Hi, I’m Chris Hallum, Senior Product Manager on the Windows Team. This week we’re down at the RSA Conference in San Francisco talking about some of the security benefits of Windows 8. As you’ve likely heard us talk about, our overall goal with Windows 8 is to deliver the experiences people love along with the enterprise-grade solutions businesses need. Windows 8 is enterprise-ready, by design, and it builds on what is great about Windows 7 while creating a modern platform designed for a new generation of hardware experiences.
From a security standpoint we all know that attacks on organizations, users and their data are becoming more and more common. In fact you may have seen a number of recent stories on Kaspersky Lab’s analysis of Red October, which according to Kaspersky is being used in one of the most sophisticated cyber-attack campaigns that’s ever been seen. This campaign is targeted specifically at government, research institutions (e.g.: nuclear), oil and gas companies, aerospace and military organizations around the world, and it’s harvesting a broad range of documents and sensitive information. It’s a total disaster for those impacted and it’s unlikely that these organizations will ever be able to determine what information has been compromised.
Its threats like Red October, and those like it, that helped shape our security related priorities for Windows 8. Our goals were to provide ground breaking malware resistance, make data encryption easy enough that everyone can deploy it, and finally we wanted to modernize access control.
We understand that these goals can’t be achieved in software alone and that we needed to anchor our security in immutable hardware. Therefore, early on in the Windows 8 product cycle we worked closely with our partners in the hardware industry to make sure that the hardware necessary to achieve our goals would be available as options or even as fundamental requirements for Windows 8 Hardware certification.
Now there are a few new hardware components that are central to our Windows 8 security story and I want to take a bit of time to talk you through them.
Universal Extensible Firmware Interface (UEFI)
UEFI is a standard based and architecture independent solution from the Unified EFI Forum working group, which can be used as replacement for BIOS. It provides a number of benefits to devices but from a security perspective its most interesting capability is its Secure Bootfeature. Secure Boot addresses the scenario where malware injects itself between the hardware and operating system that enables it to persist and remain hidden from Windows and the Antimalware solution. UEFI is able to detect untrusted code in the boot path and will prevent it from initializing. Many of the most sophisticated and impactful malware that we’ve seen use this type of tactic which is no longer possible on UEFI equipped systems.
UEFI does give us a secure system startup; however, there are other parts of the boot process that attackers will target. To address this type of treat, Windows 8 includes Trusted Boot which hardens the entire boot process from end to end and pretty much all the way up to Windows Sign-In experience. In addition parts of the antimalware solution which in the past may have started after the boot process and potentially after malware has started, have been moved into the Trusted Boot process where they can start first and be protected. The combination of Secure and Trusted Boot represent major game changers when it comes to malware resistance on Windows. In fact with these features architecturally eliminate the opportunity for low level malware such as boot and root kits to infect Windows devices.
Trusted Platform Module (TPM) 2.0
UEFI offers Windows a secure root of trust and a startup but what about securing data with encryption? In Window Vista and 7 you may remember that BitLocker took advantage of the Trusted Platform Module (TPM) chip. We used it secure the keys used for encrypting BitLocker protected drives. TPM is a great solution for this but it’s also been a challenge for the industry due to the cost of goods and regional use restrictions.
To address these issues Microsoft in coordination with the Trusted Computing Group (TCG)has made a number of improvements for TPM 2.0 specification. Capability has been added to the 2.0 specification that has the potential to enable TPM to be used worldwide scenarios, and to address costs a firmware based TPM solution is now possible. This firmware based solution works on ARM devices and Intel processors that include Platform Trust Technology (PTT). Since the firmware based solution effectively drives down the cost of TPM to zero we’re seeing TPM added to a much broader range of devices, including consumer class devices which may be used for BYOD scenarios. Because of this, new features that take advantage of TPM such as Virtual Smartcards, Measured Boot, Hardware secured Certificates, and ASLR were prioritized for Windows 8. TPM isn’t just for BitLocker anymore!
Encrypted Hard Drives
Now I want to take a moment to talk about how new hardware is going to help drive your encryption compliance numbers to the highest possible levels. Windows 8 supports a new type of hard drive called an Encrypted Hard Drive. These standards based Opal drives contain onboard encryption hardware that offloads processing from the device’s CPU to the hard drive itself. Data encryption on Encrypted Hard Drive is always enabled so you’ll never have unencrypted data on you drives. Securing the drive using the TPM and BitLocker takes about a second which is a much improved experience over traditional disks where it can take hours to complete. In the end Encrypted Hard Drives protected with BitLocker provide the best experience for IT and users, and they’re the easiest way to achieve the highest possible encryption compliance numbers within your organization.
To learn more about Windows 8 security please continue to check back here for updates from me and visit the Windows 8 security product page.
okseeusoon All of these are available in the current environments, if not a bit disjointed.
You can use SCCM to do software deployments and upgrades. Many vendors support this integration already.
You can do a restore of all settings and reload the OS in Windows 8 to rebuild any malware-related issues.
The ping tool is fine as-is, and there are plenty of tools you can use that provide more functionality. hping is not a default in many Linux distributions, either.
And PowerShell/WinRM provide the remote 'shell'-like capabilities you're asking for. This has been around for years and is up to Version 3 now.
Following is a list of functions that I would like to see native in Windows 8 SP1:
Less Graphic User Interface changes. I would prefer greater focus on further developing Windows technology rather than the format or appearance of the User Interface. Changes to the User Interface should be optional. Please restore the Start Button.
More fully developed Integrity Check. System File Checker is a relatively simple utility. I would like to see a sophisticated utility that is able to check the default integrity of the MBR, Windows registry, policies, services, ASLR, DEP, SEHOP, WMI, DCOM, CAPI2, Security Center, Firewall, Visual C++, .Net Framework, Oracle Java, Adobe Flash, Adobe Reader and other third-party dependencies, etc. This utiility should have the ability to restore all file associations including EXE, COM, BAT, VBS and CMD to default values. Detection of rootkits like Mebroot, Sinowal, etc. should be native to the operating system.
Further advancement of the System Update Readiness Tool.
More fully developed Email Import Process. At all times, native applications in previous versions of Microsoft Windows should be fully supported in the latest version of Microsoft Windows. Commonly, there is no import process support for a previous version of a native Email Client such as Microsoft Outlook Express or Windows Mail. Therefore, a number of steps must be performed in order to migrate this data to the latest version of Microsoft Windows. The process of transferring email from one version of Microsoft Windows to the current version should be extremely straight-forward.
More fully developed Error Reporting. Critical System Errors such as a failing Display Adapter, failing Hard Drive, Driver Conflicts, Application Conflicts, Converted Crash Dumps, Security Threats and Hardware Sensors should be brought to the attention of the User. Critical information should not be hidden in the Event Viewer. Error messages should be verbose rather than cryptic. Examples: A native Windows Service could be employed to monitor drives using SMART technology and alert the User when appropriate. Another example would be heat-related sensor information supplied by SensorsView Pro. Another example would be changes made to the System by an exploit which has compromised System Integrity.
More fully developed Windows Easy Transfer. There are a number of default data locations used by native and third-party applications in Program Files, Program Data, Application Data and Microsoft SQL Server Desktop Contexts. Windows Easy Transfer should be more fully aware of default data locations and convert data when required.
More fully developed Windows Update. A more advanced Windows Update process that is aware of security updates required for third-party applications such as Oracle Java, Adobe Flash and Adobe Reader.
Port scan. At the command line, a port scanner like NMAP and NETCAT.
More fully developed Ping. At the command line, a more sophisticated ping utility like HPING.
More fully developed Remote Control. At the command line, the ability to perform commands on remote hosts like Sysinternals PsExec.
More fully developed Network Map. The Network Map function within the Network and Sharing Center is extremely limited. NetworkView would be an example of a far more sophisticated application using SNMP and WMI.
Development of marketing literature and applications aimed towards teachers and musicians such as Apple's iTunes U.
Why doesn't Surface Pro have TPM 2.0, only TPM 1.2 capabilities?