Tactical Advice

Windows 8 Is Worth Trying for the Security Features Alone

Windows To Go and a secure boot process make the operating system attractive for IT workers.
Windows 8 Is Worth Trying for the Security Features Alone
Credit: iStockphoto/ThinkStockPhotos

If it’s not already there, Windows 8 is probably coming to your network in the near future.

Although some companies are delaying the official adoption of Microsoft’s new operating system, manufacturers are shipping devices with the operating system preinstalled. And if your company allows any form of bring-your-own-device (BYOD) program, it has even less say in the matter. In fact, it’s quite difficult for a consumer to walk into a store and purchase a system running the now “outdated” Windows 7 OS.

When it comes to new operating systems, IT workers are usually interested in hearing about security improvements first. Fortunately, Windows 8 is strong on that front.

Windows 8 Secures the Boot Process

Rootkits are some of the most insidious forms of malware circulating today. These packages gain privileged access and reach into the lowest levels of an operating system and undermine traditional antimalware controls that run at the application level.

The rootkits often function by replacing critical components of the operating system that facilitate the boot process, allowing them to gain a foothold in the system when it boots, before antimalware software is able to load.

Windows 8 adds two features to the boot process that greatly enhance security by protecting against rootkit infections: Secured Boot, with Early Launch Antimalware (ELAM); and Measured Boot. Together, these technologies combat rootkits by minimizing the likelihood of their successful launch and by using remote trusted systems to identify the presence of untrusted software that bypassed antimalware controls.

Secured Boot’s ELAM capability loads during the very early stages of the boot process, before the kernel is given the opportunity to load other hardware drivers. ELAM then monitors the other drivers that the kernel attempts to load and verifies their digital signatures, classifying each driver as “good,” “bad” or “unknown.”

The kernel then uses this information to implement an administrator-defined policy. In most cases, especially until ELAM technology is widely adopted by hardware vendors, administrators should follow the default policy: allow the loading of both “good” and “unknown” drivers while preventing the loading of known malicious drivers.

It is important to understand that ELAM is not a replacement for antivirus software. It merely complements existing packages by adding security to a phase of the boot process that is inaccessible to traditional antimalware packages.

Once Windows 8 finishes loading boot drivers, ELAM terminates and the system’s other antimalware software assumes control. ELAM can, however, perform a seamless transfer of status information to the system’s runtime antimalware software.

While Secured Boot takes an active approach to securing the boot process, Measured Boot combines passive monitoring with remote attestation to provide administrators with assurance about the integrity of the boot process.

Measured Boot monitors the launch of all system components that load prior to the launch of antimalware software. It records this information in a tamper-proof fashion using the Trusted Platform Module (TPM), a secured piece of hardware attached to the motherboard. When antimalware software loads, it may access (but not modify) the information stored in the TPM to verify the steps that occurred on the system before the activation of antimalware software.

The remote-attestation feature of Measured Boot is also a promising development that administrators should keep an eye on. It facilitates the use of a remote server to verify that systems on the network are booting into a known trusted state.

With remote attestation, Measured Boot sends a securely encrypted copy of the TPM data to the remote-attestation server. The server then verifies that the values recorded in the TPM match previously known secure states for that specific system. If the values do not match, the remote attestation server may alert the administrator or trigger corrective action. Full implementation of remote-attestation will require the cooperation of third-party software vendors, so stay tuned.

Security on the Run: Windows To Go

The new Windows To Go feature provided with Windows 8 Enterprise edition offers administrators a solution to a problem that has plagued them for years: how to provide remote users with access to enterprise data in a secured environment. While VPNs and other remote-access technologies have long offered a means to protect sensitive information transferred over the Internet, administrators were still left to worry about the security of the systems used to access that data from home, hotel business centers and similar environments outside the protection of enterprise security controls.

Windows To Go allows administrators to provide users with a complete Windows 8 image on a supported USB drive. Users simply insert the drive into any hardware that supports Windows 7 or Windows 8, boot the system and find themselves up and running in the familiar corporate computing environment.

When they are finished, they just remove the drive and reboot the computer; the system will return to its normal use, with no trace of the user’s computing activity left behind.

Windows To Go also protects against a user accidentally leaving a session open after stepping away from the computer. If the USB drive is removed, Windows To Go pauses for one minute to allow reinsertion of the drive. If the drive is not reinserted, the machine shuts down. To protect against the risk of loss, Windows To Go is also compatible with BitLocker drive encryption.

The downside? Currently, there are only a small number of USB drives certified by Microsoft as compatible with Windows To Go. These include:

  • IronKey Workspace W300
  • Kingston DataTraveler Workspace for Windows To Go
  • Spyrus Portable Workplace
  • Spyrus Secure Portable Workplace
  • Western Digital My Passport Enterprise

Watch for additional products to support this technology as its adoption grows.

Regardless of when Windows 8 makes its way to your enterprise, the additional security provided by ELAM, Measured Boot and Windows To Go makes it an attractive OS for IT workers.

A recent Spiceworks survey found that 69 percent of small and medium-size businesses were currently testing Windows 8, so if you don’t want to roll the new OS out to the whole company, it’s worth conducting pilot evaluations to assess potential future uses.

Sign up for our e-newsletter

About the Author

Mike Chapple

Mike Chapple is an IT professional and assistant professor of computer applications at the University of Notre Dame. He is a frequent contributor to BizTech magazine, SearchSecurity and About.com as well as the author of over a dozen books including the CISSP Study Guide, Information Security Illuminated and SQL Server 2008 for Dummies.

Security

Heartbleed: What Should Your... |
One of the biggest security vulnerabilities has almost every user and every industry...
Why Businesses Need a Next-G... |
Devices investigate patterns that could indicate malicious activity.
Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....

Storage

The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Businesses Must Step Careful... |
Slow and steady wins the race as businesses migrate IT operations to service providers,...
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...

Networking

Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Mobility: A Foundational Pie... |
Other technologies rely on mobile computing, which has the power to change lives, Lextech...
Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.

Hardware & Software

Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....
New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.