Windows Enterprise Desktop

Aug 7 2013   10:52AM GMT

Dustin Ingalls posts on Win8.1 Security Enhancements

Ed Tittel Ed Tittel Profile: Ed Tittel

Group Program Manager for Windows Security and Identity Dustin Ingalls recently posted an interesting item to the Windows for your Business blog, in the wake of his attendance at the Black Hat security conference. Entitled “Black Hat 2013: Windows 8.1 Helps Keep Data┬áSecure in a Modern Environment,” it walks readers through a list of changes and enhancements to Windows 8.1 explicitly added or beefed up to improve the new operating systems’ security capabilities.

bh13-winsec

Following Black Hat 2013, MS opens up further on new or extended Win8.1 security stuff.

Here’s a list of topics with some detail summarized from that blog post:

  • Trustworthy Hardware: MS is moving toward requiring support for a Trusted Platform Module (TPM), circuitry that provides enhanced cryptography, on-board secure storage for keys and certificates, and other strong security functions in future hardware (“We are working towards requiring TPM 2.0 on all devices by January 2015.”). Provides the foundation for improved security for BYOD situations.
  • Modern Access Control: ways that IT can restrict physical access to devices. Biometrics will gain capacitive full fingerprint support on touchscreen devices using the app-based Settings widget, with biometrics now applicable to any Windows credential prompt of any kind (instead of during login only). Improved APIs for biometric support in Windows Apps, including WinRT.
  • Multifactor Authentication for BYOD: Continued streamlining for managing Virtual Smart Cards (VCS) including support for enrollment and management in WinRT, with more controls over how devices connect to internal networks, and secure access controls for personal devices in BYOD situations.
  • Trustworthy Identities and Devices: MS will seek to “increase the trustworthiness of the PKI by help manage and drive certificate best practices and adherence to standards…” This will include a daily scanning service for the top 2,000,000 SSL/TLS sites to look for anomalies or bad practices, and a requirement from servers or sevices to require attestation that private certificates and keys are protected by hardware (if not, access is denied — see the first bullet point above).
  • Data Protection: In Win8.1 devices encryption applies to all editions for devices that support InstantGo, where Windows 8.1 Pro and Enterprise will also get the benefits of BitLocker, including BitLocker To Go, a network key protector, and automatic recovery key escrow in AD, plus a “remote wipe” capability that enables IT to delete sensitive data if a machine gets lost or stolen, or on BYOD machines (without affecting personal data).
  • Malware Resistance: Windows Defender gains heuristics to monitor “bad behaviors” in memory, the registry, or the file system (before malware signatures get created or are available), and Internet Explorer gains the ability to screen binary extensions before they get loaded, along with default use of Enhanced Protection Mode in IE11.

It will be interesting to see how all this plays out, and how well the TPM requirements perform on systems that include such circuitry.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: