Advice Request Windows 8 will better protect users from malware

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377




Microsoft said:
A view of the current landscape
Criminal attacks continue to evolve and malware has become their standard weapon against anyone who uses the Internet—on traditional form-factor devices, as well as on mobile devices like tablets and phones. Malware targets all operating systems and browsers, and in recent years, criminal attacks against applications have increased substantially.

Criminals also use social engineering to trick you into performing actions that put you at risk. An increasingly common social engineering strategy uses online advertising campaigns to lure you to a site that installs malware on your computer.

An economy has developed around building reliable vulnerability exploits, which criminals buy to help distribute their malware. Criminals make money from their malware, so they invest in ways to keep it alive such as producing a higher quantity of malware, updating it more frequently—e.g. multiples times each day—and increasing its size and complexity. Some malware is as complex as commercial applications.

Secure by design
We use the Security Development Lifecycle (SDL) to build Windows with the best security design, development and testing practices available. Some highlights include:

  • Threat modeling and security design reviews. During the design process we consider how criminals might seek to attack features and scenarios, and incorporate this analysis into our designs.
  • Writing secure code. Training and code quality tools help to prevent common coding issues from entering the Windows source code.
  • Penetration testing. Security engineers take an attacker’s perspective when reviewing a completed set of features that make up a scenario.
  • Security code reviews. Security engineers provide additional security-oriented code reviews for highly sensitive components.
  • Security tools. Tools continuously updated with the latest state of the art in finding and exploiting software provide a scalable solution to improve existing code.

Making it harder to create an exploit on Windows 8
With Windows XP SP2, we began creating defenses called mitigations that make it difficult to develop reliable exploits for security vulnerabilities. Each subsequent version of Windows has continued to expand and improve on these mitigations, because a single mitigation feature can break an entire class of exploits. Windows 8 includes mitigation enhancements that further reduce the likelihood of common attacks. Some of these improvements include:

  • Address Space Layout Randomization (ASLR). ASLR was first introduced in Windows Vista and works by randomly shuffling the location of most code and data in memory to block assumptions that the code and data are at same address on all PCs. In Windows 8, we extended ASLR’s protection to more parts of Windows and introduced enhancements such as increased randomization that will break many known techniques for circumventing ASLR.
  • Windows kernel. In Windows 8, we bring many of the mitigations to the Windows kernel that previously only applied to user-mode applications. These will help improve protection against some of the most common type of threats. For example, we now prevent user-mode processes from allocating the low 64K of process memory, which prevents a whole class of kernel-mode NULL dereference vulnerabilities from being exploited. We also added integrity checks to the kernel pool memory allocator to mitigate kernel pool corruption attacks.
  • Windows heap. Applications get dynamically allocated memory from the Windows user-mode heap. Major redesign of the Windows 8 heap adds significant protection in the form of new integrity checks to help defend against many exploit techniques. In addition, the Windows heap now randomizes the order of allocations so that exploits cannot depend on the predictable placement of objects—the same principle that makes ASLR successful. We also added guard pages to certain types of heap allocations, which helps prevent exploits that rely on overrunning the heap.
  • Internet Explorer. “Use-after-free” vulnerabilities represented nearly 75% of the vulnerabilities reported in Internet Explorer over the last two years. For Windows 8, we implemented guards in Internet Explorer to prevent an attacker from crafting an invalid virtual function table, making these attacks more difficult. Internet Explorer will also take full advantage of the ASLR improvements provided by Windows 8.

Read more
 
Last edited:

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Well its like malware writers would take time to discuss how they will bypass those features. Its like Windows 8 were built in security and could led to few vulnerability probably.
 

Hungry Man

New Member
Jul 21, 2011
669
I'm unsure as to how I like the new reputation model... but I LOVE any changes to the kernel :D Further ASLR support is wonderful for example.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Windows 8 + EMET is really solid hardening. But its like Windows 8 can handle alone as its really strong security hardening..
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Would EMET really be needed for Windows 8?
 

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Windows Defender
If you don’t have another solution installed, Windows 8 will provide you protection with a significantly improved version of Windows Defender.

Improved protection for all types of malware. The improvements to Windows Defender will help protect you from all types of malware, including viruses, worms, bots and rootkits by using the complete set of malware signatures from the Microsoft Malware Protection Center, which Windows Update will deliver regularly along with the latest Microsoft antimalware engine. This expanded set of signatures is a significant improvement over previous versions, which only included signatures for spyware, adware, and potentially unwanted software.

In addition, Windows Defender will now provide you with real-time detection and protection from malware threats using a file system filter, and will interface with Windows secured boot, another new Window 8 protection feature.
So basically MSE will be merged with Windows Defender........and I guess that to avoid any conflict a when a user will install a 3rd party security product , the new Windows Defender will be disabled?


I really like the new Windows SmartScreen , verifying the reputation of a file is the way to go , however it would've been a good idea to perform some additional behavioral scans before allowing prompting the user, maybe something similar to what Zone Alarm is offering with their Advanced Download Protection

8540.Security_2D00_warning_2D00_in_2D00_Windows_2D00_8_5F00_58B7CF81.jpg


Also is to be noted is that Internet Explorer has a major role in the new Windows malware prevention system....
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Nothing I can say, when it comes for security Windows 8 is here. :)
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top