Page 2 of 3
Aside from Windows Defender, a number of other security features in Windows 8 are up for discussion.
"Compared to Windows 7, it is really clear that they've taken a long hard look at the telemetry that they have been gathering over the last few years and have applied that to improve the security of the operating system," said Aryeh Goretsky, distinguished researcher at ESET. "I especially like the concept of implementing the secure boot facility in conjunction with the UEFI [united extensible firmware interface] because if it is implemented properly, that blocks a whole class of malware. Of course, whether or not it works as planned has yet to be determined."
Goretsky went on to explain that design flaws, implementation errors or compatibility issues could call the tactic into question, particularly if it begins to interfere with important applications on client devices.
However, Goretsky applauds the new requirement that antivirus and other applications need to completely uninstall upon user command rather than leave remnants on the hard drive.
"Typically, after the software installer has run, the program may do other things to download updates and make further modifications to the registry and so forth," he explained. "Those types of actions are not typically cleaned up during the uninstall process because uninstallers are typically just a script that can only remove what they know about. Post-install actions typically get left behind. Microsoft is saying no more of that. That will make life easier for the customer because if they are not happy with their antivirus software, they can easily upgrade that, or maybe they want to get something less expensive when it comes time for renewal. But, that really ensures that when a customer switches from one product to another, they don't have any system problems from having orphaned drivers or services running."
Additionally, Microsoft has also taken action against attacks on the master boot record by preventing the boot code from running if it is not digitally signed.
"If your code is there first, then you can control what happens with all the other software that is loaded afterwards," he said. "The new spec institutes a trust mechanism so that if the code is not cryptographically signed, it is not allowed to run. At that point, the next point of entry would be to try to get their code to run as a device driver, as early in the boot process as possible. So, Microsoft has now launched a program called Early Launch Anti-Malware or ELAM. That will be the first thing to run following Microsoft code, so there won't be this kind of randomness about the order in which things load. And, that gives anti-malware vendors the opportunity to check all the other drivers on the system before they load. So, that's a big advantage, in terms of detecting threats."