Improved Malware Protection in Windows 8

Microsoft has recently explained enhancements to mitigation features that help protect Windows 8 users against exploits used by malware.

Also explained are improvements made to Windows Defender to provide PC users with real-time protection from all categories of malware, and the use of URL and application reputation to help protect against social engineering attacks.

Malware targets all operating systems and browsers, and in recent years, criminal attacks against applications have increased substantially.

As stated in the official Windows 8 blog; Windows 8 includes mitigation enhancements that further reduce the likelihood of common attacks.

Some of these improvements include:

Address Space Layout Randomization (ASLR). ASLR was first introduced in Windows Vista and works by randomly shuffling the location of most code and data in memory to block assumptions that the code and data are at same address on all PCs. In Windows 8, we extended ASLR’s protection to more parts of Windows and introduced enhancements such as increased randomization that will break many known techniques for circumventing ASLR.

Windows kernel. In Windows 8, we bring many of the mitigations to the Windows kernel that previously only applied to user-mode applications. These will help improve protection against some of the most common type of threats. For example, we now prevent user-mode processes from allocating the low 64K of process memory, which prevents a whole class of kernel-mode NULL dereference vulnerabilities from being exploited. We also added integrity checks to the kernel pool memory allocator to mitigate kernel pool corruption attacks.

Windows heap. Applications get dynamically allocated memory from the Windows user-mode heap. Major redesign of the Windows 8 heap adds significant protection in the form of new integrity checks to help defend against many exploit techniques. In addition, the Windows heap now randomizes the order of allocations so that exploits cannot depend on the predictable placement of objects—the same principle that makes ASLR successful. We also added guard pages to certain types of heap allocations, which helps prevent exploits that rely on overrunning the heap.

Internet Explorer. “Use-after-free” vulnerabilities represented nearly 75% of the vulnerabilities reported in Internet Explorer over the last two years. For Windows 8, we implemented guards in Internet Explorer to prevent an attacker from crafting an invalid virtual function table, making these attacks more difficult. Internet Explorer will also take full advantage of the ASLR improvements provided by Windows 8.

Windows 8 will provide you protection with a significantly improved version of Windows Defender, if you don’t have another solution installed. Although, almost all Windows PCs sold today include a traditional antimalware solution, though it is often a time-limited or trial version.

Windows 8 will help protect you with reputation-based technologies when launching applications as well as browsing with Internet Explorer. Windows now uses SmartScreen to perform an application reputation check the first time you launch applications that come from the Internet.

You can access the short video that shows how Windows Defender and SmartScreen URL and application reputation works in Windows 8: High quality MP4 | Low quality MP4

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: