Windows 8.1 feature preview – enhanced security

  • Article

By Ron Grattopp ronaldg-001_thumb2_thumb_thumb1_thum….You should remember that I’ve previously discussed how Windows 8 significantly ups the security bar with features like Secure/Trusted/Measured Boot, Malware Resistance technology, and corporate business data protection (see my post on 12/31/12). So what does Windows 8.1 (aka Win8.1 for the rest of this article) bring to the table to build on this great foundation. 

For starters, in Win8.1, you can now remove business data remotely, without sacrificing your personal documents, with selective wipe. Win8.1 includes an agent that supports remote wipe over EAS or EAS + OMA-DM (which is an open standard protocol). (Note: Users will have to opt-in (turn on) the OMA-DM management agent.) So businesses working in BYOD scenarios will now have more control over corporate data/content – work files can be encrypted and an admin will be able to send a command (using standard device management software) to erase just those files. This will work on both x86 and ARM devices running Windows RT.

Device encryption, which was only available in RT and Phone previously, is now available in all versions. Moreover, BitLocker performance is significantly faster than even in Windows 8. See the TechNet article (linked below) for more info on this security feature. (Note: the above require certain hardware capabilities, i.e. UEFI and TPM (or equivalent), so it may not apply to upgrades of older machines.)

IE11 improvements that now allow AV programs deeper access to the browser so that an AV solution can now scan the input for a binary extension before it’s passed on for execution. Also, a certificate tracking service will be leveraged to better protect against hacked security certificates.

Windows Defender improvements that now include network behavior monitoring to help detect and stop the execution of newer forms of malware.

Device lockdown capability with Assigned Access, available in RT and Pro/Enterprise Editions, which means you can lockdown the device so that only a single Windows Store application can be used. 

And last, and perhaps even most important, is improved biometrics. As the TechNet article states: “All SKUs will include end to end biometric capabilities that enable authenticating with your biometric identity anywhere in Windows (Windows sign-in, remote access, User Account Control, etc.). Windows 8.1 will also be optimized for fingerprint based biometrics and will include a common fingerprint enrollment experience that will work with a variety of readers (touch, swipe).” This is huge because it means biometric device support is baked in and not as reliant on the OEM drivers as it was in the past – IMHO this will really change the game can be a huge selling point for Win8.1 devices. Additionally, newer sensors will be more powerful (e.g. it could tell if a finger has a pulse) and work better than previous generation biometric devices for your PC.

Of course you can also refer to these resources for even more in-depth info on Security in Win8.1:

TechNet: What's New in Windows 8.1 (see Security Enhancements section)

PC World: Windows 8.1 steps up security with biometrics, encryption, and more

Windows 8.1 security, management enhancements entice enterprise IT

Cheers as always,
Ron