The Good:
1. Something is Better Than Nothing
Windows Defender for Windows 8 is certainly better than the old version of Windows Defender, since it contains additional protection. For someone looking for a base, low-end, free solution that won't try to upsell them to a paid product, it's a good choice. In fact, it's not even a choice you'd ever necessarily have to make, since it comes installed into Windows 8. It may use old-school, definitions-based technology, but at least the computer isn't "naked" straight out of the box. Notably, Microsoft claims it will work alongside other antivirus programs. We know it works properly alongside Webroot, because we built Webroot to work alongside other antivirus programs and we have tested the interaction ourselves. Of course, we can't speak for how other antivirus programs will interact with the new version of Defender, but it's Microsoft's intention to allow them to be able to properly co-exist with Defender.
2. Windows 8 Archtecture Makes Hijacking Your Boot Sector a Whole Lot Harder
Certain kinds of infections - rootkits - can try to install themselves into your boot sector. If successful, when you restart the computer, the infection will load itself up simultaneously with the operating system and subvert the integrity of Windows, allowing it to hide itself and maintain administrator-level access.
With Windows 8, Microsoft has a "trusted boot" feature that utilizes the Unified Extensible Firmware Interface (UEFI) specifications - a process that uses signed bootloaders that are checked against a certificate prior to loading an operating system. That means it can tell when a bootloader isn't digitally signed, and it can refuse to run it if it's actually a hidden rootkit.
3. Early Launch Anti-Malware (ELAM) Technology
Starting in Windows 8, anti-malware software will be allowed to be the first non-Microsoft thing to run in the boot process. Using certain techniques, some malware could formerly claim that launch position. Now it's available to anti-malware programs instead. Microsoft appears to have locked that down with ELAM.
4. Odds and Ends
Microsoft has made some improvements to the Windows kernal, and memory addressing. These improvements close the door on certain attack vectors.
The Bad:
New Ways to Log In / One Good, One Bad
Although you're still required to have a normal password, Windows 8 now offers you two new ways to log in. One new way of logging in is with a 4-digit pin, that you can set up if you choose to do so. I have to tentatively suggest not doing that. The strength of a four digit numeric pin is trivial when it comes to brute-force attacks, which can be cracked in just minutes. This doesn't seem like a very good idea, and I'd avoid it unless Microsoft can somehow prove they can stop brute-forcing of the pin in some way.
The other method of logging in takes a page from Android's playbook and allows you to perform a series of three screen-swipe gestures over the top of a picture that you can choose. This is kind of neat and fun, and it's just as secure if you were doing it on your smartphone. The gestures are good. The pin seems bad.
The Ugly:
Smartscreen Filter for Everyone!
Smartscreen Filter from IE9 is now built into Windows itself. This removes the old alert telling you you're about to run an executable file and that kind of file could harm your computer (thank goodness / one annoying message down). But it still replaces it with a different message that comes up if the program is "unrecognized." Theoretically, this may result in fewer messages of that type and also result in the messages you do receive being messages you actually want to start paying attention to. This hinges on whether or not Microsoft classifies unknown programs properly and quickly. Otherwise, there is a good chance this will turn into the next UAC message that just irritates people into disabling what should really be a positive feature. Time will tell.
So, what do you think of the new security features in Windows 8?
Windows 8 Security Enhancements - The Good, The Bad, and The Ugly
+13I love the new security features in windows 8,but like most new os's you will need a brand new pc specifically designed to run on windows8 to take full advantage of what it has to offer.It will definitely be much much harder for a rootkit to gain hold on your system now which is a huge plus.This article here by Neil at pcmag i found very encouraging regarding ie10.I can't think of one thing securitywise about win8 that isn't a significant improvement over win7.I haven't attempted to run defender yet alongside WSA,but if past experience is any indication,i am sure it is seamless.I am certainly looking forward to windows 8's continuing evolution from not just a security persepective,but also from a whole product perspective.I would have to say based on several people whom i spoke to who went to bestbuy yesterday,the feedback regarding windows 8 has been overwhelmingly positive.I have a few win8 installs to do today for friends and a few scattered throughout the coming week as i am on vacation now.I'm going to enjoy digging deeper into windows 8
+23I'm security conscious, yet have no problem using the four digit PIN. It's either that, or enter my sixteen (would be twenty four if Microsoft allowed longer) character password every time I log in.
Point 2 under good is not so good if you faff about with Linux added to the fact I can't remember the last time I know anyone who had a boot sector virus makes this point bad IMHO (might have been a good idea 10 years ago) As for Defender, I've always disabled it within 2 minutes of installing Windows 😃
+13While defender has been improved in it's Windows 8 form,i would never run it.I'm not a fan of testing in general for many reasons,put it's pretty telling it does well in almost no test,and horribly against zero day threats.Not that i am clued into Microsoft's thinking,but i believe Microsoft does not intend for Defender to be used on it's own.I am guessing they must view using defender,along with windows firewall,and along with other Microsoft tools and modifications of certain settings.I am guessing with some hardening of the os,it might function quite well.They should have recommended tweaks and settings for optimal protection readily available and easy to find on their site.On it's own,as it is marketed,it's disappointing.There are alot of other solutions you can use along with WSA if you choose to do so.WSA works just fine on it's own for me.I would like to see them devote more resources to the product and hire some sharp programmers,but i do not ever see that ever happening.Happy Holidays everyone.
+56Hello PC_Fiddler and Welcome to the Webroot Community Forums another familiar name from Wilders. ;)
Cheers,
TH
Cheers,
TH
Hello PC_Fiddler, Welcome to the Webroot Community Forum. 😃
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.