SmartScreen began life in IE8 and was significantly improved in IE9 and IE10. But that protection wasn't being applied equally across the entire user experience. For example, what if the user ran a non-IE browser or was downloading content outside of the browser experience? Windows 8 developers worried as well, so SmartScreen was replicated to the entire OS. When you run Windows 8 or Windows Server 2012, you're getting SmartScreen protection on every network download.
Dynamic Access Control
Essentially, Dynamic Access Control is Windows access control (that is, file and folder permissions) on steroids. In the old model, you could limit access only by user or group membership. But with Windows 8 and Windows Server 2012, you can allow or deny access based upon almost any defined claim or attribute.
Claims can be almost any piece of data you store in Active Directory (AD) belonging to a particular security principal (such as a user or a group), including device ID, log-on method, location, and personal information. For example, you can allow access to a particular folder only to local users using a Windows Surface device. Or you can only allow access by the user's pre-approved, company-issued iPad, but not to their personal, non-approved iPad. I have many customers who desperately want the latter ability without having to purchase third-party software. Microsoft Windows has always had solid, reliable access control; Dynamic Access Control ups the ante.
PC Refresh and Reset
Sometimes no matter how many security features you have, you can't stop end-users from bypassing all warnings and installing malware. It's going to happen. Now you can reset Windows back to its original, known, clean safe state. You can choose between resetting everything to a blank slate or saving your application settings and data. You could do this in previous versions, but it always took a lot longer than simply clicking on a single button and acknowledging the warning prompt.
Normally, security features don't sell anything. Features and flashy GUIs do. Many Windows competitors sell briskly despite being continually late to adopt security features Microsoft pushed early on, such as built-in full disk encryption, ASLR, DEP, and more. But Windows 8 takes a big step forward with added security features -- out of the box, enabled from the start. Despite quibbles over the GUI, I have little doubt those improvements alone will sell millions of copies of Windows 8 to security-conscious customers.
This story, "Windows 8 takes security to the next level," was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes' Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.