Planning on a Windows 8 purchase in the near future? While it may be the most secure version of Windows yet, a new operating system always introduces new security challenges.
There are a slew of security features in Windows 8 that we like (picture passwords, built-in antivirus, Secure Boot, among others). However, the changes in the graphical user interface, the introduction of the new online app store, and new capabilities raises security concerns. The following are some tips from the folks at Sophos on how to stay safe on Windows 8.
Which IE? The One in the UI
Internet Explorer has changed in Windows 8. One browser platform, but depending on how you are using it, you get two different experiences. There is the new Internet Explorer in the Windows UI and Internet Explorer for the desktop. While the desktop IE is familiar, IE in Windows UI have plugins disabled by default. Considering that plugins have become a major attack vector for exploit kits such as Blackhole, minimizing the attack surface as much as you can sounds like a great idea.
Exercise Application Control
Application control can help prevent malware from infecting your shiny Windows 8 system. Even if Microsoft is scrutinizing all apps listed in the Windows Store, users should assume that malicious apps may accidentally slip through. All applications in the Windows Store must list what resources they require access to. Review the permission carefully and make sure the apps aren't asking for too much.
Watch Out for Apps
Users should be careful when switching to apps for the new Windows 8 user interface (formerly known as Metro), Sophos recommended. Some applications have been completely re-written for the new user interface, so familiar applications may work differently than they used to. Existing security and management tools may no longer be able to monitor some of your applications.
Can You Detect Malicious Apps?
Related to the above point, make sure your security vendor of choice can flag Windows 8 UI apps that are malicious. Your security product should be able to distinguish between regular applications and Windows 8 apps, and be able to flag apps which are malicious, have been modified, or have an invalid license.
"Designed for Windows 8"
Make sure any Windows 8 hardware you buy has the "Designed for Windows 8" logo. This logo means the hardware is UEFI compliant, which is the only way users can take advantage of the Secure Boot functionality available in Windows 8. Secure Boot allows only signed code to run during the boot up process to minimize the risk of boot loader attacks.
Don't Encrypt and Hibernate
If possible, disable hard drive encryption hibernation. Encrypting the hard drive is a critical part of data security, and with BitLocker and the option to add self-encrypting drives, Windows 8 makes it even easier to protect data. However, Sophos recommends the hibernation option in Windows 8 be disabled through group policy, as it doesn’t always work well with encryption.
Windows RT is a Mobile Device
Treat Windows RT (the version of Windows 8 that would be installed on ARM hardware) devices as any other mobile device and protect them accordingly. Disable apps that you don't need, and make sure you have the ability to track, control, remote wipe and encrypt them.
Do You Need NFC?
If you don't need them, block them. Near-field communications can be cool, but it's better to block the near field communications features you don’t need and don't plan to use.
Oh, and...
Sophos also had a bonus tip. Don’t allow sign-in to Windows 8 PCs with a Live ID. Keep the credentials for your online identity separate from the physical machine.
0 comments:
Speak up your mind
Tell us what you're thinking... !
Note: only a member of this blog may post a comment.