Today we see many authors of malicious software going to great lengths to distribute their wares. Some attackers invest significant resources to find victims and avoid detection by antimalware products. They also vary their attacks – they experiment with not only exploiting software vulnerabilities but also attempt pure social-engineering approaches. To counter this, it is important to build layered defenses in order to improve the security of a system.

Because of changes we’ve made over the years, malicious software infection rates against more recently released Windows operating systems and service packs tend to be lower than earlier releases, for both client and server platforms.  The Microsoft Security Intelligence Report analyzes the threat landscape of exploits, vulnerabilities, and malware using data from large scale Internet services and over 600 million computers worldwide.

Microsoft is committed to creating safer and more trusted computing environments and as part of this commitment,  we shared our vision of “End to End Trust” almost five years ago.  End to End Trust represents our long-term goals to advance trusted hardware, software, data, and identities. With the release of Windows 8, Microsoft has created an exciting and more secure operating system that helps realize important aspects of the End to End Trust vision. 

One of the new areas where Windows 8 helps protect customers is during the startup phase of the computer using a feature called Secure Boot.  Secure Boot is a combination of improvements provided both by platform manufacturers and by Microsoft to prevent malware from running before the operating system is fully loaded.  This is important because malware that starts before the operating system is able to tamper with everything loaded afterwards, hindering malware detection and removal. 

To support Secure Boot for Windows 8, a system needs to implement the industry specification called the Unified Extensible Firmware Interface (UEFI) 2.3.1 from the UEFI forum.  The UEFI standard defines a policy that UEFI boot drivers and operating system loaders are checked against during boot.  If a system does not implement UEFI 2.3.1 it can still run Windows 8, but does not gain the security benefits provided by Secure Boot.  The typical boot process has three main phases:

Typical system boot process for a Secure Boot capable system

For reliability, if components necessary to boot the platform do not comply with the policy, automated remediation mechanisms attempt to restore trusted components or provide failsafe options to return systems to a bootable state.  The combination of the Secure Boot security elements means malware is deterred from trying to load during the boot process and if malware is installed as a pre-boot component, recovery mechanisms can reliably detect and remove it.

One result of Secure Boot is the industry is now digitally signing many software components involved in the system boot process.  The digital signatures for components allows their authenticity to be checked.  This improves the security of the supply chain and also allows components with security flaws to be revoked (once a more secure version is deployed) by updating the Secure Boot policy.  This helps ongoing maintenance of security integrity.

Windows 8 includes support for the Trusted Platform Module (TPM) standards versions 1.2 and 2.0 published by the Trusted Computing Group (TCG), an industry standards body. Microsoft Windows leverages the TPM in multiple ways, including logging what software ran during the boot process, what antimalware software was started, etc.  This log allows antimalware software to provide evidence about the health of the client system.  There are also improvements to BitLocker Drive Encryption™ data protection features that use the TPM to protect data at rest and other TPM features like Virtual SmartCard

A long-held security design principle is to build products secure by default.  The default usage of the TPM by Windows is to help protect and maintain the integrity of the operating system. This means Windows
8 automatically provisions the TPM for the operating system and other applications to use.  In Windows, administrators and users control the features and applications that run including those that leverage the TPM. For customers who want to know how Windows features use the TPM, please refer to the TPM feature usage in the Windows 8 Privacy Policy.  Microsoft strongly encourages 3rd party applications that use the TPM to inform users in accordance with the Trusted Computing Group Design Implementation and Usage Principles. 

Windows 8 features such as Secure Boot and integrated default support for the TPM demonstrate Microsoft’s continued commitment to helping protect the privacy and security of our customers around
the world.  They are also examples of how Microsoft supports open standards and shares best practices within the industry to help mitigate security risks and fight malware.  The ease of use for both technologies depends on new hardware now available in Windows 8 devices.  As customers migrate to Windows 8 systems, they will be better protected by a stronger fabric of layered defenses more
resistant to malware.  These innovations help build a more trusted end to end computing experience for our customers. 

Related Links:

Policy Maker’s Guide to Supply Chain Security

TCG NIST Issues Draft BIOS Integrity Measurement Guidelines

Protecting the pre-OS environment with UEFI

Reengineering the Windows boot experience