Windows Defender, like its predecessor, is great at what it does. But there’s one problem with an integrated antivirus and anti-malware solution like Defender, and that is that Windows 8 must be running for it to work. There are certain situations in which you may wish to secure your PC’s hard disk—just as when it’s booting —or need to run a security scan against the hard disk when Windows isn’t running. And while one might argue that these capabilities aren’t technically Windows 8 features per se, you need to know about them.
First, as PCs have become more sophisticated, the architecture on which Windows runs has evolved. And one of the biggest changes that Windows 8 has been designed to accommodate is the long overdue switch from the primitive BIOS (basic input/output system) environments that have graced (disgraced?) PCs since the 1980s. BIOS is a type of firmware, a tiny bit of software that runs before Windows when the PC first powers on. And while it’s possible to run Windows 8 on a BIOS-based computer—basically every single PC made before 2012—a new generation of more sophisticated PCs and devices are instead using BIOS’s replacement. It’s called UEFI, or the Unified Extensible Firmware Interface.
UEFI provides many advantages over BIOS, but from a security perspective the big deal is that PCs based on this firmware type can support a new technology called Secure Boot. Based on industry standards, Secure Boot ensures that a system hasn’t been tampered with while offline. (That is, while Windows isn’t running.)
It sounds Orwellian but the purpose of Secure Boot is valid: It targets a growing class of electronic attacks that insert code before Windows boots and try to prevent the OS from loading security software like Windows Defender at boot time, leaving the system vulnerable to further attack. Secure Boot ensures that only properly authorized components are allowed to execute at boot time. It is literally a more secure form of booting.
All Windows 8 PCs and devices will be configured from the factory to support Secure Boot and have this firmware feature enabled. But if you are going to install Windows 8 on a previous PC, you can check to see whether this feature is supported and then enable it before installing the OS.
As a feature of the PC firmware, Secure Boot isn’t configured in Windows; it’s configured in the UEFI firmware interface. This interface will vary from PC to PC, but it’s generally available via a Boot or Security screen in the firmware and is toggled via an option that will be labeled UEFI Boot. This can be set to Enabled or Disabled.
The other security issue that arises at boot time occasionally is the need to scan an offline system. That is, you may want to run a Windows Defender security scan against a Windows 8 hard disk, but when Windows isn’t running. This can be a vital capability if your system is infested with a
Fortunately, Microsoft makes a standalone version of Windows Defender called the Windows Defender Offline. As you might expect, it is based on Windows Defender, and looks almost identical to that tool. But you install it to a bootable optical disc or USB memory stick and then boot the PC from that. Windows Defender Offline is shown in Figure 12-16.
Strictly speaking, there’s no reason to run Windows Defender Offline unless you know you have a problem. But don’t wait to create a bootable Windows Defender Offline disc or USB key until you have a problem: This is a tool you should have at the ready, just in case. You can download Windows Defender Offline from the Microsoft website at tinyurl.com/defenderoffline.
Some related security features, BitLocker and EFS, can be used to protect the contents of a Windows PC’s hard drive. These are discussed in Chapter 14.
Figure 12-16: Windows Defender Offline can clean an offline PC.
Windows SmartScreen
Microsoft added an interesting and useful security feature to Internet Explorer 9 called SmartScreen that helps guard your PC against malicious software downloads. IE 9’s SmartScreen feature works very well, but of course it can’t help you if you use a different browser, such as Google Chrome or Mozilla Firefox, or if you download a malicious file through another means, such as an e-mail application or USB storage device.
SmartScreen uses a Microsoft hosted “reputation” service that uses actual user feedback to help determine whether files are trustworthy. So that means you can help make the service more useful for everyone simply by using this feature.
To help protect you against malicious software more globally, Windows 8 includes a special version of SmartScreen, called Windows SmartScreen, which protects the filesystem against malicious files, no matter where they come from. Windows SmartScreen works exactly like IE 9’s SmartScreen feature, meaning it utilizes both holistic sensing technologies and an Internet-hosted service to determine whether files are malicious or at least suspected of being so.
To configure Windows SmartScreen, you’ll need to launch Action Center, which is available via the system tray (it’s the icon that resembles a cute little white flag) or through Start Search.
Using the Action Center route, you’ll see an option on the left of the window called Change Windows Start Screen settings. Click this option to display the window shown in Figure 12-17.
Figure 12-17: Windows SmartScreen settings
We recommend using the default setting, which is “Get administrator approval before running an unrecognized app from the Internet.” Unless you’re regularly hanging out in torrent sites or other gray areas of the Interwebs, you’ll find this isn’t too annoying.
When Windows SmartScreen fires up, you’ll know it: The full-screen notification shown in Figure 12-18 displays, interrupting whatever you were doing.
Figure 12-18: Windows SmartScreen notifications are a bit hard to miss.
As with any full-screen notification, you’ll want to deal with this before proceeding. And while SmartScreen can certainly suffer from false positives, our advice is to think very carefully before just dismissing this. It’s warning you for a reason.
Action Center Improvements
If you’re familiar with Action Center from Windows 7, you know that it’s an improved version of the Security Center that dates all the way back to Windows XP with Service Pack 2. In Windows 8, Action Center carries forward largely unchanged in that it still performs the same function of tracking security and troubleshooting items in the OS and popping up notifications when something goes wrong.
What’s changed is that Action Center now tracks far more items than it did in Windows 7. And while many of the items it tracks are, as you might expect, related to new features in Windows 8, some aren’t. It’s just fleshed out better.
In Windows 8, Action Center now tracks these additional items:
• Windows SmartScreen: This security feature, described earlier, debuted in Windows 8
