Date: 16 September 2011
Original URL: http://www.auscert.org.au/render.html?cid=7066&it=14853
At Microsoft's BUILD conference, held in Anaheim on Tuesday 13th September, Microsoft declared that the next version of Windows, Windows 8, which is scheduled for a 2012 release, will ship with "tons of security features".  The security community has been somewhat buzzing about these features and there has been plenty of speculation as to what they will mean for the future of the anti-virus market. Windows 8 to ship with built-in malware protection
The biggest announcement made by Microsoft is that Windows 8 will be shipping with built-in anti-virus software. Windows users are most likely familiar with Windows Defender, designed to prevent pop-ups and spyware, which has been bundled with Windows 7, Vista and XP, and also Microsoft Security Essentials which to-date has been a separate free anti-virus application users can download and install. It appears that with Windows 8, Windows Defender will be greatly enhanced to include the functionality of Microsoft Security Essentials, so that Windows 8 owners will receive an out-of-the-box security package which not only takes care of protecting users from malware, pop-ups and spyware, but also incorporates parental control and a firewall.  However Microsoft as yet has not confirmed or denied that Microsoft Security Essentials will actually be a part of Windows 8. 
Of course industry members have had plenty to say and many differing opinions regarding the inclusion of an anti-virus protection suite to be included in Windows. Symantec's vice president of product marketing, Mike Plante has stated that he believes "... it's clear that the protection consumers need is more comprehensive than what basic anti-virus offers ... [and that] ... anti-virus is just the first basic layer ...."  Plante was also quick to knock the existing Microsoft Security Essentials package, stating that in a recent test conducted by AV-Test GmbH, poor old MSE "... came in last out of a total of 13 security solutions." 
In contrast, Mel Morris of Webroot believes that Microsoft's inclusion of anti-virus protection out-of-the-box is a positive change. He stated that "It makes conventional AV available to a wider audience. People will then realize and in turn focus more on what the real threats are."  While this may or may not be true, what it does ensure, is that users who have previously not bothered to install anti-virus of any kind, whether they be free or commercial, will have some kind of first line of defence against malware, and surely this is a positive change. However, Graham Cluley of Sophos is a little more cynical and suggests that this may actually be good news for malware authors, stating in a recent blog that "... if most budget-conscious home users stick with Microsoft's built-in offering, then surely the first thing the bad guys will do is make sure their latest creation can slip past Microsoft's scanner. 
There are other considerations to make as well, for example, will Microsoft's new built-in solution interfere with the operation of other commercially produced or enterprise anti-virus suites? This is of course, as yet unknown, but it could cause any number of headaches for both users and professionals alike if this is the case. Could we even see security firms making accusations of anti-competitive practices and force them to go down the legal road in the near future, as happened previously with Internet Explorer in Europe? It seems possible, and even likely. Some are even suggesting that having the same anti-virus built-in on all Windows 8 systems will "... result in a kind of security monoculture."  One thing that we can all agree on though, is that even if this new built-in anti-virus isn't the bees knees, it will certainly be better than having nothing at all.
Another new feature is an advanced USB security feature, which will warn users of an infected USB stick or drive, not allow them to execute any programs or data on the drive, and then provide a mechanism to attempt to clean the infected device. Taking this USB security feature one step further, Windows 8 will also help to prevent infected USB devices during the boot up stage, and prompt users to remove or clean an infected device before continuing to load Windows. 
Microsoft has also referred to the integration of another layer of operating system security, named 'SmartScreen', which is currently built-in to Internet Explorer, and will be integrated directly into the operating system in Windows 8. SmartScreen will help to provide protection against phishing and social engineering by using a URL and application reputation system.  Smartscreen includes a feature known as "Windows Drive-By Attack", which will attempt to prevent users from being infected by malware, by notifying them when a website is attempting to download or install malware, regardless of whether they have been blacklisted.  Smartscreen will also be integrated with program launching, and show new warnings before allowing a user to run a potentially high-risk program. 
All in all, it looks like some interesting security-related developments from Microsoft that may in the end define the success of the operating system as a whole, while at the same time may cause anti-virus vendors to alter their approach, packages and marketing to roll with the punches Microsoft is going to deliver. One must question however, whether Microsoft is simply trying to improve their reputation with regards to operating system security for the sake of improved sales, by utilising new and exciting buzzwords, or whether they are truly committed to positive innovation in security. Fingers here are definitely crossed that it is the second option, and that these security enhancements really make a difference for end-users.
Information Security Analyst
 Windows 8 to have built-in anti-virus - there's good and bad news
 Windows 8 To Come With AV Baked In
 Will Windows 8 Destroy the Consumer Antivirus Market?
 Windows 8: Improved security and super fast boot
 New security features introduced in Windows 8