Windows 8 security is already an opportunity

Breaking in through Windows might prove much more difficult once customers migrate to the latest OS, says Joseph Souren

Big software players have been making millions on the mantra that layering can solve it all. But there are now threats that can go undetected and wreak havoc before the OS loads – representing a channel opportunity as enterprises start to look for better answers.

TDL4 malware and its multiple variations evaded host-based detection and remediation through its ability to change master boot records, and also through peer-to-peer communications. Instead of having one command-and-control URL or a single server, the server continued to change. Commercial anti-virus is unable to detect let alone remove it.

The only way to detect system changes from these attacks is to activate and manage embedded hardware security that can store the signatures of critical start-up components, and the ones that are most important are used early in the boot process, before anti-virus initiates.

Trusted platform modules and management consoles can allow data collection and correlation, alerting the IT manager when unwanted changes are detected.

Windows 8 supports hardware encryption tools like the Trusted Computing Group standard platform modules and Opal self-encrypting drives (SEDs), easing procurement and deployment of industry-standard drives, purchased from multiple sources and managed across an installed base using Windows 7, Windows 8, or both.

Microsoft is also advocating remote attestation in Windows 8, allowing trusted third parties to monitor pre-boots.

Enterprises don't need to migrate immediately. Many are in the process of migrating to Windows 7, but will be able to take advantage of the activation and management of embedded hardware security straight away.

Encryption is vital. A European data protection regulation drafted early this year will require enterprises to prove encryption at the point of loss or theft. Penalties may be up to two per cent of an organisation's global annual turnover.

But if encryption is software based, it is difficult to prove it is even working. With an SED, encryption cannot be turned off, and the management console can provide auditable information.

Hardware-based security is also more cost-effective than software-based security, not to mention the protection against being penalised under the law and being forced to pay substantial fines. So the channel can start selling the benefits of Windows 8 to enterprises now.

Joseph Souren is vice president and general manager at Wave Systems and geo manager at Scrambls