Protecting you from malware - Windows 8 Blog

[Ceyfer √]

One of the things we talk quite a bit about with Windows 8 is making sure Windows is a safe, secure, and reliable computing environment. We have always provided a broad range of solutions for achieving these goals and work closely with a broad range of industry partners. We continue to enhance these capabilities with Windows 8 while making sure you always have choice and control over how to protect and manage your PC. With Windows 8 we are extending the protections provided by Defender to address a broader range of potential threats. Jason Garms, the group program manager of our reliability and security team authored this post that represents work across several teams. --Steven

Code:

Threat modeling and security design reviews. During the design process we consider how criminals might seek to attack features and scenarios, and incorporate this analysis into our designs.
Writing secure code. Training and code quality tools help to prevent common coding issues from entering the Windows source code.
Penetration testing. Security engineers take an attacker’s perspective when reviewing a completed set of features that make up a scenario.
Security code reviews. Security engineers provide additional security-oriented code reviews for highly sensitive components.
Security tools. Tools continuously updated with the latest state of the art in finding and exploiting software provide a scalable solution to improve existing code.
Address Space Layout Randomization (ASLR). ASLR was first introduced in Windows Vista and works by randomly shuffling the location of most code and data in memory to block assumptions that the code and data are at same address on all PCs. In Windows 8, we extended ASLR’s protection to more parts of Windows and introduced enhancements such as increased randomization that will break many known techniques for circumventing ASLR.
Windows kernel. In Windows 8, we bring many of the mitigations to the Windows kernel that previously only applied to user-mode applications. These will help improve protection against some of the most common type of threats. For example, we now prevent user-mode processes from allocating the low 64K of process memory, which prevents a whole class of kernel-mode NULL dereference vulnerabilities from being exploited. We also added integrity checks to the kernel pool memory allocator to mitigate kernel pool corruption attacks.
Windows heap. Applications get dynamically allocated memory from the Windows user-mode heap. Major redesign of the Windows 8 heap adds significant protection in the form of new integrity checks to help defend against many exploit techniques. In addition, the Windows heap now randomizes the order of allocations so that exploits cannot depend on the predictable placement of objects—the same principle that makes ASLR successful. We also added guard pages to certain types of heap allocations, which helps prevent exploits that rely on overrunning the heap.
Internet Explorer. “Use-after-free” vulnerabilities represented nearly 75% of the vulnerabilities reported in Internet Explorer over the last two years. For Windows 8, we implemented guards in Internet Explorer to prevent an attacker from crafting an invalid virtual function table, making these attacks more difficult. Internet Explorer will also take full advantage of the ASLR improvements provided by Windows 8.
We believe that all Windows 8 users should be protected by traditional antimalware software that provides an effective, industry-recognized level of protection. There are a lot of great antimalware solutions available that we expect will be updated to protect Windows 8 PCs and we believe most PC makers will continue to ship Windows PCs with these solutions installed.
 We’re continuing to work with antimalware partners during the Windows 8 development process so you have the best possible Windows PC experience no matter what antimalware solution you choose. We provide them with resources, such as the technical details of how we architected the performance improvements for Windows Defender, so they have the opportunity to make similar improvements to their products.

Also a revamped Windows Defender + optimized Smartscreen technology ( application reputation ).

More at Building Windows 8

[sujay]

I am running the developer tool and I am impressed...