Security Features of Windows 8
- Address space layout randomization (ASLR)
It involves random arrangement of base addresses of executable, libraries, heap and stack addresses in a process’s address space. The user’s code and data locations on hard drive are shuffled randomly to avoid revealing addresses to hackers. This feature was existent in Windows 7 but has been enhanced in Windows 8.
Attackers can corrupt or cause abnormal execution of programs by overwriting data pointers located in the heap. Randomization attempts to prevent this by adding guard pages in between so that data pointers are not altered.
Figure 2: Windows 7 vs. Windows 8 running an application[/caption]
Kernel mode processes run in a special section of memory reserved for them. Microsoft has tweaked the user mode processes in Windows 8 so that they cannot access the kernel address space which means the lower 64k of process memory is not accessible by user processes.
Drivers and applications that start along with the operating system are assigned keys by Microsoft that is verified by the operating system at startup. If the driver or application does not possess the proper key, it is not allowed to start with the operating system processes. This ensures that malware does not interfere with antivirus programs.
Windows defender has been enhanced to identify all types of malware, virus and worm signatures from Microsoft malware protection center. Previously, the database only stored spyware and adware signatures.
Microsoft continues its support for third party antivirus and antimalware vendors while revamping their Widows defender with the help of their security development team.
Microsoft is following a security development lifecycle to ensure they do not encounter problems like those that the Windows XP users experienced in the past. Microsoft has noted the main cause of inadequate malware protection on 75% of the computers.
According to Microsoft, users fail to revamp their trial version after expiry and most of them do not update their security components regularly. Stay tuned for more security related news from Microsoft.]]>