A lot of things have already been revealed about the security features of the upcoming Windows 8: there will be a picture password sign in option; a built-in antivirus (Windows Defender) that will activate itself if it doesn’t detect another active AV solution; the Unified Extensible Firmware Interface (UEFI) will replace BIOS ROM in order to verify software before it executes and ensure that no untrusted code runs before the operating system loads.
Chris Valasek, a security researcher with development testing firm Coverity, shared some more details after having analyzed the preview version released only to selected software experts.
He first pointed out that despite the change of the user interface, Windows 7 and Windows 8 are basically very similar inside.
Still, Windows 8 will have more exploit mitigation technologies at its disposal, chief among which are the Windows Heap Manager and Windows Kernel Pool Allocator, which should block malware from exploiting a number of vulnerabilities.
As Valasek pointed out for The Register, “there are always going to be vulnerabilities but you can make it difficult to leverage vulnerabilities to write exploits.” Obviously, Microsoft chose not to fool itself and decided to tackle the vulnerability problem from another angle.
The “security sandbox” for applications for Windows 8 will also be a great step forward. According to Valasek, apps will have limited permissions, which will restrict them to access only the functions needed to perform what they claim they are designed for.
“This new App Container provides the operating system with a way to make more fine-grained decisions on what actions certain applications can perform, instead of relying on the more broad “Integrity Levels’ that debuted in Windows Vista/7,” he pointed out.
Adding to all this the security improvements expected in the new Internet Explorer 10, and it’s easy to see why Valasek says that he would rather write exploits against Win 7 than Win 8.