Microsoft’s latest desktop operating system, Windows 8, has already been released to partners in its final state and many companies are starting to think about Windows 8 adoption and its impact on their existing environment.
Taking that Windows 8 will eventually be deployed in the majority of corporate desktop environments at some point, what is the security impact of the new version? This article will look at two major changes: Secure Boot and the revised Microsoft Defender.
Increased Protection from the Start
Microsoft has addressed a vulnerability in its boot sequence that made it vulnerable to malware, such as StuxNet, which could compromise the boot sequence and essentially the entire operating system.
Windows 8 has the Secure Boot feature that works together with motherboards with Unified Extensible Firmware Interface (UEFI) that has a certificate installed by the motherboard manufacturer that prevents compromised Windows boot loaders from running. This isn’t a new feature (Windows Vista supported this) but Microsoft are now forcing manufacturers to have this fully enabled in order to use the Windows 8-certified logo.
While this won’t save your current machines that are not UEFI-enabled, it does secure future computer purchases that incorporate this feature.
Windows Defender gets more muscle
Another improved security module is the bigger role Microsoft’s Defender will play. It will now include virus detection and removal, network protection and some behavioural protection.
Does this mean that you can drop your incumbent digital security software in your enterprise?
Microsoft’s position is not to replace existing security vendors, but merely protect those Windows machines that users left unprotected. Figures have placed this as much as 25% of all Windows machines have no anti-virus protection, despite the free and paid-for versions available out there. Windows Defender will borrow from Microsoft’s Security Essentials and looking at the performance from AV-Comparitives.org, these free Microsoft tools score average or below average on tests.
Nearly all major digital security companies, including Kaspersky Lab, score better or dramatically better in securing your computers than what Defender will do, proving the saying “you get what you pay for”.
Nothing really changes
Despite improving security and better patch processes, your overall corporate strategy won’t change with Windows 8. Many of your corporate security challenges are not operating system-based, such as email, phishing and data theft attacks. The same strategy and software solutions you’re currently using will not require much modification due to the features included in Windows 8.