Working with security on a modern computer begins at startup, and Windows 8 has incorporated the Secure Boot
feature to enable firmware to validate certificates used by the
operating system. Also included in Windows 8 is the Internet Explorer
feature called SmartScreen Filter. This feature helps prevent phishing and browser-based malware attacks. This lesson covers how to configure both Secure Boot and SmartScreen Filter.
Ensuring that Windows has been signed using Secure Boot
Windows 8 supports the Unified Extensible Firmware Interface (UEFI) as a replacement to basic
input/output system (BIOS). UEFI behaves much more like an operating
system that lives in nonvolatile RAM than a firmware-loading boot
environment. This enables the application to be programmable and to
support several features. There are many more features included in UEFI
than in BIOS, but one feature stands out from the rest. This feature is Secure Boot.
Secure Boot requires an operating system to be signed by the
manufacturer to start. In the case of Windows 8, Microsoft or one of
its original equipment manufacturer (OEM) partners would sign the build
to ensure that it hasn’t been modified and install it on a computer by
using UEFI with Secure Boot enabled.
UEFI does more than just allow a computer to boot; it supports
diagnostics, rootkit detection, and other features that follow the
evolution of BIOS. All of this helps keep the pre-operating system
environment secure to ensure that there is less chance of malware
infections and other undesirable software execution before the
operating system starts. If UEFI detects an operating system loader
that is not signed by the publisher, it prevents the operating system
loader from running. Because the process requires signing, malware applications are unable to redirect the boot loader to start another application.
Secure Boot is not required for the computer to start and can be disabled in UEFI
settings; however, OEMs can customize these features and restrict
certain things. From the Microsoft point of view, this setting is
configurable by the customer to provide the best experience for her use.
Some IT professionals prefer to build their own computers. These computers can still take advantage of Secure Boot, but some additional configuration at the UEFI/BIOS
level will be required to begin the process of configuring Secure Boot.
All Windows RT devices require the use of Secure Boot. Newer desktop
and laptop PCs are likely to support UEFI options and features such as
Secure Boot, but an older PC might not be able to take advantage of
this feature.
Staying safe by using SmartScreen Filter
The SmartScreen Filter feature has been included in Internet Explorer for some time to help protect Internet sessions from phishing attacks and malware. Internet Explorer SmartScreen Filter uses the following methods to keep Internet sessions safe:
-
Background real-time analysis
Browsing the Internet can take someone seemingly anywhere, providing
endless information about any topic. As the Internet browsing
continues, SmartScreen Filter checks the information it receives and
determines the intent of code presented on webpages. If the code is
suspicious or deemed potentially harmful, the filter will produce an
alert, warning of potential issues. It is then up to the individual to
decide whether to proceed.
-
Blocking known bad software downloads
When applications are downloaded from the Internet by using Internet
Explorer, they are compared to a list of known malware sites and known
malware applications to determine whether they are safe and should be
allowed. If the application matches an entry on the list, the download
is blocked and an alert is displayed about the blocked item. If the
person downloading the application knows it is safe, he can download it
anyway.
-
Phishing and malware checking
Another feature of SmartScreen Filter protects those using Internet
Explorer from phishing attacks. In addition to analyzing general
content as previously mentioned, the sites visited are compared to
known malware and phishing
sites to determine whether they are safe to use. If a match is
detected, a warning is displayed to help a user browsing the Internet
decide whether to visit that website.
In Windows 8, SmartScreen Filter helps Windows keep computers safe from unrecognized applications.
To configure SmartScreen Filter, complete the following steps:
-
Search for SmartScreen on the Start screen.
-
Select Settings and tap or click Change SmartScreen Settings from the results pane.
-
Select Change Windows SmartScreen Settings from the navigation pane in the Windows Action Center.
-
The available settings for Windows SmartScreen are:
-
Get Administrator Approval Before Running An Unrecognized App From
The Internet (Recommended) This option allows Windows to prompt for
elevated security credentials before allowing apps it doesn’t know to
be safe to execute.
-
Warn Before Running An Unrecognized App, But Don’t Require
Administrator Approval This option displays a warning about the
potentially unsafe application but does not require elevated or
administrative credentials to proceed.
-
Don’t Do Anything (Turn Off Windows SmartScreen) This option
disables SmartScreen and allows applications to run regardless of their
type or configuration. Windows does not check to ensure that they are
safe.
-
Tap or click OK to save the selected settings.
Using SmartScreen Filter can improve security on a computer
by making people aware of potentially bad software before they execute
it. Short of preventing a download entirely, using SmartScreen Filter
on Windows 8 devices forces a user to pay attention, at some level,
when running applications.
