Windows 8.1 steps up security with biometrics, encryption, and more
Most of the attention on Windows 8.1 Preview emphasizes the many interface changes and new features.
In the background, Windows 8.1 also offers a number of security
enhancements that will help keep the new OS in step with changing
times—how we browse, how we share data among devices, and which devices
we use. The improvements range from better browser security to built-in
encryption, to remote wiping of business files. We even tracked down a
few sneak-preview screenshots of things that have been announced but
aren’t part of the Preview release.
IE 11 will have better default security
Windows 8.1 will include Internet Explorer (IE) 11, whose flashiest new
feature will be support for multiple windows. The browser’s security
enhancements should help keep the new experience exciting, but not
The Enhanced Protected Mode (EPM) that was added in IE 10 will now be
turned on by default in the old-style desktop application, instead of
just the IE app in the newer Windows UI. When turned on, EPM enables a
sandbox-like feature called AppContainer, which restricts IE tabs from
accessing sensitive data and system files. Additionally, EPM uses 64-bit
tabs, offering more protection against attacks than 32-bit tabs
|The EPM option is automatically enabled in the
Advanced Settings of Internet
Options for the IE 11 desktop application.
IE 11 will also let antivirus programs have deeper access to the
browser. This will allow binary extensions—like the often exploited
ActiveX controls—to be scanned by an antimalware program before they’re
executed. This could also reduce the chances of malware infection or
attack via rogue extensions and toolbars.
By default, Adobe Flash support will be included with IE 11. Adobe Flash
updates will now be distributed via the Windows Automatic Updates (or
Group Policy on corporate-managed PCs). This could help reduce the
chances of exploits via out-of-date Adobe Flash add-ons.
Windows Defender adds network support
the native antivirus program provided with Windows, will now include
network-behavior monitoring. This will make it easier to detect the
newer breed of malware that usually can’t be detected via traditional
means, but rather through noticing anomalous activity on your company’s
servers. Defender’s traditional virus detection capabilities remain, as
Defender will likely appear just as it did in the first Windows 8
version, except perhaps with an additional setting for network
monitoring in the finial release of 8.1 (click to enlarge).
Device Encryption embraces all Windows versions
Windows 8 RT is better known for what it lacks than for what it
features, but one advantage it’s had over full-fledged Windows 8 is
device encryption. This feature will now be available for all Windows
8.1 users. It will be enabled by default on most newer computers
shipping with Windows 8.1, as well as supported devices that are
upgraded to Windows 8.1 with a clean install.
The encryption is basically a simplified form of the BitLocker
encryption feature found in the Pro, Enterprise, and Ultimate editions
of Windows 8 and previous versions of Windows. The full BitLocker
feature is still available in the Pro and Enterprise editions of Windows
8.1, giving power users and corporations more management capabilities.
For consumers who create and use a Microsoft account to log in to
Windows 8.1 (or use a domain account on a corporate network), your
entire PC or device will be encrypted.
Preview release of Windows 8.1 includes just the BitLocker encryption
settings; we should see new Device Encryption settings in the final
releas (click to enlarge).
Fingerprint recognition supported
Windows 8.1 will enhance its biometric support, including native support
for fingerprint authentication for laptops and devices with a
fingerprint reader. Instead of typing in your password, for instance, a
quick touch with your finger could log you in. This biometrics support
is reportedly being added throughout and could be used for things like
Windows login, User Account Control prompts, Windows Store access, and
other features of Windows. And it’s likely that we’ll see more
biometrics support from third-party software vendors as well.
This leaked screen shot of an internal build shows what the fingerprint enrollment process might look like (click to enlarge).
Assigned Access locks device use to a specific app
One brand-new feature introduced in Windows 8.1 is Assigned Access,
which will be available in the Pro, Enterprise, and RT editions. It lets
you lock down the computer or device for use with a specified app. This
feature can help prevent users from accessing other apps or interfaces,
making deliberate or accidental changes, and protecting the privacy of
other information on the device. You can see how this would be useful in
an educational environment—or even for a family with a Surface RT
tablet for the kids. A public location, such as a kiosk, is another
likely scenario for Assigned Access.
Microsoft hasn’t included the Assigned Access feature or settings in
the Preview release, this leaked screen shot of an internal build shows
what the settings might look like.
Remote Data Control can protect selected data
In Windows 8.1, Microsoft has enhanced the OS’s remote data control
capabilities. Businesses will be able to mark certain data on employee
computers and devices that should be kept encrypted, and that data can
be wiped remotely if the device is lost or the employee leaves the
company. This feature will be especially helpful as the BYOD trend grows
(personal files on the device aren’t affected).
|Manually connecting to VPNs via
the Networks list remains the same (click to enlarge)
Windows 8.1 expands VPN support
Many of us use a Virtual Private Network (VPN) to connect securely to a
remote network, such as a corporate office. According to Microsoft,
Windows 8.1 will support a wider range of Virtual Private Network (VPN)
clients, although details aren’t available yet. Additionally, Windows
will allow third-party apps to initiate VPN connections automatically,
possibly eliminating the need for you to start the connection manually
all the time.
A better experience and better security
Windows 8.1 Preview has a lot to like,
but the security enhancements show that Microsoft is keeping up with
the times. The BYOD trend means that personal devices are handling
corporate data, so remote wiping and other safeguards are vitally
important. Everyone browses the Web, so anything that makes IE safer is a
good idea. VPNs and device encryption help thwart sniffers and thieves.
And best of all, most of these security features are already available
in some form in Windows 8.1 Preview, so you can check them out now.