Windows 8 will come with antivirus protection running, but its real security benefit is vastly improved protection of low-level activities like memory allocation. It has antivirus protection built right in, enabled by default if no other antivirus is present. But the new security features at the very deepest level may be even more significant. To understand what Windows 8 adds, we need to look back at the evolution of operating system security.
COM file programs for the original MS-DOS were quite insecure by modern standards. DOS simply copied the program byte for byte from disk into memory and started it running. It made no distinction between code and data, so a buffer overrun attack could easily force execution of arbitrary code. Early file-infector viruses simply appended their own code to the program’s end and replaced the very first instruction with a jump to that code.
The EXE file format, still in use today, isn’t quite as open to manipulation. It does distinguish between memory areas used for code and those used for data. Windows XP SP2 introduced Data Execution Protection, which ensures that a memory area marked as data will never be executed. (However, there is a possibility for a hardware backdoor attack to disable this feature.)
Even with these enhancements, malware writers managed to craft attacks that could inject arbitrary code into trusted processes. Address Space Layout Randomization (ASLR), introduced with Windows Vista, made those attacks tougher by making it impossible for an attacker to predict where in memory a given code module would load. Despite all these protective features, malware attacks can still succeed in Windows 7.
Windows 8 will block many such attacks by toughening up at the very deepest level—memory allocation. Many low-level memory functions have new safeguards in Windows 8, rejecting invalid input and adding a degree of randomness. “Guard pages” before and after in-use memory chunks prevent attacks that work by writing beyond the end of allocated memory. A new “Fast Fail” function lets a program terminate instantly if it detects memory corruption.
Windows keeps track of free and in-use memory chunks using a structure called a doubly linked list. Each chunk has an entry in the list with links to the next entry and the previous entry. Various attacks take advantage of this structure by changing the entries so they link to malicious code. That won’t work in Windows 8, though, because the pointers are protected.
ASLR makes it tough for an attacker to predict where a given code chunk will load in memory. Windows 8 also randomizes the allocation of smaller memory blocks within memory heap sub-segments. “Random” numbers generated by a computer aren’t random in an absolute sense, but in Windows 8 the random number algorithm is very much enhanced over Windows 7.
The overall point of these low-level security enhancements is to let Windows 8 perform its tasks efficiently while resisting all memory modification by external processes.
Windows 8 isn’t totally hack-proof. There are a number of areas that could still be vulnerable. As long as humans are writing the code, there will be another crook who tries to hack it. However, any attack or exploit that worked under Windows 7 will fail against Windows 8.
You may also like
- Antivirus Industry Unhappy With Windows 8 Built-In Antivirus Protection
- Compatible Antivirus For Windows 8 Consumer Preview
- Free Antivirus For Windows 8 Consumer Preview : Windows Defender
- How to Run Off Windows Defender In Windows 8 Consumer Preview
- Avast Antivirus For Windows 8
- Anti-Virus For Windows 8 Consumer Preview