- Apr 25, 2013
- 5,355
http://windows.microsoft.com/en-us/windows-8/how-protect-pc-from-viruses
Windows Defender - it is one of the security levels in windows 8 & 8.1
+
Secure Boot
Windows 8's Secure Boot feature builds on the open standard UEFI (Unified Extensible Firmware Interface) specification to make Windows incredibly resistant to malicious modification from preboot to full OS booting, preventing firmware attacks. The risk of firmware-attacking malware is rising, if you believe the National Institute of Standards and Technologies, the military, and many Fortune 100 CSOs.
Prior to UEFI and Secure Boot, you would be notified about malicious firmware and OS boot code modification in Windows only if you enabled BitLocker Drive Encryption with the Platform Configuration Registers (PCRs) configured (the default). However, enabling drive encryption to get a boot integrity solution was considered overkill by many.
UEFI and Windows Secure Boot only allow code signed by pre-approved digital certificates to run during the firmware and OS boot process. If anything unsigned tries to modify the boot process (think rootkit), the UEFI-based firmware will undo the change, as does the OS. After receiving a healthy and validated handoff from the firmware, it continues to ensure that only pre-approved, digitally signed code can be run.
Although other OSes can and will use UEFI secure boot, Windows 8 and Windows Server 2012 are the only OSes in which it will be enabled by default. Other than Google's Chromium OS, few other popular OSes have plans to implement UEFI-like protections or are still arguing about how to pull it off and when to implement.
Early-launch antimalware
Windows 8 extends its safe boot protection by ensuring that pre-approved antimalware software gets loaded before malware can take control. Previously, malware could "walk the interrupt vector chain" and get in front of the OS or antimalware software. Once that happened, it wasn't Microsoft's or your OS anymore. Now pre-approved antimalware software always gets loaded ahead of the malicious programs, which improves the chances of detection and removal.
SmartScreen
SmartScreen is the feature that has made Internet Explorer one of the safest browsers you can run. It has prevented millions of IE users from being infected each day. It does so using a combination of application reputation and website reputation and by looking for malicious behaviors.
SmartScreen began life in IE8 and was significantly improved in IE9 and IE10. But that protection wasn't being applied equally across the entire user experience. For example, what if the user ran a non-IE browser or was downloading content outside of the browser experience? Windows 8 developers worried as well, so SmartScreen was replicated to the entire OS. When you run Windows 8 or Windows Server 2012, you're getting SmartScreen protection on every network download.
Dynamic Access Control
Essentially, Dynamic Access Control is Windows access control (that is, file and folder permissions) on steroids. In the old model, you could limit access only by user or group membership. But with Windows 8 and Windows Server 2012, you can allow or deny access based upon almost any defined claim or attribute.
Claims can be almost any piece of data you store in Active Directory (AD) belonging to a particular security principal (such as a user or a group), including device ID, log-on method, location, and personal information. For example, you can allow access to a particular folder only to local users using a Windows Surface device. Or you can only allow access by the user's pre-approved, company-issued iPad, but not to their personal, non-approved iPad. I have many customers who desperately want the latter ability without having to purchase third-party software. Microsoft Windows has always had solid, reliable access control; Dynamic Access Control ups the ante.
PC Refresh and Reset
Sometimes no matter how many security features you have, you can't stop end-users from bypassing all warnings and installing malware. It's going to happen. Now you can reset Windows back to its original, known, clean safe state. You can choose between resetting everything to a blank slate or saving your application settings and data. You could do this in previous versions, but it always took a lot longer than simply clicking on a single button and acknowledging the warning prompt.
Normally, security features don't sell anything. Features and flashy GUIs do. Many Windows competitors sell briskly despite being continually late to adopt security features Microsoft pushed early on, such as built-in full disk encryption, ASLR, DEP, and more. But Windows 8 takes a big step forward with added security features -- out of the box, enabled from the start. Despite quibbles over the GUI, I have little doubt those improvements alone will sell millions of copies of Windows 8 to security-conscious customers.
Text source
Windows 8.1: The key security improvements
http://www.infoworld.com/article/26...ndows-8-1--the-key-security-improvements.html
Top 5 Key Security Improvements Found in Windows 8.1
http://blogs.technet.com/b/canitpro...curity-improvements-found-in-windows-8-1.aspx
Windows 8.1 Security and Control
http://technet.microsoft.com/en-us/windows/security-and-control.aspx
Windows Defender - it is one of the security levels in windows 8 & 8.1
+
Secure Boot
Windows 8's Secure Boot feature builds on the open standard UEFI (Unified Extensible Firmware Interface) specification to make Windows incredibly resistant to malicious modification from preboot to full OS booting, preventing firmware attacks. The risk of firmware-attacking malware is rising, if you believe the National Institute of Standards and Technologies, the military, and many Fortune 100 CSOs.
Prior to UEFI and Secure Boot, you would be notified about malicious firmware and OS boot code modification in Windows only if you enabled BitLocker Drive Encryption with the Platform Configuration Registers (PCRs) configured (the default). However, enabling drive encryption to get a boot integrity solution was considered overkill by many.
UEFI and Windows Secure Boot only allow code signed by pre-approved digital certificates to run during the firmware and OS boot process. If anything unsigned tries to modify the boot process (think rootkit), the UEFI-based firmware will undo the change, as does the OS. After receiving a healthy and validated handoff from the firmware, it continues to ensure that only pre-approved, digitally signed code can be run.
Although other OSes can and will use UEFI secure boot, Windows 8 and Windows Server 2012 are the only OSes in which it will be enabled by default. Other than Google's Chromium OS, few other popular OSes have plans to implement UEFI-like protections or are still arguing about how to pull it off and when to implement.
Early-launch antimalware
Windows 8 extends its safe boot protection by ensuring that pre-approved antimalware software gets loaded before malware can take control. Previously, malware could "walk the interrupt vector chain" and get in front of the OS or antimalware software. Once that happened, it wasn't Microsoft's or your OS anymore. Now pre-approved antimalware software always gets loaded ahead of the malicious programs, which improves the chances of detection and removal.
SmartScreen
SmartScreen is the feature that has made Internet Explorer one of the safest browsers you can run. It has prevented millions of IE users from being infected each day. It does so using a combination of application reputation and website reputation and by looking for malicious behaviors.
SmartScreen began life in IE8 and was significantly improved in IE9 and IE10. But that protection wasn't being applied equally across the entire user experience. For example, what if the user ran a non-IE browser or was downloading content outside of the browser experience? Windows 8 developers worried as well, so SmartScreen was replicated to the entire OS. When you run Windows 8 or Windows Server 2012, you're getting SmartScreen protection on every network download.
Dynamic Access Control
Essentially, Dynamic Access Control is Windows access control (that is, file and folder permissions) on steroids. In the old model, you could limit access only by user or group membership. But with Windows 8 and Windows Server 2012, you can allow or deny access based upon almost any defined claim or attribute.
Claims can be almost any piece of data you store in Active Directory (AD) belonging to a particular security principal (such as a user or a group), including device ID, log-on method, location, and personal information. For example, you can allow access to a particular folder only to local users using a Windows Surface device. Or you can only allow access by the user's pre-approved, company-issued iPad, but not to their personal, non-approved iPad. I have many customers who desperately want the latter ability without having to purchase third-party software. Microsoft Windows has always had solid, reliable access control; Dynamic Access Control ups the ante.
PC Refresh and Reset
Sometimes no matter how many security features you have, you can't stop end-users from bypassing all warnings and installing malware. It's going to happen. Now you can reset Windows back to its original, known, clean safe state. You can choose between resetting everything to a blank slate or saving your application settings and data. You could do this in previous versions, but it always took a lot longer than simply clicking on a single button and acknowledging the warning prompt.
Normally, security features don't sell anything. Features and flashy GUIs do. Many Windows competitors sell briskly despite being continually late to adopt security features Microsoft pushed early on, such as built-in full disk encryption, ASLR, DEP, and more. But Windows 8 takes a big step forward with added security features -- out of the box, enabled from the start. Despite quibbles over the GUI, I have little doubt those improvements alone will sell millions of copies of Windows 8 to security-conscious customers.
Text source
Windows 8.1: The key security improvements
http://www.infoworld.com/article/26...ndows-8-1--the-key-security-improvements.html
Top 5 Key Security Improvements Found in Windows 8.1
http://blogs.technet.com/b/canitpro...curity-improvements-found-in-windows-8-1.aspx
Windows 8.1 Security and Control
http://technet.microsoft.com/en-us/windows/security-and-control.aspx
