Earlier this week at Microsoft's BUILD Conference in Anaheim, California, the company announced that the upcoming Windows 8 operating system would have built in malware and virus protection. Today, the official Windows 8 blog site gives more information on the malware protection features in Windows 8. Jason Garms, who works as Microsoft's group program manager for its reliability and security team, said, "With Windows XP SP2, we began creating defenses called mitigations that make it difficult to develop reliable exploits for security vulnerabilities. Each subsequent version of Windows has continued to expand and improve on these mitigations, because a single mitigation feature can break an entire class of exploits. Windows 8 includes mitigation enhancements that further reduce the likelihood of common attacks."
Just one of those mitigation improvements is what Microsoft is calling Address Space Layout Randomization. It was first launched in Windows Vista and allow the Windows OS to randomly shuffle "the location of most code and data in memory to block assumptions that the code and data are at same address on all PCs." Garms says, "In Windows 8, we extended ASLR’s protection to more parts of Windows and introduced enhancements such as increased randomization that will break many known techniques for circumventing ASLR." Windows 8's kernel also gets some protection improvements. Garms says, "For example, we now prevent user-mode processes from allocating the low 64K of process memory, which prevents a whole class of kernel-mode NULL dereference vulnerabilities from being exploited. We also added integrity checks to the kernel pool memory allocator to mitigate kernel pool corruption attacks."
While Microsoft expects a number of third party malware protection applications will be released for Windows 8, Garms says, "If you don’t have another solution installed, Windows 8 will provide you protection with a significantly improved version of Windows Defender." Garms says that it will protect your Windows 8 device "from all types of malware, including viruses, worms, bots and rootkits" and it will be regularly updated with new signatures via Windows Update. The Windows 8 version of Defender will also "provide you with real-time detection and protection from malware threats using a file system filter, and will interface with Windows secured boot, another new Window 8 protection feature."
The Microsoft SmartScreen feature, which alerts Internet Explorer users if they are about to download and install a possible malware program, will also be expanded to Windows 8 when it launches. Garms says, "We understand that Internet Explorer isn’t the only way you download applications from the Internet, so Windows now uses SmartScreen to perform an application reputation check the first time you launch applications that come from the Internet."