Windows 8.1 Upgrades Security Measures

By | August 07, 2013

Posted in: Network Security Trends

Software giant Microsoft has unveiled the new security measures in Windows 8.1, including fingerprint biometrics, multifactor authentication for BYODs and enhanced malware resistance.

Dustin Ingalls, Group Program Manager for Windows Security & Identity, in a blog this week, listed the major features as trusted hardware, modern access control, sensitive data protection and malware resistance.

“Trusted hardware is a key investment area for Microsoft in Windows 8.1,” he said. “Often in a BYOD scenario, if an employee buys a new computer, it can be hit-or-miss as to whether the device will have all the tools baked in that an IT department needs to make sure any data on that device is secure. With Windows 8.1 we take away the guesswork.”

Ingalls said Microsoft was working towards making TPM (Trusted Platform Module) 2.0 a requirement on all devices by January 2015, so that IT departments could be confident that the devices their employees bring to work comply with corporate security policies.

TPM is a hardware security device or chip that provides a number of crypto functions, including securely storing keys and performing cryptographic measurements. It’s a great tool for the enterprise, but has been an optional piece of technology for consumer devices,” Ingalls said.

He said biometrics would pass over time. “While biometric capabilities have been available since Windows XP, innovations in Windows 8.1, along with the new hardware coming from our hardware partners, will make your fingerprint easier and more secure than anything you've used before. Biometrics goes beyond swipe, which we previously supported, to capacitive full fingerprint and can be set up on any Windows 8.1 device through modern settings using a standard, consistent Windows experience.”

Windows 8.1 would increase the trustworthiness of public key infrastructures (PKIs) or certificate authorities, which can be targeted by hackers, Ingalls said.  “We have a service now that scans the top two million SSL/TLS sites on the web daily to look for anomalies or bad practices and will notify partners (certificate authorities or companies that had a fraudulent certificate issued in their name) quickly when we see issues,” he said.

“We have also taken the ‘assumption factor’ away from the server side of private key verification. For example, if an employee has malware on their personal device, the malware can intercept the private key during enrollment or renewal, effectively compromising your identity. With Windows 8.1, a server or service can require proof (attestation) that private certificates and keys are protected by hardware. If that can’t be proven, access is denied.”

Ingalls said Microsoft had put “a lot of thought” into how businesses can protect their data when it resides on employees’ personal devices.

“With Windows 8.1, device encryption is now available on all editions of Windows for devices that support InstantGo,” he said. “If the device supports InstantGo, device encryption can be automatically enabled. As InstantGo will be available on the vast majority of devices, this functionality will be pervasive throughout the enterprise.

“We introduce remote data removal which will allow an IT department to wipe corporate data (eg e-mails, attachments, corporate data that came from work folders) off a BYOD device without affecting personal data,” he said.

You May Also Be Interested In: