Windows 8: Put its hidden security features to work!
Lost among Windows 8's many controversies is a raft of useful security tools. Here's how to leverage them to the max.
PC World - Don't let the Windows 8 haters brainswash you: Microsoft actually introduced a few great features in its new operating system, some of which will help keep you safer from malware and other security threats. Though most of these security enhancements are active by default, you still must be proactive to get the most from them. Also, one new Windows 8 feature presents specific security concerns that must be addressed to keep your PC--and your data--as safe as possible. Let's jump in and investigate.
Buy a new PC instead of upgrading
To take full advantage of Windows 8's new security features, your PC needs to run a new kind of boot system called Unified Extensible Firmware Interface (UEFI). This system, which replaces the archaic Basic Input/Output System (BIOS), adds many new boot features and greatly speeds the startup process.
Included in UEFI is a feature, called Secure Boot, that helps prevent unauthorized operating systems and malware from running at startup. This makes it more difficult for data thieves to use bootable discs or flash drives to access your files; it also helps keep rootkits--a form of malware that's hard to detect--from infecting your computer during bootup.
Some PC vendors included UEFI on select systems in the past, but Secure Boot requires a new version, specifically UEFI revision 2.3.1. So if your system originally came with Windows XP, Windows Vista or Windows 7, it likely doesn't include UEFI. And if it does include UEFI, it's probably an earlier version that doesn't support Secure Boot.
Though some PC and motherboard vendors offer upgrades to UEFI, you might want to consider buying a new PC or board that's designed for Windows 8, as such hardware must include UEFI and have Secure Boot enabled by default.
If you're technically inclined, however, you can double-check an older PC's UEFI compatibility before you run out and buy a new system. First, try pressing the traditional BIOS or setup key (such as F2 or Delete) during booting just after you turn on the system. There, you can find your BIOS or UEFI version.
From Windows, you can typeA msinfo32 in the Start menu search field or the Run prompt to find the BIOS version. If it appears you have a traditional BIOS, you could check with the system or motherboard vendor to see if it's offering upgrades to UEFI. And if the UEFI version you have is older than 2.3.1, see if there are any updates for your PC.
Take precautions when using a Microsoft account
In Windows 8, you can now optionally sign into Windows with a Microsoft account using your email address. This account stores many of your personal Windows settings, preferences, and saved passwords, as well as other items like browser history, favorites, and Windows 8 apps, on Microsoft's servers. Whenever you log on to a new Windows 8 device with that Microsoft account, all your data automatically syncs to your new hardware.
Although this new syncing functionality can be useful, it does pose a security risk. If malcontents get your Microsoft account password, they could log in to your account at another Windows 8 PC and access your synced data. And if you use Microsoft's SkyDrive cloud storage service, they'll quickly be able to access your online files.
To help prevent your Microsoft account from being hacked, use a strong password when creating your account in Windows 8. Try to make it as complex as you can with lower- and uppercase letters, numbers, and special characters, and avoid words from the dictionary. Also make sure to use a unique password. If you simply re-use the same old string that gets you into other sites and services, you're just asking for trouble. Finally, you should avoid storing any truly sensitive documents in SkyDrive.
If you already have a Microsoft (or Windows Live) account, you can use it when logging into Windows 8 instead of creating a new account. And if your existing password isn't strong, you can always change it.
Fortunately, your saved passwords from Internet Explorer, networks, and Windows 8 apps aren't synced to a new system until you confirm it as a "Trusted PC." Once you sign in to a new Windows 8 system, Microsoft sends you an email and/or a text-message alert asking you to confirm it. This is a great protection mechanism, but if you're using a Microsoft email address (Hotmail, say), or if someone knows both your Microsoft account and your other email password, he could confirm the PC he's using as trusted and then access all your saved passwords.
To help make the process of confirming trusted PCs even more secure, use a non-Microsoft email address for your Microsoft account, and use a different password for that email account (which you should be doing anyway). Also make sure to enter your mobile number on your Microsoft account and update it when it changes. You can always add and change email addresses and mobile numbers.
Choose your antivirus program wisely
Windows 8 comes with built-in antivirus software as part of the updated Windows Defender program. However, if your PC manufacturer included a third-party antivirus program with your computer, Windows Defender may be disabled. Either way, make sure you have some form of antivirus program installed and enabled. And if you're considering a commercial antivirus suite, compare the different security suites and choose one that offers good protection--our recent security suite roundup is a good place to start.
We've discussed some security concerns with Windows 8 and how to combat them. Remember, in order to use the new Secure Boot feature, you need to purchase a new system that is Windows 8--certified, or make sure that your current system supports it before upgrading from a previous version of Windows.
If you log in to Windows using a Microsoft account, take the extra precautions I've described to secure your data. Use separate and unique strong passwords for both the Microsoft account and the email account you use. Don't store sensitive files in your SkyDrive online storage account. And keep your Microsoft account up-to-date with your mobile number.
Even though your Windows 8 PC might come with the built-in Windows Defender or a third-party antivirus program turned on, compare your options and choose one of the better antivirus programs.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts