When Windows 8 comes out later this year, the new Start screen and Metro-style apps will likely be the first changes you’ll notice, but those aren’t the only things that are new.
Microsoft is also making some serious security enhancements to help keep your system safer and to improve Windows’ ability to combat viruses and malware. It just may be the biggest improvement to Windows security yet.
Faster, more secure startup
Starting with Windows 8, Microsoft will begin to promote a new type of boot method, UEFI (Unified Extensible Firmware Interface), which improves upon and replaces the archaic BIOS boot system that most PCs have been using for decades. I won’t get into the technical details here, but UEFI offers better security, faster startup times, and a number of other benefits.
Thanks to this new boot method (and other system enhancements), your PC will start up more quickly–in as little as 8 seconds, from the time you press the power button to when Windows fully loads to the desktop. But you’re sure to appreciate the less noticeable improvements too. The Secure Boot feature of UEFI will prevent advanced malware (such as bootkits and rootkits) from causing damage, and it will stop other boot loader attacks (such as malware that loads unauthorized operating systems) as well.
Though Windows 8 will work on PCs with the old BIOS boot system, Microsoft will require new PCs that carry the Windows 8 Certification to use the UEFI boot system with the Secure Boot feature enabled by default. This Secure Boot requirement is causing some concern within the PC industry and among power users, as it could complicate the process of using Linux distributions or dual-booting multiple operating systems.
However, Microsoft has promised to keep boot control in users’ hands, and the company requires system makers participating in Windows 8 Certification to offer a way for users to disable the Secure Boot feature on PCs (but not on tablets).
Two new password types
Windows 8 introduces two new password types that you can use when logging in to your Windows account: a four-digit PIN and a “picture password.”
For the picture password, you choose a photo or image and draw three gestures (a combination of circles, straight lines, or taps/clicks) in different places to create your “password.”
Even if you decide to use these new password types, you still must set up a regular password. A PIN offers a faster way to log in, and a picture password gives you a more creative and fun way to do so. Sometimes you’ll have to enter the regular password, such as when you need administrative approval for changing system settings as a standard user, but you can log in to your account using the PIN, the picture, or your regular password.
Antivirus comes preinstalled
For the first time in the history of Windows, you’ll enjoy protection from viruses, spyware, Trojan horses, rootkits, and other malware from the very first day you turn on your Windows PC–without spending a cent. Windows 8 comes with an updated version of Windows Defender that includes traditional antivirus functions in addition to the spyware protection and other security features that it has offered since Windows Vista.
Windows Defender now provides similar protection–and a similar look and feel–to that of the free Microsoft Security Essentials antivirus program, which Microsoft has offered to users as an optional download since 2009.
p>Since Windows Defender will provide at least basic virus and malware protection, purchasing yearly antivirus subscriptions (such as from McAfee or Norton) or downloading a free antivirus package (like AVG or Avast) is optional, whereas before it was pretty much required if you wanted to stay virus-free. Of course, you may disable Windows Defender and use another antivirus utility that promises better protection and more features, but at least everyone will have basic protection by default.
Better download screening
When Microsoft released Internet Explorer 9, it updated the browser’s SmartScreen Filter to help detect and block unknown and potentially malicious programs that you download; the function complements IE’s Web site filtering, which works to block phishing and malicious sites. Starting with Windows 8, the program-monitoring portion of the SmartScreen Filter is built into Windows itself, and it will work whether you’re using IE, Firefox, Chrome, or any other browser.
In Windows 8, the first time you run a program that you downloaded from the Internet, the SmartScreen Filter checks it against a list of known safe applications, and alerts you if it’s unknown and therefore has the potential to be malware. If the alert does pop up, you could then further investigate the program (and the source where you downloaded it) before running it.
Since Microsoft is adding the SmartScreen feature, the company is removing the previous Security Warning alerts that appeared when you first opened a downloaded program (the old alert would show the verification status of the program publisher and warn you about running programs downloaded from the Internet).
This is a welcome change, as it cuts down on the number of alerts you have to click through–with Windows 8, you’ll see an alert only when something’s amiss.
Other noteworthy defence measures
The enhanced Windows Defender, SmartScreen, boot system, and password protection are the most noticeable security improvements in Windows 8. But the new OS has even more system enhancements that you won’t see at all. A few core Windows components (such as the Windows kernel, ASLR, and heap) have been updated to help reduce common attacks and exploits even further.
Eric Geier is a freelance tech writer. He’s also the founder of NoWiresSecurity, which provides a cloud-based Wi-Fi security service for businesses, and On Spot Techs, which provides on-site computer services.