Another security capability available for systems using a Trusted Platform Module (TPM) is called Measured Boot. Microsoft has supported TPM for years, mainly for access and encryption management, but it not is widely adopted. It should be. As enhanced in Windows 8, this feature lets Windows measure every component from firmware through the boot drivers and stores these on the TPM on the system. This log is considered trusted (it's spoof-and tamper-resistant), so the antimalware tool can use it to ensure the system is not running any malware. The antimalware tool can send this log to a remote system to have it evaluated, and the remote system may initiate corrective measures. Although this feature requires systems with the TPM built in, it brings greater security.
Additional security features in Windows 8
Along with the boot process enhancements to security, Microsoft focuses on every aspect of Windows 8 to ensure greater protection. For example, there are two new password types: a four-digit PIN and a picture password where you use a photo and set three gestures (on touchscreen devices) that ultimately comprise your "password."
Although you can choose your antimalware tool, Windows 8 comes with Microsoft's Windows Defender, beefed up to protect your system from all forms of malware. It uses Windows Update to update its malware signatures.
If you've played around with Internet Explorer, you know the Smart Screen filter protects your system from phishing attacks and harmful sites on the Internet. In IE9, Microsoft added a new feature called application reputation to help shield users from downloading applications that may be harmful. In Windows 7, Microsoft expanded the Smart Screen technology, URL reputation system, and file/application system to work across the entire OS -- you're protected no matter what browsers you use. The version in Windows 8 is a bit stronger.
Windows to Go is another interesting capabillity that will appeal to IT: It lets you put a fully functional copy of Windows 8 on a USB drive that can boot from systems at work, at home, or anywhere that supports USB boot. Employees can carry a secure corporate PC in their pockets.
Microsoft has also ehanced security features such as BitLocker (which now supports drives that come encrypted from the manufacturer), AppLocker (which lets you control which applications that can be run), and DirectAccess (which manages VPN connections).
Time to get past the Start button
I'm tired of arguing about the lack of a Start button or the pros and cons of the dual Windows 7/Metro UI. Now that I've seen Windows 8 in action, I am impressed -- not with the UI per se (I'm still not there) but with the security value under the hood. In a world of increasing danger, it's nice to know Microsoft knows how to provide a locked door so that we can be safe while looking out the, er, window.
This story, "Windows 8's stealth advantage: Better security," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.