time in more than a decade, Windows users will be able to safely connect their machines to the Internet without having to install any anti-virus software. The anti-virus software industry may have reason to worry.