Dustin Ingalls, partner group program manager for Windows Security & Identity, told Infosecurity that Windows 8 has three main focus points: Malware protection; data protection, and modern access controls.
“We’ve invested in malware protection, and it’s paying off”, said Ingalls. “Windows 8 malware infection rates have dramatically improved.” Windows 8 computers are six times less likely to be infected than Windows 7, and 21 times less likely to be infected than Windows XP”.
Improved security is due to several factors, according to Ingalls. Device encryption is more broadly available, data is encrypted upon entry to the device, and the ability to wipe a device enables business data to be remotely wiped. “Just because enterprises have to reckon with this trend, the IT guys don’t get a break”, he said, referring to increased mobility in business.
8.1
In Windows 8.1, Microsoft has placed “huge investment in biometrics”. With Windows 8.1, users can “bio-enable every Windows prompt in the system so that a fingerprint can be used to authenticate.”
A fingerprint can even be used to make purchases in the Windows store. “We want to make ecommerce easy but secure”, said Ingalls, explaining that the process is as user-friendly as click-to-buy but with the added bonus that children are unable to mistakenly buy anything.
“The mistake that biometrics has made in the past is reliability”, Ingalls conceded, but adds that he is confident this is no longer an issue.
“We consider the fingerprint as an authentic user gesture. It’s not what we use to authenticate you – all it says is that it matches. It’s a symmetric secret”, he said.
When Things Go Wrong
Ingalls is the first to admit that a stolen fingerprint is indeed a lot harder to rectify than a stolen password. “However, the risk of someone ‘stealing’ your fingerprint is a lot lower than someone stealing your password”, he weighed up.
“Cybercrime is an economic arms race and the time it would take to ‘steal’ a fingerprint and conduct the attack would not be worth the potential money”, he said. “We need to get people away from passwords. Smartcards are much better than passwords but [the industry] didn’t nail usability. Virtual smartcards, however, are awesome”.
Finally, Ingalls advised that a two-step verification process was added to 8.1 “A Microsoft account is a gateway to all your data, and with that is a great responsibility. Two steps are needed to protect that. Now we allow you to choose the second step.”