Windows 8 – Built with Security in Mind

Hi, I’m Chris Hallum, Senior Product Manager on the Windows Team. This week we’re down at the RSA Conference in San Francisco talking about some of the security benefits of Windows 8. As you’ve likely heard us talk about, our overall goal with Windows 8 is to deliver the experiences people love along with the enterprise-grade solutions businesses need. Windows 8 is enterprise-ready, by design, and it builds on what is great about Windows 7 while creating a modern platform designed for a new generation of hardware experiences.

From a security standpoint we all know that attacks on organizations, users and their data are becoming more and more common. In fact you may have seen a number of recent stories on Kaspersky Lab’s analysis of Red October, which according to Kaspersky is being used in one of the most sophisticated cyber-attack campaigns that’s ever been seen. This campaign is targeted specifically at government, research institutions (e.g.: nuclear), oil and gas companies, aerospace and military organizations around the world, and it’s harvesting a broad range of documents and sensitive information. It’s a total disaster for those impacted and it’s unlikely that these organizations will ever be able to determine what information has been compromised.

Its threats like Red October, and those like it, that helped shape our security related priorities for Windows 8. Our goals were to provide ground breaking malware resistance, make data encryption easy enough that everyone can deploy it, and finally we wanted to modernize access control.

We understand that these goals can’t be achieved in software alone and that we needed to anchor our security in immutable hardware. Therefore, early on in the Windows 8 product cycle we worked closely with our partners in the hardware industry to make sure that the hardware necessary to achieve our goals would be available as options or even as fundamental requirements for Windows 8 Hardware certification.

Now there are a few new hardware components that are central to our Windows 8 security story and I want to take a bit of time to talk you through them.

Universal Extensible Firmware Interface (UEFI)

UEFI is a standard based and architecture independent solution from the Unified EFI Forum working group, which can be used as replacement for BIOS. It provides a number of benefits to devices but from a security perspective its most interesting capability is its Secure Bootfeature. Secure Boot addresses the scenario where malware injects itself between the hardware and operating system that enables it to persist and remain hidden from Windows and the Antimalware solution. UEFI is able to detect untrusted code in the boot path and will prevent it from initializing. Many of the most sophisticated and impactful malware that we’ve seen use this type of tactic which is no longer possible on UEFI equipped systems.

UEFI does give us a secure system startup; however, there are other parts of the boot process that attackers will target. To address this type of treat, Windows 8 includes Trusted Boot which hardens the entire boot process from end to end and pretty much all the way up to Windows Sign-In experience. In addition parts of the antimalware solution which in the past may have started after the boot process and potentially after malware has started, have been moved into the Trusted Boot process where they can start first and be protected. The combination of Secure and Trusted Boot represent major game changers when it comes to malware resistance on Windows. In fact with these features architecturally eliminate the opportunity for low level malware such as boot and root kits to infect Windows devices.

Trusted Platform Module (TPM) 2.0

UEFI offers Windows a secure root of trust and a startup but what about securing data with encryption? In Window Vista and 7 you may remember that BitLocker took advantage of the Trusted Platform Module (TPM) chip. We used it secure the keys used for encrypting BitLocker protected drives. TPM is a great solution for this but it’s also been a challenge for the industry due to the cost of goods and regional use restrictions.

To address these issues Microsoft in coordination with the Trusted Computing Group (TCG)has made a number of improvements for TPM 2.0 specification. Capability has been added to the 2.0 specification that has the potential to enable TPM to be used worldwide scenarios, and to address costs a firmware based TPM solution is now possible. This firmware based solution works on ARM devices and Intel processors that include Platform Trust Technology (PTT). Since the firmware based solution effectively drives down the cost of TPM to zero we’re seeing TPM added to a much broader range of devices, including consumer class devices which may be used for BYOD scenarios. Because of this, new features that take advantage of TPM such as Virtual Smartcards, Measured Boot, Hardware secured Certificates, and ASLR were prioritized for Windows 8. TPM isn’t just for BitLocker anymore!

Encrypted Hard Drives

Now I want to take a moment to talk about how new hardware is going to help drive your encryption compliance numbers to the highest possible levels. Windows 8 supports a new type of hard drive called an Encrypted Hard Drive. These standards based Opal drives contain onboard encryption hardware that offloads processing from the device’s CPU to the hard drive itself. Data encryption on Encrypted Hard Drive is always enabled so you’ll never have unencrypted data on you drives. Securing the drive using the TPM and BitLocker takes about a second which is a much improved experience over traditional disks where it can take hours to complete. In the end Encrypted Hard Drives protected with BitLocker provide the best experience for IT and users, and they’re the easiest way to achieve the highest possible encryption compliance numbers within your organization.

To learn more about Windows 8 security please continue to check back here for updates from me and visit the Windows 8 security product page.