Windows 8 includes antimalware by default, beyond what the traditional Windows Defender used to offer, increasing the level of protection for users right out of the box, and as early as the boot process.
Already packed into Windows 8 Developer Preview Build 8102 Milestone 3 (M3), the next generation Windows Defender (yes, Microsoft kept the moniker) can easily step aside and leave room for third-party security solutions.
Windows Defender no longer loads after the start-up process is complete, but early on during boot, so early that it’s in fact capable of making sure that there’s no problem with the drivers loading after it.
This particular security mitigations, along with a number of other boot-related enhancements, is designed to block malicious code from hijacking the Windows 8 boot process and compromising a machine even before the operating system starts. The move is set up as a countermeasure impacting rootkits and malware with rootkits functionality.
Third-party antivirus vendors will also be able to tailor their security solutions to Windows 8, offering the same Early Launch Anti-Malware (ELAM) capabilities featured by Windows Defender.
A great place to start is the new Windows Developer Center where the “Early Launch Anti-Malware” whitepaper
is available as a free download.
“This document describes the interface requirements for Early Launch Anti-Malware (ELAM) drivers. It is intended to provide information to partners about the potential Early Launch AM driver interfaces,” Microsoft reveals.
“The Early Launch of AM software feature provides a Microsoft-supported mechanism for anti-malware (AM) software to start before all other third-party components. AM drivers are initialized first and allowed to control the initialization of boot drivers, potentially not initializing unknown boot drivers. Once the boot process has initialized boot drivers and access to persistent storage is available in an efficient way, existing AM software may continue block malware from executing.”
Microsoft’s Anti-Malware Vendor Participation Program is designed specifically for companies involved in the software security industry, helping them build next-gen solutions for Windows 8.
Security outfits need to already be a part of the MVI, formerly “Microsoft Virus Initiative,” in order to be a part of the Anti-Malware Vendor Participation Program.
Windows 8 Developer Preview Build 8102 Milestone 3 (M3) is available for download here.