Recently, Microsoft provided new information about the upcoming release of Windows 8.1, which includes updates to the security features. They are definitely steps in the right direction. Paul Henry, security and forensic analyst at Lumension, takes a closer look at some of these new features and what they mean for your organization.
Click through for six security updates found in the upcoming Windows 8.1 release, as identified by Paul Henry, security and forensic analyst at Lumension.
One of the first things that jumps out is what Microsoft is calling “Remote Business Data Removal,” which amounts to a remote wipe capability that enables a level of protection for personal or non-corporate documents to avoid being wiped. This added granularity to the MDM-like functions is a good addition.
Another important feature that is of particular interest is the encryption feature using the TCM chip in Windows. This encryption is enabled by default. This is great for users, but for forensics and incident response folks charged with removing data from devices on behalf of law enforcement, this could make their jobs a little more difficult. It’s similar to the default encryption on the iPhone 5. However, there’s a three to seven month delay from Apple for law enforcements requests for decryption. In cases such as a missing child, where time is of the essence, this is particularly troubling. With Microsoft also adding this capability, the days of “knock and look,” where law enforcement can gain immediate access to data to solve crimes, may be over.
Windows 8.1 will be optimized for biometrics – particularly fingerprint readers. This is great. The cross-over error rate for biometric readers, which is where you get false positives and negatives, has been drastically improved over the last few years. With this improvement comes a renewed hope that passwords may someday go the way of the dodo bird. Henry thinks eventually a mix of biometric technologies – iris recognition, facial recognition, behavioral patterns and of course fingerprints – will become the norm.
Microsoft is also adding improvements to IE 11, including an anti-malware solution to scan the input for a binary extension before it’s passed onto the extension for execution. IE 11 represents the most secure browser Microsoft has released to date. Henry always recommends that users run the latest version of any software and would highly encourage users to upgrade to IE 11. If you’re running non-compatible operating systems (such as XP, for which Microsoft will discontinue support in 2014), be sure to update those as well.
There are some updates to Windows Defender, including network behavior monitoring. This behavioral capability is great to see, supplementing signature-based technology that has been largely obsolete for some time now. It allows systems to make decisions based on known malicious behavior, even in the absence of a signature.
Finally, the device lockdown Assigned Access provides additional security for public-facing corporate devices, such as ATMs, kiosks or hardware used in education settings. This could prevent those machines from being used for tasks that they were not intended to be used for and it reduces risks in educational environments.