Microsoft confirms antivirus features in Windows 8

SOFTWARE HOUSE Microsoft has announced that Windows 8 will feature a much more capable version of Windows Defender in addition to other security and anti-exploitation enhancements.

Rumours about Microsoft planning to bundle an antivirus function in its upcoming operating system have caused quite a bit of a stir in the security community over the past couple of days. Some people have declared themselves supportive of the move, while others rushed to point out its possible drawbacks.

The software giant has now confirmed that it will include a more powerful Windows Defender version in Windows 8, which will detect and remove all types of malware. It even released a video to show it in action.

Unlike the Windows Defender bundled with Windows 7, which only protects users against spyware, the Windows 8 variant will get a full-featured anti-malware engine, the same one used by Microsoft Security Essentials (MSE).

"The improvements to Windows Defender will help protect you from all types of malware, including viruses, worms, bots and rootkits by using the complete set of malware signatures from the Microsoft Malware Protection Center, which Windows Update will deliver regularly along with the latest Microsoft antimalware engine," said Jason Garms, Microsoft's group program manager of its reliability and security team.

But the improvements go even further than adding anti-malware capabilities. The new Windows Defender version uses a special file system driver that integrates with the Windows 8 Secured Boot mechanism, ensuring after every reboot that no malware has interfered with the boot path.

Microsoft has also improved the program's performance by making use of new APIs. Information about the programming techniques used is available for other antivirus developers so they can make similar optimisations in their products.

Microsoft has made it clear that users can choose other antivirus solutions, but hasn't said how that choice will be expressed and whether Windows Defender will disable itself if it detects a different antivirus program installed.

Other security enhancements in Windows 8 include the implementation of Microsoft's Smartscreen reputation application directly into the operating system. Microsoft uses this technology in Internet Explorer 9 to determine if downloaded applications are potentially dangerous. Windows 8 will extend it for programs obtained from other sources, like email or instant messaging.

Some of the biggest malware infection vectors at the moment are software vulnerabilities. Microsoft claims that Windows 8 will bring improvements to the ASLR, Windows heap, kernel and Internet Explorer anti-exploitation technologies.

"We've taken a very broad approach to improving the level of protection you'll get from malware in Windows 8, including the use of SDL processes to be secure by design, the implementation and upgrading of mitigations to help protect you against exploits used by malware, improvements to Windows Defender to provide you with real-time protection against all categories of malware, and the use of URL and application reputation to help protect you against social engineering attacks," Microsoft's Jason Garms concluded. µ