IT tutorials
 
Windows
 

Optimizing Windows 8 Security (part 1) : Windows 8 and Antivirus Software, User Account Control

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
12/29/2012 11:40:50 AM

IN ITS VARIOUS GUISES, Microsoft Windows is used by hundreds of millions of people worldwide. Currently, Microsoft Internet Explorer, the standard web browser that’s bundled with Windows, sits at over 50 percent market share; that means over two billion people worldwide use it.

Both of these facts make Windows and Internet Explorer tempting targets for criminals, hackers, and virus writers. Frankly, security problems in Windows have nothing to do with how secure or insecure it is and everything to do with criminals wanting to hit as many computers as possible in a single attack. Why go for attacks on another web browser or another operating system when you can hit a theoretical maximum of only 80 million people? It’s a simple return on investment calculation for the criminal gangs who target computers. Hey, having a sharp business mind and a good grasp of distribution and efficiency isn’t the sole realm of the law abiding, you know.

All this isn’t to say that there aren’t problems with the security of Windows 8. Ironically, what makes Microsoft so successful in the operating system market is also the source of most security problems associated with Windows: legacy code.

Legacy code is the substructure of Windows that allows you to continue to use hardware and software from the earlier days of PC computing as you update your operating system. For example, If you run a DOS application from the heady days of the IBM PC such as WordStar, it will run fine and very speedily on a modern, Windows-based computer. If you want to plug in an old parallel printer and have the appropriate interface on your base unit, you can get it all working fine.

The need for legacy support is to service Microsoft’s biggest customer: business. Many large corporations and businesses that collectively pay billions of dollars in subscription royalties every year to Microsoft commonly use software packages that were written many years ago.

The reasons businesses don’t update software regularly are many and varied, but many stem from two simple principles: 1) It’s expensive to develop customized software, and 2) if it ain’t broke, don’t fix it.

At one point in my career, I provided second and third-line information and communications technology (ICT) support for blue-chip corporate clients, including a major international banking group. Every single client used custom-developed software; even my employer used custom applications for call processing and audit tracking. Some clients, including one of Great Britain’s largest supermarket chains, used hardware that was decades old to run their checkout systems. All of this software and hardware needed technical support, and all of it is most likely still in use today because it does the job those companies need it to do.

These examples also demonstrate the problems businesses face in developing updates for bespoke software. During my time at the supermarket company, management tried to implement new software across all of the checkouts. Despite extensive testing, unforeseen bugs caused considerable downtime for the upgraded machines.

These types of problems can cost millions of dollars in reduced productivity, lost sales, and extra support time, but more exasperating is that they’re all but unavoidable. Thus, Microsoft has announced that Windows 8 will be the last version of the operating system to come in a 32-bit (x86) version. This will make Windows 9 much more robust, though much less compatible with legacy software and hardware.

It is also interesting to note that Windows 8 is the first version of Windows to come with full built-in antivirus protection, although this might serve to confuse many users; the addition of Microsoft Security Essentials, the company’s well known free antivirus package, has been rebranded as Windows Defender, the largely ignored malware package that has existed in Windows for the last decade.

1. Security, Windows XP, and Virtualization

One of the inevitable consequences of the move away from supporting legacy software in modern operating systems is the inclusion of virtualization software. Windows 7 Professional and above included the free XP Mode, a full licensed copy of Windows XP that integrated with the Windows 7 desktop and allowed users to continue to run their legacy software without problems.

With Windows 8, XP Mode is no longer available, but the 64-bit Professional editions and above do include Microsoft Hyper-V virtualization software, instead, which is more powerful application that was ported from Windows Server, where it is a proven technology.

INSIDE OUT: What is virtualization?

Modern computers come with multicore processors. Your computer might have an Intel Core 2 Duo chip with two cores or a quad-core processor (four cores). Server chips commonly now have six, eight, or even twelve cores.

Each core is its own processor—essentially the heart of its own PC—and is capable of running a full operating system and accompanying software on its own. Virtualization can take advantage of this, running your “host” operating system on one core while allowing other operating systems to run on other cores. It is not necessary to have a multicore processor to run a virtual machine, however.

I wanted to spend some time talking about using Windows XP in Hyper-V, though, or any other virtualization software, even on your standard business desktops, if any still remain.

All support for Windows XP will end as of April 2014. This means that beyond that date there will be no more security, stability, or any other patches or updates available for the operating system. If you are using XP even in a virtual machine and it requires a connection to the Internet, or you need to use the web browser in XP to get online, you need to be aware that after all support ends, malware writers and criminals will be targeting the OS aggressively.

Caution

All support for Windows XP is ending in April 2014. After this time there will be no more security patches available for the operating system, leaving remaining systems highly vulnerable to malicious attacks.

There is no reason to assume currently that all Windows XP use will end worldwide in the first quarter of 2014, because it is still used extensively in developing countries such as China.

2. Windows 8 and Antivirus Software

Windows 8 is the first version of Microsoft’s desktop operating system to come with built-in antivirus capability. Windows Defender is a rebadged version of the company’s free antivirus product, Microsoft Security Essentials. This is, in turn, based on the company’s Forefront Client Security package for Windows Server.

However, you might want to use a third-party package, instead. Perhaps you have always used one from another provider with which you’re familiar and comfortable or you are wary about Windows Defender’s ability to protect your computer.

I personally am quite happy with Microsoft Security Essentials because it is both free and stays out of the way, both in terms of alerts and also in terms of scanning. The scanning engine, for example, will only run full scans of your computer when you are not actively using it. On modern, powerful desktop computers, this wouldn’t make any noticeable difference to performance; however, on cheaper laptops and tablet computers, the effect can be quite pronounced.

Turning Windows Defender Off

If you want to use a third-party antivirus package in place of Windows Defender, you will need to deactivate it so that it and your new package and Windows Defender do not conflict with one another.

To do this, open the Start screen and type defender to search for it. When you locate it, open it, click the Settings tab, and then click Administrator, as illustrated in Figure 1.

Use the Administrator settings in Windows Defender’s Administrative to switch it off

Figure 1. Use the Administrator settings in Windows Defender’s Administrative to switch it off

Before you do this, you should take a moment to consider which alternative antivirus package you use, and how effective is it? Here are my personal recommendations, based on features and effectiveness.

AVG Anti-Virus FREE

www.free.avg.com

AVG has long been a favorite firm in the free antivirus category for its overall effectiveness in blocking malware and warning about dangerous websites. The current version of AVG is still as effective, but it now comes with some annoying advertisements for the full paid-for version. If you are prepared to tolerate pop-up advertising, AVG Anti-Virus FREE is still an excellent choice to protect your computer.

Trend Micro Titanium Internet Security

www.trendmicro.com

Of the paid-for security suites for everyday computer users, Trend Micro has a package that offers award-winning protection and a very simple interface that is easy and simple to use. The current version does not contain its own firewall, recognizing that the Windows Firewall is perfectly adequate. That helps it to stay “lightweight.”

Kaspersky Internet Security

www.kaspersky.com

For IT professionals and enthusiasts who want more control over their computer’s security, Kaspersky is the package to have. It includes an excellent scanning engine with significant volumes of controls for technically-minded people.

Microsoft Windows Malicious Software Removal Tool

If you review the updates your computer receives through Windows Update, you might notice something called the Microsoft Windows Malicious Software Removal Tool. This is an extra tool in addition to Windows Defender that’s updated monthly by Microsoft and runs automatically on your computer. It can also be downloaded from the Microsoft website.

As another anti-malware tool, it will check your computer for viruses and malware, try to remove any it finds, and report this information to Microsoft. This is a useful tool, but it should not be considered a replacement for separate antivirus and anti-malware products.

3. User Account Control

Although User Account Control (UAC) is probably one of the least popular features of Windows, it is nevertheless an essential and worthwhile addition to the operating system.

UAC prevents changes from being made to the operating system, which includes software installations, without an administrator’s express permission.

Every time a change occurs that can potentially harm either the computer or the accounts of other users, a UAC dialog will appear, taking the full attention on your screen, and all apps and programs will be temporarily minimized.

INSIDE OUT: Why do administrators need to run things as Administrator?

People with administrator accounts in Windows have permission to perform any action they want; however, UAC will still alert them when changes might have a detrimental effect on the computer.

However, if an administrator wants to run a program, for example, the Command Prompt, he still needs to right click it and select Run as Administrator.

This is to avoid malware bypassing UAC Security because most computers will be used by their main user (Administrator) much of the time, and having all granted elevated privileges, where that software can also do anything to files in Windows, would also grant elevated privileges to malware.

To access UAC, open the Start screen and search for it by typing UAC. It will appear in the Settings results. You can also access it in the Control Panel, in the System and Security section. Figure 2 shows the UAC panel.

Setting the UAC level in Windows 8

Figure 2. Setting the UAC level in Windows 8

There are four settings, or levels, for UAC in Windows 8.

  • Never Notify UAC is turned off, so you are not alerted to any changes to your computer or software or attempts to access critical operating system files.

  • Programs Only You are notified only when programs try to make changes to your operating system settings. You are not notified about other settings changes.

  • Default With the standard and recommended setting, you are notified when programs and other features try to change system settings, but not when you make changes yourself.

  • Always Notify You are notified when any system setting changes.

INSIDE OUT: What triggers UAC?

Windows will give you a visual clue as to what programs and settings are likely to trigger a UAC alert by placing a blue and yellow UAC shield icon over or next to program icons or option links.

Many people find UAC irritating. Many people using Windows Vista disable UAC because the only setting options is to always notify the user of all system setting changes or nothing at all. However, in Windows 8, it’s easy to leave the system turned on. I recommend this because UAC is an essential defense against viruses, malware, and other malicious software on your PC.

Caution

Windows 8 has changed UAC security slightly, meaning that some software will not be allowed to run if UAC is turned off completely.
 
Others
 
- Windows Small Business Server 2011 : Performing Post-Installation Tasks (part 3) - Add a Trusted Certificate
- Windows Small Business Server 2011 : Performing Post-Installation Tasks (part 2) - Set Up Your Internet Address
- Windows Small Business Server 2011 : Performing Post-Installation Tasks (part 1) - Connecting to the Internet
- Using the Windows Small Business Server 2011 Console
- Windows 8 : Using the Basic Windows Utilities (part 4) - Windows Defender, Legacy Program Compatibility
- Windows 8 : Using the Basic Windows Utilities (part 3) - Windows Update, Windows Firewall
- Windows 8 : Using the Basic Windows Utilities (part 2) - Desktop Utilities
- Windows 8 : Using the Basic Windows Utilities (part 1) - Windows 8 Utilities
- Windows 7 : Running Programs and Gadgets - Controlling Your Gadgets
- Windows 7 : Running Programs and Gadgets - Annotating a Document, Enlarging the Screen Content
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Technology FAQ
- Is possible to just to use a wireless router to extend wireless access to wireless access points?
- Ruby - Insert Struct to MySql
- how to find my Symantec pcAnywhere serial number
- About direct X / Open GL issue
- How to determine eclipse version?
- What SAN cert Exchange 2010 for UM, OA?
- How do I populate a SQL Express table from Excel file?
- code for express check out with Paypal.
- Problem with Templated User Control
- ShellExecute SW_HIDE
programming4us programming4us