McAfee has a special series of articles related to security for Windows 8 and it’s new application environment. While the operating system itself is very secure, user actions and application security controls present key risks as in other versions of Windows. Below are the first three articles:
Windows 8 – McAfee Labs evaluates security
QUOTE: As with every version of Windows, we see various kernel improvements. With these changes to the OS, Microsoft has made a safer environment for users. But this environment is still vulnerable to the following security risks:
* Socially engineered emails or websites with executable attachments
* Vulnerabilities and exploits targeting Windows applications
* Mass-distributed desktop malware
Most of the malware that we see today does not go after the BIOS. Some go after the boot sequence and most go after the post-boot injection points such as start-up folders, AutoRun registry keys, and autoload DLL/component injection points. The secure boot architecture handles the preboot sequence and makes a good stab at boot driver validation, but there is some distance to go to guard all the injection points used by most malware. Future posts will include more analysis of Windows 8 and the state of its security. We will also explore implications for users and discuss best security practices for operating systems and applications.