This week, Redmond-based software giant Microsoft went to the Black Hat 2013 conference to detail some of the security enhancements that the upcoming Windows 8.1 platform release will bring along, some of which are detailed below.
In Windows 8.1, Microsoft invested a lot in trusted hardware, so as to facilitate BYOD scenarios, enabling an IT department to deploy necessary tools to an employee’s computer easier than before.
The platform comes with enhanced support for the Trusted Platform Module (TPM), a hardware security device or chip packing various crypto functions, such as the secure storing of keys, or the ability to perform cryptographic measurements.
“TPM 2.0 is required for all InstantGo (Connected Standby) devices which will ensure modern devices are ready for BYOD scenarios,” Microsoft’s Dustin Ingalls explains in a recent blog post.
“And in Windows 8.1, we expand on the strategy behind TPM, with features such as key attestation, which allows you to ensure your private key is safely bound to hardware instead of malware, and virtual smartcard management WinRT APIs to enable Windows Store apps to set up and manage virtual smartcards.”
He also notes that Microsoft is working towards requiring TPM 2.0 on all devices by January 2015, and that Windows 8.1 also adds more controls for IT departments to place on devices so as to ensure that only specific users receive physical access to them.
Windows 8.1 will be loaded on hardware with better fingerprint scanning capabilities, offering support for capacitive full fingerprint, easy to set up on any device through Modern Settings.
Basically, users will be able to take advantage of Biometrics anytime when a Windows credential prompt appears, thus eliminating the need to remember passwords for logging in. Furthermore, Microsoft came up with new APIs to support biometrics on the WinRT platform.
In addition, Windows 8.1 streamlines the Virtual Smart Card (VSC) management process, courtesy of support for enrollment and management via WinRT APIs, while also increasing the trustworthiness of the Public Key Infrastructures (PKIs).
“We have a service now that scans the top two million SSL/TLS sites on the web daily to look for anomalies or bad practices and will notify partners (certificate authorities or companies that had a fraudulent certificate issued in their name) quickly when we see issues,” Dustin Ingalls notes.
“With Windows 8.1, a server or service can require proof (attestation) that private certificates and keys are protected by hardware. If that can’t be proven, access is denied,” he also explains.
These new security features have been included in Windows 8.1 Enterprise Preview, which became available for download earlier this week, providing business customers with the possibility to test them before the final OS flavor is released.