October 26th, 2012, 21:37 PM
Windows 8 ramps up early malware detection
In Windows 8, Microsoft has greatly improved the operating system's ability to detect malware before it has a chance to run, experts say. Windows 8 should also make it more difficult for people to unknowingly install malware in the first place.
The latest version of the OS, officially launched Thursday in a splashy event in New York, includes two key features to detect malware that tries to run while Windows is booting up. Hackers typically like to get their software running before the OS is fully loaded in order to remain hidden from antivirus applications.
Rootkits are a class of stealthy malware that opens a backdoor, so cybercriminals can control a PC. To avoid detection, the malware will replace the code used to start a computer with itself and disable antivirus software.
To battle rootkits, Microsoft has required computer manufacturers to drop the use of the 30-year-old BIOS firmware and replace it with the Unified Extensible Firmware Interface (UEFI). The BIOS sets up communications between the OS and computer hardware before handing over control to the OS.
UEFI makes loading rootkits more difficult by requiring that the initial boot up code be digitally signed with a certificate derived from a key in the UEFI firmware. The feature, called Secure Boot, helps ensure that the code is from a trusted source.