In a Septemeber 15 blog post, Jason Garms, the group program manager of Microsoft’s reliability and security team authored a post titled “Protecting you from malware”, where he share the enhancements the Redmond company is making in Windows 8 to mitigation features that help protect you against exploits used by malware, improvements to Windows Defender to provide you with real-time protection from all categories of malware, and the use of URL and application reputation to help protect you against social engineering attacks.
He writes that “In Windows 8, we’ve taken a very broad approach to improving the level of protection you’ll get from malware in Windows 8, including the use of SDL processes to be secure by design, the implementation and upgrading of mitigations to help protect you against exploits used by malware, improvements to Windows Defender to provide you with real-time protection against all categories of malware, and the use of URL and application reputation to help protect you against social engineering attacks.”
He writes that “If you don’t have another solution installed, Windows 8 will provide you protection with a significantly improved version of Windows Defender, which will help protect you from all types of malware, including viruses, worms, bots and rootkits by using the complete set of malware signatures from the Microsoft Malware Protection Center, which Windows Update will deliver regularly along with the latest Microsoft antimalware engine. This expanded set of signatures is a significant improvement over previous versions, which only included signatures for spyware, adware, and potentially unwanted software.”
In addition, Windows Defender will now “provide you with real-time detection and protection from malware threats using a file system filter, and will interface with Windows secured boot, another new Window 8 protection feature,” said Sinfosky.
He said, “When you use a PC that supports UEFI-based Secure Boot (defined in the UEFI 2.3.1 specification), Windows secured boot will help ensure that all firmware and firmware updates are secure, and that the entire Windows boot path up to the antimalware driver has not been tampered with. It does this by loading only properly signed and validated code in the boot path. This helps ensure that malicious code can’t load during boot or resume, and helps to protect you against boot sector and boot loader viruses, as well as bootkit and rootkit malware that try to load as drivers.”
“The same interfaces for secured boot used by Windows Defender, as well as all APIs used by Windows Defender, are available for use by our antimalware partners to deliver additional protection to Windows customers,” said Sinfosky
- “Improved user experience. We’ve designed Windows Defender to be unobtrusive for most daily usage, and will notify you only when you need to perform an action, or critical information demands your attention. Windows Defender will also use the new Windows 8 maintenance scheduler to limit interruptions.”
- “Improved performance. Traditionalantimalware technologies are well known for impacting system performance. It’s not uncommon that running antimalware software doubles the amount of time required for core scenarios like file copy and boot. We’ve a lot of people working on system performance and Windows Defender dramatically improves performance on all key scenarios compared to common antimalware solutions on Windows 7, while maintaining strong protection. For example, Windows Defender with its full protection functionality enabled adds only 4% to boot time, while dramatically reducing CPU time during boot by 75%, disk I/O by around 50MB, and peak working set by around 100MB,” explains Sinofksy.
These same improvements benefit energy efficiency, meaning Windows Defender consumes less power, and gives you longer battery life.
Also, Windows 8 will help protect you with reputation-based technologies when launching applications as well as browsing with Internet Explorer. In Windows 8, SmartScreen will only notify you when you run an application that has not yet established a reputation and therefore is a higher risk:
“SmartScreen uses a marker placed on files at download time to trigger a reputation check. All major web browsers and many mail clients, and IM services already add this marker, known as the “mark of the web,” to downloaded files.”
“We expect average users to see a SmartScreen prompt less than twice per year and when they do see it, it will signify a higher risk scenario. Telemetry data shows 92% of applications downloaded via Internet Explorer 9 already have an established reputation and show no warnings. The same data shows that when an application reputation warning is shown, the risk of getting a malware infection by running it is 25-70%. And SmartScreen gives you administrative controls to prevent your non-techie friends or children from ignoring these warnings,” Sinfosky said.
He noted “We’ve seen dramatic results with this approach in Internet Explorer and we’re happy to bring it to a broader set of Windows scenarios.”
Watch the video below, Windows 8 protection has been increased through Windows Defender, Internet Explorer 10 URL reputation and the new Windows SmartScreen application reputation functionality.