Windows 8: New Business-friendly Security Features

Windows 8 includes numerous new security features and enhancements to help keep your business more secure. From booting, network authentication, to Web browsing—there are security improvements for everyone. Here you’ll discover some of the most popular ones.

UEFI Offers Better Boot Security than BIOS

Microsoft is requiring that new PCs and devices loaded with Windows 8 come with the Unified Extensible Firmware Interface (UEFI), instead of the archaic Basic Input/Output System (BIOS) firmware interface. In addition to supporting much faster boot times, UEFI includes a secure boot option to help prevent malware from taking over at boot or malicious operating systems from booting. This secure boot option is required by Microsoft to be turned on by default, although it can be disabled and/or modified on x86 (Intel) based computers and tablets.

The UEFI secure boot feature checks the boot loader before launching it to verify it’s digitally signed by an approved vendor, like Microsoft. Depending on the manufacturer, digital certificates for other vendors might also be preloaded (or able to be manually loaded) so you can use a third-party boot loader or install a non-Microsoft operating system. Though there’s controversy about this feature and it’s still unclear exactly what vendor certificates will be preloaded or even available for manual loading, this feature can help secure booting for Windows and other OSes.

Windows Defender Includes Virus and Malware Protection

Windows 8 includes native virus and malware protection, a part of the updated Windows Defender component. It’s basically a rebranded form of the antivirus program Microsoft Security Essentials, which Microsoft has been offering as a free download since 2009. Though it isn’t a manageable solution for larger businesses and enterprise environments, it could be beneficial for small businesses. It’s one of the few antivirus programs that offer free use in commercial environments.

Internet Explorer 10

Windows 8 debuts with Internet Explorer 10, which includes many seemingly small security improvements. The enhanced memory protection, added HTML5 sandbox functionality and the new Enhanced Protected Mode all help to combat malware. It can also provide an add-on free browsing experience, possibly increasing the browser performance, when using the Metro-style app. Additionally, Adobe Flash support is now built into the browser and doesn’t require an add-on.

SmartScreen Filter Helps Catch Malicious Programs

The SmartScreen filter included in Internet Explorer 9 is now native to Windows. So no matter which Web browser you use, if you open a downloaded file from the Internet and it’s not found to be reputable, you’ll be notified. You can then research the file and its source before bypassing the alert and opening it.

BitLocker Encryption is Improved

There have been several useful improvements to BitLocker encryption in Windows 8 to make the process quicker and easier. You can now deploy BitLocker encryption before installing Windows, which wasn’t possible in Windows Vista or Windows 7. Plus now you can encrypt just the used disk space, while any future data will be automatically encrypted. With these two improvements, you can basically encrypt a drive (before installing Windows) instantly.

Windows 8 also adds the ability for standard users to change their BitLocker PIN or password, helping to reduce help desk involvement when users aren’t given administrative privileges. Another new helpful feature for administrators is Network Unlock, which allows them to remotely and automatically boot up PCs that usually require the user to enter a BitLocker PIN so, for instance, the PC can be updated and rebooted.

Windows To Go Offers Secure Workstations when Away

The new Windows To Go feature of Windows 8 allows enterprises to create a portable Windows environment on a USB drive so users can boot it up from other computers. This can help provide a more secure workstation for telecommuters, for instance. Instead of booting to the Windows installation on their personal computers that administrators can’t manage, the Windows To Go installation can be managed similar to other computers on the network.

The ability to manage the Windows To Go environment offers better enforcement of security measures when users are on physical computers not owned by your organization. You can ensure they are working in a virus-free environment from the beginning and implement malware protection to stop future infections. Since the drives of the host computer aren’t accessible when using Windows To Go (and vice-versa), it can also help cut down on some data theft. Additionally, you can encrypt the Windows To Go environment and impose secure password requirements to help stop unauthorized access.

New Network Authentication Methods

Windows 8 now includes support for EAP-TTLS, typically used for 802.1X authentication, particularly on wireless networks. This EAP method basically provides the same security as EAP-TLS, but doesn’t require user certificates to be installed on each computer or device. Thus enterprises and campuses can offer very secure network authentication without having to install user certificates or a third-party client on each computer or device.

Windows 8 also adds support of several popular mobile authentication protocols: WISPr (Wireless Internet Services Provider Roaming), EAP-SIM, EAP-AKA, and EAP-AKA Prime (EAP-AKA’). These will provide native support and better roaming of mobile 3G/4G Internet access.

Enhanced Smart Card Support

Windows 8 adds support of virtual smart cards to emulate the functionality of a traditional smart card for user authentication. Instead of requiring a physical card and card reader, virtual smart cards are installed on the PC and utilize the Trusted Platform Module (TPM) chip available on many modern PCs. Additional smart card-related improvements include enhancements to the user experience and better system and application support.

More about Windows 8

For further reading on Windows 8 from our network of technology websites:

Eric Geier is a freelance tech writer—keep up with his writings on his Facebook Fan Page. He’s also the founder of NoWiresSecurity, a cloud-based Wi-Fi security service, and On Spot Techs, an on-site computer services company.

Eric Geier
Eric Geier
Eric Geier is an eSecurity Planet contributor.

Top Products

Related articles