Windows 8 security: how next-gen Windows will be even more secure

Can Microsoft's new OS offer better security against criminals?

TODO alt text

Windows 8, Windows Phone 8 and Microsoft Surface tablets - it seems it's all happening over at Redmond.

As Microsoft's readies its new operating system roll out, we've every right to get excited, but with all eyes distracted by the new system's sheen, it's easy to overlook the mundane but essential business of security.

Over the last 12 to 18 months, security - of the lack thereof - has cast a growing shadow over Windows and the antivirus firms we trust to keep us safe online. Indeed, some have suggested that the bad guys might be winning in the never-ending game of high stakes chess.

So the question is, will Windows 8 let us sleep sounder in our beds?

Security as standard

To help protect Windows machines Microsoft has for a long time offered its Security Essentials anti virus program as a free download.

Despite this, it's reckoned that almost a quarter of all Windows 7 PCs have no anti-malware software installed.

To address this problem, Microsoft has opted to install Windows 8 Defender by default. Windows 8 Defender is a combined system. It's comparable with Security Essentials, with basic protective features thrown into combat common threats. We certainly applaud the move, as it makes the initial hurdle that much tougher for virus writers.

However, when we asked Collin Davis, senior director of engineering at Symantec, about Defender, his response was unequivocal: "It's not enough". Davis says circumventing Defender will become the virus writer's first mission. "It's just not worth their effort releasing malware that can't beat it," he warned.

Speaking from California, Davis explained how the bad guys had breached Windows 7's security features and Security Essentials. As Windows 7 and 8 have so much in common under the hood, Windows 8's default security isn't - in his view - likely to overly challenge malware writers.

Boot level protection

UEFI

Dig a little deeper into Windows 8 and the story doesn't seem so bleak. During the PC boot phase, Microsoft has made strides to see off future malware. Booting through the BIOS has remained largely unchanged for nearly 30 years.

At its heart is a chain of modules that are executed in order. The process begins with the BIOS waking up, taking in ROM-based operations and calling on the master boot record. The chain culminates in the Windows kernel and drivers being loaded and run. If malware can penetrate this initial process, the next program to run can be corrupted. In short, no process after the point of exploitation can be trusted.

Malware such as Mebroot, TidServ and StuxNet insert themselves into this critical chain of events, compromising Windows at a very low and fundamental level. From such a privileged position it makes itself hard to detect and difficult to remove.

To combat this problem, Windows 8 includes a trio of technologies which are known collectively as Secure Boot Architecture. The first component is the Unified Extensible Firmware Interface, or UEFI. Assuming that your hardware is current and supports it, UEFI should make the lives of the virus writers' considerably harder.

Like the BIOS, a UEFI system executes a sequence of baton-passing modules that lead to the OS. In a UEFI system, however, modules are security-signed and each module must check the subsequent operation's signature before it allows the next process to execute. The UEFI chain can be updated with a white list of trusted certificates.

Features and flaws

The UEFI system isn't without a couple of flaws. Though all contemporary Windows systems will come with it as standard, older PCs still use the BIOS loading process and therefore remain vulnerable.

The UEFI certification system has also enraged Linux users, as it makes it difficult to install the open source OS. The next technology of note in Windows 8 is Early Load Anti-Malware. According to Microsoft, "[ELAM] starts before other boot-start drivers, enables the evaluation of those drivers and helps the Windows kernel decide whether they should be initialised."

It is, in essence, a way of detecting malware during the boot process and blocking it. Windows 8 is designed to boot very quickly though, which places limits on what ELAM can achieve.

The Windows 8 specification also limits the amount of memory it can consume. Because it runs so early in the boot sequence and under such limitations, Symantec has already stated that "ELAM does little to improve security" (Windows 8 Security, November 2011).

Secure Boot Architecture's final prong is Remote Attestation. Here the system times how long a certain boot process takes to complete and sends these timings off to a remote server that knows how long they should take. If the two timings don't match up, it is assumed that the boot process has been compromised.

Remote Attestation is an optional feature. Implementing it inevitably slows down the boot process, which may not prove very popular with PC builders. If you upgrade or tinker with your PC, the timing check system will also need to be re-calibrated.

Remote Attestation, therefore, looks like a feature that we think will be best suited to corporate environments where systems remain unchanged by design.

The Metro Question

metro

Windows 8 is all about the Metro interface - a collection of tiles linked to programs. Simply sweep through the wall of information and images, then tap the program you want to run. If you don't have a tablet or other touch-enabled device, you can use the interface with a mouse and keyboard instead.

There are two versions of Windows 8 - one designed to run on x86 chips and another compiled for low-power ARM processors. The PC firms we spoke to had little to say about the latter version, and it's unlikely that malware authors have been able to research it much either. If Windows RT (as the ARM version is called) becomes a success, it will probably become the focus of malware writers, but at the moment it's impossible to say.

Looking at the x86 incarnation, Collin Davis explained that Windows 7 and Windows 8 classic are very close cousins. Therefore, most malware that runs on Windows 7 will work on Windows 8.

Metro is however a different beast, to a degree.

The Janus OS

From a security perspective it's easy to think of Windows 8 as two operating systems: Metro and Classic. Neither will run programs designed for the other.

Metro is the more restrictive of the two, as you'll only be able to get programs from Microsoft's App Store, but the separation between Metro and classic Windows isn't clear cut.

Each Metro app works in a sealed environment or sandbox, which means it can't interact with other programs. In other words, Metro works in much the same way as Apple's sandboxed iOS - an OS that has so far avoided any major security breaches.

Sandboxing shouldn't be seen as a security silver bullet though. It is, in the words of Davis, "One of many tools [...] that works well if it's done well."

Asked if Microsoft has implemented its sandboxing well, Davis replied, "It's too soon to tell." There is one major chink in Metro's sandbox armour. Metro is much like Windows Media Center - an environment that effectively sits on top of Windows Classic. Davis says this means that "a Metro app can't attack a Classic app, but a Classic app can attack a Metro one."

He adds that developing malware for Metro would be no harder or more expensive for virus writers. It seems then Windows 8 makes the business of securing your PC subtly different, yet largely the same. The same rules, requirements and risks apply, so users should install a well-rated security suite and keep it updated.