Windows 8: Put its hidden security features to work!
- 08 February, 2013 17:51
Don't let the Windows 8 haters brainswash you: Microsoft actually introduced a few great features in its new operating system, some of which will help keep you safer from malware and other security threats. Though most of these security enhancements are active by default, you still must be proactive to get the most from them. Also, one new Windows 8 feature presents specific security concerns that must be addressed to keep your PC--and your data--as safe as possible. Let's jump in and investigate.
Buy a new PC instead of upgrading
To take full advantage of Windows 8's new security features, your PC needs to run a new kind of boot system called Unified Extensible Firmware Interface (UEFI). This system, which replaces the archaic Basic Input/Output System (BIOS), adds many new boot features and greatly speeds the startup process.
Included in UEFI is a feature, called Secure Boot, that helps prevent unauthorized operating systems and malware from running at startup. This makes it more difficult for data thieves to use bootable discs or flash drives to access your files; it also helps keep rootkits--a form of malware that's hard to detect--from infecting your computer during bootup.
Some PC vendors included UEFI on select systems in the past, but Secure Boot requires a new version, specifically UEFI revision 2.3.1. So if your system originally came with Windows XP, Windows Vista or Windows 7, it likely doesn't include UEFI. And if it does include UEFI, it's probably an earlier version that doesn't support Secure Boot.
Though some PC and motherboard vendors offer upgrades to UEFI, you might want to consider buying a new PC or board that's designed for Windows 8, as such hardware must include UEFI and have Secure Boot enabled by default.
If you're technically inclined, however, you can double-check an older PC's UEFI compatibility before you run out and buy a new system. First, try pressing the traditional BIOS or setup key (such as F2 or Delete) during booting just after you turn on the system. There, you can find your BIOS or UEFI version.
From Windows, you can type msinfo32 in the Start menu search field or the Run prompt to find the BIOS version. If it appears you have a traditional BIOS, you could check with the system or motherboard vendor to see if it's offering upgrades to UEFI. And if the UEFI version you have is older than 2.3.1, see if there are any updates for your PC.
Take precautions when using a Microsoft account
In Windows 8, you can now optionally sign into Windows with a Microsoft account using your email address. This account stores many of your personal Windows settings, preferences, and saved passwords, as well as other items like browser history, favorites, and Windows 8 apps, on Microsoft's servers. Whenever you log on to a new Windows 8 device with that Microsoft account, all your data automatically syncs to your new hardware.
Although this new syncing functionality can be useful, it does pose a security risk. If malcontents get your Microsoft account password, they could log in to your account at another Windows 8 PC and access your synced data. And if you use Microsoft's SkyDrive cloud storage service, they'll quickly be able to access your online files.
To help prevent your Microsoft account from being hacked, use a strong password when creating your account in Windows 8. Try to make it as complex as you can with lower- and uppercase letters, numbers, and special characters, and avoid words from the dictionary. Also make sure to use a unique password. If you simply re-use the same old string that gets you into other sites and services, you're just asking for trouble. Finally, you should avoid storing any truly sensitive documents in SkyDrive.
If you already have a Microsoft (or Windows Live) account, you can use it when logging into Windows 8 instead of creating a new account. And if your existing password isn't strong, you can always change it.
Fortunately, your saved passwords from Internet Explorer, networks, and Windows 8 apps aren't synced to a new system until you confirm it as a "Trusted PC." Once you sign in to a new Windows 8 system, Microsoft sends you an email and/or a text-message alert asking you to confirm it. This is a great protection mechanism, but if you're using a Microsoft email address (Hotmail, say), or if someone knows both your Microsoft account and your other email password, he could confirm the PC he's using as trusted and then access all your saved passwords.
To help make the process of confirming trusted PCs even more secure, use a non-Microsoft email address for your Microsoft account, and use a different password for that email account (which you should be doing anyway). Also make sure to enter your mobile number on your Microsoft account and update it when it changes. You can always add and change email addresses and mobile numbers.
Choose your antivirus program wisely
Windows 8 comes with built-in antivirus software as part of the updated Windows Defender program. However, if your PC manufacturer included a third-party antivirus program with your computer, Windows Defender may be disabled. Either way, make sure you have some form of antivirus program installed and enabled. And if you're considering a commercial antivirus suite, compare the different security suites and choose one that offers good protection--our recent security suite roundup is a good place to start.
Bottom line
We've discussed some security concerns with Windows 8 and how to combat them. Remember, in order to use the new Secure Boot feature, you need to purchase a new system that is Windows 8--certified, or make sure that your current system supports it before upgrading from a previous version of Windows.
If you log in to Windows using a Microsoft account, take the extra precautions I've described to secure your data. Use separate and unique strong passwords for both the Microsoft account and the email account you use. Don't store sensitive files in your SkyDrive online storage account. And keep your Microsoft account up-to-date with your mobile number.
Even though your Windows 8 PC might come with the built-in Windows Defender or a third-party antivirus program turned on, compare your options and choose one of the better antivirus programs.
