How Microsoft Should Improve Windows 10 Security (Op Ed)

[Reefa]

Windows 10 already looks like it's going to have quite a few interesting security features, from the Windows Hello biometric authentication to the complementary online-focused Passport authentication protocol to Device Guard, a secure execution environment that's separated from the Windows 10 OS. However, there are other significant security improvements Microsoft could do to Windows 10 to make it a much safer OS.

User Account Control (UAC)

When Microsoft introduced User Account Control (UAC) in Windows Vista, it was probably by far the most universally hated feature. At the same time, it was also the feature that made Vista and future iterations of Windows radically more secure than Windows XP.

In Windows XP, almost any app could do almost anything. That's because, to this day, the default account in Windows has Administrator rights. With UAC, users can remain Administrators, but app privileges are limited to the Standard mode.

The UAC is certainly not bulletproof. The system is protected against apps silently causing damage to it in the background. However, if the users themselves install a malware-infected application and click through the UAC prompts, then of course they will still become infected.

There's also the fact that there have been a handful of UAC bypasses every year. Even with these weaknesses, UAC still managed to drastically reduce the amount of malware that could exist on Windows.

UAC, or a replacement for it, could still further improve Windows security. Right now, the most effective way to infect someone's computer is to get them to install an app for you. Human error and gullibility is still the easiest attack vector.

The UAC needs to be upgraded in such a way that an app can't do anything it wants even after it's installed with Administrator rights.

Most apps should be properly sandboxed from each other, and the apps that actually need some potentially dangerous privileges should display a different type of warning.

In fact, Microsoft should make the "basic" UAC prompts/alerts much less threatening so as to not train users to click through the more seemingly dangerous ones. The warnings that require more powerful privileges should be one or two steps above the basic ones, and they should appear much less often.

Ideally, the app sandboxing would be so good that "basic alerts" wouldn't even be needed, therefore making UAC even less annoying than it is today. That would also make the stronger warnings that much more eye-catching and should force users to pay more attention to the privileges requested by the app. Suffice it to say that Microsoft should be making the warnings as easy to understand as possible by regular computer users.

Both iOS and Android use strong sandboxing systems, and despite all the headlines about Android malware, the truth is the malware that exists doesn't usually affect a large percentage of people. Even better, that "malware" usually can't do much damage to the operating system itself or other apps. The times when it's most dangerous is when the user has root access, which means that malware also has root access and can therefore bypass the sandboxing system.

Microsoft is working on an alternative to UAC that uses cryptographically signed apps. That, combined with the Windows Store's review process, should (almost) guarantee that the apps users are installing are safe.

The problem with this solution is that it's currently quite limited, because it only applies to apps from the Windows Store. Unless Microsoft demands that all apps are signed (and verified) by default in Windows 10, this solution won't significantly improve anything. This is why Microsoft needs to come up with a complementary solution that still provides strong enough protection for non-Windows Store apps.

Enhanced Mitigation Experience Toolkit (EMET)

The Enhanced Mitigation Experience Toolkit (EMET) is one of the most powerful security applications Microsoft has built in recent years. Unfortunately, adoption has been low because not enough people are aware that it exists, even though it's a free tool that Microsoft has had available for many years.

EMET protects against a wide class of zero-day vulnerabilities that can appear because of poorly written code (which can easily happen, especially with unsafe C++ code). EMET is actually a suite of mitigation technologies such as Address Space Layout Randomization (ASLR), Data Execution Protection (DEP), Structured Exception Handler Overwrite Protection (SEHOP), Certificate Pinning, Null Page Protection, and more.

By default, the tool is set to "Recommended Settings" which mainly protects Microsoft's apps, but you can set it to "Maximum Protection," which enforces all the protections on all apps by default. It's good to be aware that this can prevent some apps from loading, but it's usually very rare and happens with very old apps.

Antiviruses and other malware tools usually function by maintaining a known database of malware. Effectively, what that means is that before an antivirus maker can discover the bug and update its software accordingly, some PCs will need to be infected first.

By contrast, EMET can protect against exploits and hacks without having to "know" in advance what those exploits are. To hack into a computer using a zero-day vulnerability, an attacker would also have to bypass EMET, which is usually quite hard to do.

For instance, last year at the browser hacking competition Pwn2Own, researchers managed to hack into Internet Explorer 11, but they couldn't do it when EMET was enabled. In fact, the IE11+EMET was the only browser configuration that proved unhackable. Until more recently, EMET was also a good way to significantly increase security for those who were still on Windows XP (which is no longer supported).

The good thing about EMET is that it doesn't require too much technical expertise after the quick initial setup. It's more of a "set it and forget it" type of software, not unlike an antivirus in that respect. That also means that it should be relatively easy to integrate into Windows 10.

Some developers may not like it, especially if they don't want certain mitigation technologies to be implemented because they would mess with the way their apps are currently written, but this is one of those things where Microsoft just needs to show leadership for a good cause.

Microsoft Security Essentials (Windows Defender)

There was a time when "Microsoft Security Essentials" was arguably the best and easiest-to-use free antivirus out there. That is until Windows 8 came along, and Microsoft decided to integrate MSE into the new OS. Since then, it seems that the built-in antivirus (now named Windows Defender) has gotten worse with each passing year, falling further and further down the ranks in antivirus competitions.

Why this is happening is not exactly known, but it could be either because Microsoft has made the antivirus division a lower priority or because most attackers have already learned how to bypass it. It could even be a combination of both.

Although there was a time when I would recommend just using MSE/Windows Defender, I don't feel nearly as comfortable doing so today. In fact, what I suggest these days is to disable Windows Defender and install some other free antivirus such as Avira (to avoid conflicts and/or resource waste).

BitLocker And Encrypting File System (EFS)

Windows Vista brought another good security feature in the BitLocker software, which provides full drive encryption. Microsoft has also offered the EFS (Encrypting File System) feature to encrypt files and folders since Windows 2000. There is one major issue with these tools, though: they are both available only for Pro and Enterprise users, which means most regular users can't benefit from them.

Encrypting your own local data is the most basic form of security, and Microsoft should be offering it to every single Windows 10 user, whether we're talking smartphones or PCs. Further, wherever possible, the encryption should be done automatically.

All smartphones based on ARMv8 chips should have support for fast encryption instructions, and Intel and AMD chips have supported hardware encryption for quite some time. It wouldn't be a radical move for Microsoft to require that all the new devices that come with Windows 10 should be encrypted by default. Apple and Google are already moving to default local storage encryption, and Microsoft should follow suit.

Windows 10: A Golden Opportunity

Windows 10 is going to be a once-in-a-decade opportunity for Microsoft to start fresh with its operating system. One of the reasons why the company is going to allow users to install Windows 10 for free in the first year is to get as many people as possible to leave their older, less secure operating systems and to jump on a more secure platform.

Windows 10 is already a rather significant upgrade in terms of security features. However, adding the above features could make the OS a must-have, even if it isn't easy to migrate away from Windows 7 or Windows 8 for some users (especially for companies and institutions).

A solid sandboxing/privilege system, EMET suite of zero-day protections, a much-improved antivirus, and default encryption could make Windows 10 not just the most secure Windows version ever, but one of the most secure operating systems on the market.

http://www.tomshardware.com/news/windows-10-needed-security-improvements,28996.html#xtor=RSS-181