Microsoft talks more about malware protection for Windows 8

Earlier this week at Microsoft's BUILD Conference in Anaheim, California, the company announced that the upcoming Windows 8 operating system would have built in malware and virus protection. Today, the official Windows 8 blog site gives more information on the malware protection features in Windows 8. Jason Garms, who works as Microsoft's group program manager for its reliability and security team, said, "With Windows XP SP2, we began creating defenses called mitigations that make it difficult to develop reliable exploits for security vulnerabilities. Each subsequent version of Windows has continued to expand and improve on these mitigations, because a single mitigation feature can break an entire class of exploits. Windows 8 includes mitigation enhancements that further reduce the likelihood of common attacks."

Just one of those mitigation improvements is what Microsoft is calling Address Space Layout Randomization. It was first launched in Windows Vista and allow the Windows OS to randomly shuffle "the location of most code and data in memory to block assumptions that the code and data are at same address on all PCs." Garms says, "In Windows 8, we extended ASLR’s protection to more parts of Windows and introduced enhancements such as increased randomization that will break many known techniques for circumventing ASLR." Windows 8's kernel also gets some protection improvements. Garms says, "For example, we now prevent user-mode processes from allocating the low 64K of process memory, which prevents a whole class of kernel-mode NULL dereference vulnerabilities from being exploited. We also added integrity checks to the kernel pool memory allocator to mitigate kernel pool corruption attacks."

While Microsoft expects a number of third party malware protection applications will be released for Windows 8, Garms says, "If you don’t have another solution installed, Windows 8 will provide you protection with a significantly improved version of Windows Defender." Garms says that it will protect your Windows 8 device "from all types of malware, including viruses, worms, bots and rootkits" and it will be regularly updated with new signatures via Windows Update. The Windows 8 version of Defender will also "provide you with real-time detection and protection from malware threats using a file system filter, and will interface with Windows secured boot, another new Window 8 protection feature."

The Microsoft SmartScreen feature, which alerts Internet Explorer users if they are about to download and install a possible malware program, will also be expanded to Windows 8 when it launches. Garms says, "We understand that Internet Explorer isn’t the only way you download applications from the Internet, so Windows now uses SmartScreen to perform an application reputation check the first time you launch applications that come from the Internet."

Report a problem with article
Previous Story

Only 200,000 Blackberry Playbooks shipped in last quarter

Next Story

WP7: Microsoft shows off video calling "Tango"

18 Comments

Commenting is disabled on this article.

alexalex said,
Anti-virus as part of Windows 8 and both versions of Explorer 10 won't pass the EU and will be dropped.

Anti-virus as part of Windows 8 and both versions of Windows Internet Explorer will pass the EU communists and will ship with the final release.

It was first launched in Windows Vista and allow the Windows OS to randomly shuffle "the location of most code and data in memory to block assumptions that the code and data are at same address on all PCs."

So how does this run ? Does this feature use RAM to function ? What if you have less or more RAM, does it run slower or faster ?

Garms says that it will protect your Windows 8 device "from all types of malware, including viruses, worms, bots and rootkits"

They'll find ways to circumvent any new protection. The AV companies will make sure of it .

Ricky65 said,
Garms says that it will protect your Windows 8 device "from all types of malware, including viruses, worms, bots and rootkits"

They'll find ways to circumvent any new protection. The AV companies will make sure of it .

Conspiracies aside, if the real bad guys find a way around it (which is just a matter of time in the cat and mouse game of security) the AV companies will stop at nothing to blog, advertise, and fear monger their products.

Safari and quicktime are blatant omissions from fair and equal justice. Microsoft always gets the short stick. I think Google is heading in a really dangerous direction in terms of control. The courts do very little to curb their enthusiasm.

The fact is, AV companies only exist because the OS' were originally vulnerable. It's a VERY good thing that the OS is becoming more and more secure over time, using all means possible to become secure. It's time for the AV industry to move on, stop fearmongering, they want your OS to be inherrently insecure just so they can stay in business. Terrible.
As does the EU, just so they can keep hammering MS. Just because it's cool to berate Windows OS.
Apologies for all the TLA's (two-letter-acronyms ;-) )

SOOOO true man. People are always ripping on Windows for its security. Im like well its on around 90% of the PC's out there and sure XP and prior did have weak security implementations but Vista and 7 have really elegant security built right in. I also love the trend of people buying macs, most are using Windows 7 in private. I mean ok lets look at this carefully, Apple is now the largest selling PC maker ahead of HP but look at the OS stats.
http://gs.statcounter.com/#os-US-monthly-201008-201108
Ultimately Windows 7 is so fricken clean and productive, it gets the job DONE!!

no need for AV program
no need for malware bytes
no need for VMware
no need for magic disk

and thats just the start.

integrating a lot of nice things into windows 8

ShareShiz said,
no need for AV program
no need for malware bytes
no need for VMware
no need for magic disk

and thats just the start.

integrating a lot of nice things into windows 8

Good for the users, however competing companies are going to be ****ed and lawsuits are bound to happen.

Panda X said,

Good for the users, however competing companies are going to be ****ed and lawsuits are bound to happen.

This is where competing companies need to step up their game and offer new things. Sure Win8 supports ISO mounting, but does it support BIN? I don't think so, though ISO is used way more there are other disk image files out there that something like MagicISO or daemon tools do support. So to be fair there is a difference really.

Holey said,
How does windows defender coexist with MSE?

Or are they both rolled into the same product in Windows 8?


Garms is basically doing everything short of saying "we bundled our antivirus with Windows 8", probably to get anti-trust off his tail.

Holey said,
How does windows defender coexist with MSE?

Or are they both rolled into the same product in Windows 8?


maybe mse for xp,vista,win 7.
win defender with virus protection for 8