Protecting you from malware


One of the things we talk quite a bit about with Windows 8 is making sure Windows is a safe, secure, and reliable computing environment. We have always provided a broad range of solutions for achieving these goals and work closely with a broad range of industry partners. We continue to enhance these capabilities with Windows 8 while making sure you always have choice and control over how to protect and manage your PC. With Windows 8 we are extending the protections provided by Defender to address a broader range of potential threats. Jason Garms, the group program manager of our reliability and security team authored this post that represents work across several teams.  –Steven

I’m excited to share with you some investments we are making in Windows 8 to better protect you against the constantly changing landscape of malicious software (“malware”). In this blog I will talk about enhancements to mitigation features that help protect you against exploits used by malware, improvements to Windows Defender to provide you with real-time protection from all categories of malware, and the use of URL and application reputation to help protect you against social engineering attacks.

A view of the current landscape

Criminal attacks continue to evolve and malware has become their standard weapon against anyone who uses the Internet—on traditional form-factor devices, as well as on mobile devices like tablets and phones. Malware targets all operating systems and browsers, and in recent years, criminal attacks against applications have increased substantially.

Criminals also use social engineering to trick you into performing actions that put you at risk. An increasingly common social engineering strategy uses online advertising campaigns to lure you to a site that installs malware on your computer.

An economy has developed around building reliable vulnerability exploits, which criminals buy to help distribute their malware. Criminals make money from their malware, so they invest in ways to keep it alive such as producing a higher quantity of malware, updating it more frequently—e.g. multiples times each day—and increasing its size and complexity. Some malware is as complex as commercial applications.

Secure by design

We use the Security Development Lifecycle (SDL) to build Windows with the best security design, development and testing practices available. Some highlights include:

  • Threat modeling and security design reviews. During the design process we consider how criminals might seek to attack features and scenarios, and incorporate this analysis into our designs.
  • Writing secure code. Training and code quality tools help to prevent common coding issues from entering the Windows source code.
  • Penetration testing. Security engineers take an attacker’s perspective when reviewing a completed set of features that make up a scenario.
  • Security code reviews. Security engineers provide additional security-oriented code reviews for highly sensitive components.
  • Security tools. Tools continuously updated with the latest state of the art in finding and exploiting software provide a scalable solution to improve existing code.

Making it harder to create an exploit on Windows 8

With Windows XP SP2, we began creating defenses called mitigations that make it difficult to develop reliable exploits for security vulnerabilities. Each subsequent version of Windows has continued to expand and improve on these mitigations, because a single mitigation feature can break an entire class of exploits. Windows 8 includes mitigation enhancements that further reduce the likelihood of common attacks. Some of these improvements include:

  • Address Space Layout Randomization (ASLR). ASLR was first introduced in Windows Vista and works by randomly shuffling the location of most code and data in memory to block assumptions that the code and data are at same address on all PCs. In Windows 8, we extended ASLR’s protection to more parts of Windows and introduced enhancements such as increased randomization that will break many known techniques for circumventing ASLR.
  • Windows kernel. In Windows 8, we bring many of the mitigations to the Windows kernel that previously only applied to user-mode applications. These will help improve protection against some of the most common type of threats. For example, we now prevent user-mode processes from allocating the low 64K of process memory, which prevents a whole class of kernel-mode NULL dereference vulnerabilities from being exploited. We also added integrity checks to the kernel pool memory allocator to mitigate kernel pool corruption attacks.
  • Windows heap. Applications get dynamically allocated memory from the Windows user-mode heap. Major redesign of the Windows 8 heap adds significant protection in the form of new integrity checks to help defend against many exploit techniques. In addition, the Windows heap now randomizes the order of allocations so that exploits cannot depend on the predictable placement of objects—the same principle that makes ASLR successful. We also added guard pages to certain types of heap allocations, which helps prevent exploits that rely on overrunning the heap.
  • Internet Explorer. “Use-after-free” vulnerabilities represented nearly 75% of the vulnerabilities reported in Internet Explorer over the last two years. For Windows 8, we implemented guards in Internet Explorer to prevent an attacker from crafting an invalid virtual function table, making these attacks more difficult. Internet Explorer will also take full advantage of the ASLR improvements provided by Windows 8.

Keeping malware off your PC

Having effective malware protection is important for any device connected to the Internet and almost all Windows PCs sold today include a traditional antimalware solution, though it is often a time-limited or trial version.

Shortly after Windows 7 general availability in October 2009, our telemetry data showed nearly all Windows 7 PCs had up-to-date antimalware software. However, a few months later the trend started to decline month-to-month, likely reflecting antimalware trial subscriptions expiring. A year later, at least 24% of Windows 7 PCs did not have current antimalware protection. Our data also shows that PCs that become unprotected tend to stay in this unprotected state for long periods of time. And when antimalware software is even one week out of date, its ability to protect against new malware drops significantly.

We believe that all Windows 8 users should be protected by traditional antimalware software that provides an effective, industry-recognized level of protection. There are a lot of great antimalware solutions available that we expect will be updated to protect Windows 8 PCs and we believe most PC makers will continue to ship Windows PCs with these solutions installed.

Windows Defender

If you don’t have another solution installed, Windows 8 will provide you protection with a significantly improved version of Windows Defender.

Improved protection for all types of malware. The improvements to Windows Defender will help protect you from all types of malware, including viruses, worms, bots and rootkits by using the complete set of malware signatures from the Microsoft Malware Protection Center, which Windows Update will deliver regularly along with the latest Microsoft antimalware engine. This expanded set of signatures is a significant improvement over previous versions, which only included signatures for spyware, adware, and potentially unwanted software.

In addition, Windows Defender will now provide you with real-time detection and protection from malware threats using a file system filter, and will interface with Windows secured boot, another new Window 8 protection feature.

When you use a PC that supports UEFI-based Secure Boot (defined in the UEFI 2.3.1 specification), Windows secured boot will help ensure that all firmware and firmware updates are secure, and that the entire Windows boot path up to the antimalware driver has not been tampered with. It does this by loading only properly signed and validated code in the boot path. This helps ensure that malicious code can’t load during boot or resume, and helps to protect you against boot sector and boot loader viruses, as well as bootkit and rootkit malware that try to load as drivers.

The same interfaces for secured boot used by Windows Defender, as well as all APIs used by Windows Defender, are available for use by our antimalware partners to deliver additional protection to Windows customers.

  • Improved user experience. We have designed Windows Defender to be unobtrusive for most daily usage, and will notify you only when you need to perform an action, or critical information demands your attention. Windows Defender will also use the new Windows 8 maintenance scheduler to limit interruptions.
  • Improved performance. Traditional antimalware technologies are well known for impacting system performance. It’s not uncommon that running antimalware software doubles the amount of time required for core scenarios like file copy and boot. As you read in last week’s blog entry, we have a lot of people working on system performance and Windows Defender dramatically improves performance on all key scenarios compared to common antimalware solutions on Windows 7, while maintaining strong protection. For example, Windows Defender with its full protection functionality enabled adds only 4% to boot time, while dramatically reducing CPU time during boot by 75%, disk I/O by around 50MB, and peak working set by around 100MB.

These same improvements benefit energy efficiency, meaning Windows Defender consumes less power, and gives you longer battery life.

We’re continuing to work with antimalware partners during the Windows 8 development process so you have the best possible Windows PC experience no matter what antimalware solution you choose. We provide them with resources, such as the technical details of how we architected the performance improvements for Windows Defender, so they have the opportunity to make similar improvements to their products.

Microsoft SmartScreen for Internet Explorer and now for Windows too

Traditional antimalware software plays a critical role in defending and remediating attacks. However, reputation-based technologies can help provide effective protection against social engineering attacks before traditional antimalware signatures are available, especially against malware that pretends to be legitimate software programs.

Windows 8 will help protect you with reputation-based technologies when launching applications as well as browsing with Internet Explorer.

Since its release, the SmartScreen filter has used URL reputation to help protect Internet Explorer customers from more than 1.5 billion attempted malware attacks and over 150 million attempted phishing attacks. Application reputation, a new feature added to SmartScreen in Internet Explorer 9, provides an additional layer of defense to help you make a safer decision when URL reputation and traditional antimalware aren’t enough to catch the attack. Telemetry data shows 95% of Internet Explorer 9 users are choosing to delete or not run malware when they receive a SmartScreen application reputation warning.

We understand that Internet Explorer isn’t the only way you download applications from the Internet, so Windows now uses SmartScreen to perform an application reputation check the first time you launch applications that come from the Internet.

In Windows 7 when launching these downloaded applications, you get the following notification:

Securtiy warning in Windows 7, which states "The publisher could not be verified, are you sure you want to run this software? Run/Cancel; This file does not have a valid digital signature that verifies its publisher....etc.

In Windows 8, SmartScreen will only notify you when you run an application that has not yet established a reputation and therefore is a higher risk:

Security warning in Windows 8 Developer Preview, which states "Windows protected your PC; Windows SmartScreen prevented an unrecognized program from starting. Running the program might put your PC at risk. And two buttons: Run Anyway, or Don't Run.

The user experience for applications with an established reputation is simple and clean: you just click and run, removing the prompt you would have seen in Windows 7.

SmartScreen uses a marker placed on files at download time to trigger a reputation check. All major web browsers and many mail clients, and IM services already add this marker, known as the “mark of the web,” to downloaded files.

We expect average users to see a SmartScreen prompt less than twice per year and when they do see it, it will signify a higher risk scenario. Telemetry data shows 92% of applications downloaded via Internet Explorer 9 already have an established reputation and show no warnings. The same data shows that when an application reputation warning is shown, the risk of getting a malware infection by running it is 25-70%. And SmartScreen gives you administrative controls to prevent your non-techie friends or children from ignoring these warnings.

We’ve seen dramatic results with this approach in Internet Explorer and we’re happy to bring it to a broader set of Windows scenarios.

Here’s a video that shows you Windows Defender and SmartScreen URL and application reputation in action:


Download this video to view it in your favorite media player:
High quality MP4 | Lower quality MP4

In conclusion, we’ve taken a very broad approach to improving the level of protection you’ll get from malware in Windows 8, including the use of SDL processes to be secure by design, the implementation and upgrading of mitigations to help protect you against exploits used by malware, improvements to Windows Defender to provide you with real-time protection against all categories of malware, and the use of URL and application reputation to help protect you against social engineering attacks.

Thanks,

–Jason Garms

Comments (120)

  1. 佐藤江美 says:

    使いやすいのでしょうかね?win7にしたばかりですが・・・(-_-;)

  2. Jonathan says:

    I was very glad to see MSE rebranded as Windows Defender and bundled with Windows 8! However, is this legal for you guys? I guess obviously, but I don't see you doing this a few years ago even, antitrust and all. Also, how are you going to prevent your dearly beloved OEMs from screwing this up by preloading competing, and in my opinion sub-par, antivirus solutions?

  3. TPM Bob says:

    Will Win8 use the mandatory integrity labels more aggressively than Win7?  For example, will it be used for more than just IE, will there be new GUI or command-line tools for it, will there be Group Policy support for setting these integrity labels and associated read/write/execute rules?  Thanks!

  4. jader3rd says:

    The biggest thing a user can do is to not run their user account as administrator. I hope that Windows 8 adds controls for preventing executables from running which haven't been installed behind an elevated protected directory. That would make it very hard for a user to download an untrusted executable an then run it, harming themselves.

  5. And what about Windows Security Essentials? Any changes on that front as well?

  6. Anon says:

    You are very vague. Explain clearly: Is Windows Defender now the same as Security Essentials or is Essentials still a superset of Defender? You talk about realtime protection. I thought Defender already includes a realtime protection. What has changed? Again vague and unclear. I Defender in Windows 8 a true antivirus product then or not? What feature are still missing for example? Be clear. You are ivasive. Microsoft is always vague like this especially in your documentation. Say it clearly, we are implementing this and not implementing the other thing. Be clear please.

  7. raymond says:

    eh I hope the metro tablet side does not get infected by virus because that will make the tablet experience miserable.

  8. James Tiberius Kirk says:

    The best malware protection is only one: Mac OS X.

    Period.

  9. Anon says:

    Also vague is the statement. "Improved protection for all types of malware.

  10. Anon says:

    Microsoft is always vague everywhere. In their documentation, MSDn everywhere. Compare this to Google's cristal clear posts and developer documentation. Anyway: What does "Interfacing with secure boot" mean exactly? It can mean one hundred things. What do you do exactly? And why do you separate realtime protection from other types of protection. You say you provide enhanced protection against most malware and yet below you talk about realtime protection. Why? Is realtime separate. When I buy an antivirus realtime protection is understood to be part of the "protection" not extra. And you mean to say the Defender did not have realtime protection before? Again be clear like Google.

  11. Anon says:

    Microsoft is always vague everywhere. In their documentation, MSDn everywhere. Compare this to Google's cristal clear posts and developer documentation. Anyway: What does "Interfacing with secure boot" mean exactly? It can mean one hundred things. What do you do exactly? And why do you separate realtime protection from other types of protection. You say you provide enhanced protection against most malware and yet below you talk about realtime protection. Why? Is realtime separate. When I buy an antivirus realtime protection is understood to be part of the "protection" not extra. And you mean to say the Defender did not have realtime protection before? Again be clear like Google.

    This commenting system is broken.

  12. jader3rd says:

    I'm going to have to disagree with you Anon. I find MSDN documentation to be way better than any other documentation library I've used. Is it perfect? no. But it is really good.

  13. Wouldn't it be better to exclude the "run anyway" button in the Windows SmartScreen promt and change the color to a bright red, instead of green?

  14. Emily says:

    @James Tiberius Kirk. right… because osx doesn't have malware /s.. stop being idiot  with those statements .

    anyway, the only security system people need is common sense. but if you are the ones that think OSX is better for that? omg… i better dont say more.

    anyway, i would rather play too many videogames, even free to play mmos in my windows machine, work with my designs in 3dsmax, and do all the stuff i do… than limiting myself to use OSX

  15. @Anon

    I think it's probably best to be a vague as possible when it comes to security.

  16. Andrew B says:

    Does this mean the end fo Securiy Essentials for Windows 8 or will we as consumers still need this?

  17. Jeremy says:

    So, what happens to Microsoft Security Essentials?

    @Fake Kirk: Troll.

  18. John says:

    Why not make software can be run in sandbox/real time mode, this will get rid all the problems.

    Windows defender can really waste system resources and delay boot-up time.

  19. James Tiberius Kirk says:

    I'm not idiot (thanks for the comment) or troll, it's reality.

    Windows should be rewritten from scratch to change its vulnerable roots.

    They must abandon NT and create a truly new SECURE base.

    Until that day, Windows will ALWAYS remain what it is…

    Mac OS X and Linux are more secure at their base level, that's the big difference.

    Windows is a paper boat over the sea.

    It will be Windows NT 6.2, it's absurd, still NT inside, nooooo!

  20. Nice to hear that the default security suite will be more robust and enabled by default.

    I also hope that you have fixed some start-up issues with MSE like:

    Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.

    Feature: Behavior Monitoring

    Error Code: 0x80004005

    Error description: Unspecified error

    Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

    when the computer is online all the time and so it should have up-to-date definitions

    and starting the engine late in the Windows login cycle (I often see a red cross for a while after login to Windows 7 just after the computer starts up).

  21. arnold says:

    It's amazing how one can write so much and manage to create way more questions than answers. Here's the word I'd use to describe Microsoft's communication with users and developers: confusion. Pure, unadulterated confusion. Seriously guys, I don't think you'd be able to create more confusion about Windows 8 even if you tried.

  22. Mohit says:

    Very Very nice concept.

    1. Pls let us know what is the future of Microsoft Security Essentials. I think its better to merge the windows defender and essentials in one package. Less confusion for end users.

    2. Also ppl need to know the time limit for the security package. Will this be on trial or permanent.

    3. Pls make sure that real time protection does not result in system performance issues.

  23. Mohit says:

    Can you specify if this will also have boot time protection like able to check for virus before windows even boots… 🙁 I dont know proper term

  24. Will someone explain the relationship between Defender and Security Essentials, which we know is the best thing ever?

  25. Drewfus says:

    "Windows Defender with its full protection functionality enabled adds only 4% to boot time, while dramatically reducing CPU time during boot by 75%, disk I/O by around 50MB, and peak working set by around 100MB."

    Excellent work. Compare to these figures: thepcspy.com/…/what_really_slows_windows_down

    I've never heard of UEFI Secure Boot – are you going to do a seperate post on that subject?

    As a matter of comparison, what would be the most secure system, of:

    * Windows 8 running Defender

    * Windows 8 with Defender disabled but this Group Policy setting enabled:

     Security SettingsLocal PoliciesSecurity Options: ValidateAdminCodeSignatures

    Ref: technet.microsoft.com/…/dd835564(WS.10).aspx

  26. @James Tiberius Kirk says:

    4 words for you.. let me wrap it: STFU !!

    Windows has more than 90% of the world's OS market share and it will grow more with the arrival of windows 8. OSX is somewhere near 3%. netmarketshare.net and keep you facts straight. OSX is worth of nothing. Only some clumsy punks like you like to use it.

    and yes you are a freaking troll.. just saying.

  27. Windows Defender as as an anti-malware AND anti-virus!

    I never thought I'd see the day :O

  28. I think the explorer Smart Screen Filter might be too annoying like UAC under Vista.

    I'm running the Developer Preview and noticed that dragging a photo from a webpage into an explorer folder triggers "do you want to allow this website to copy files to your computer. you should only allow files you trust."

    And it does that for every… single… file I drag & drop, even after I've allowed a website to copy files to my computer.

  29. anony says:

    @jimbrowski

    That sounds more like a bug, images aren't covered by IE's reputation, I don't see why they'd be covered by Windows reputation. I'd wager it has nothing to do with SmartScreen at all.

  30. DanglingPointer says:

    SmartScreen scanner is a real pain in the butt. Its variant running on Hotmail drives even the legit/safe emails to the junk folder. Define safe emails? The ones generated from Answers.microsoft.com and windowsteamblog.com – the notification emails from these domains. No kidding I reported this issue to the live team feedback system and they in turn ask me to read about how smartscreen works !! Steven you can check for yourself.. Either the auto generated emails from the aforementioned domains are ill-formatted or the SmartScreen scanner needs a doctor. More on it at: answers.microsoft.com/…/ff079016-8dc0-496a-a1dd-2b7f44f11d6c

  31. Ben says:

    The worst malware I ever had was all the pre-installed bloatware. Also, any Adobe product.

  32. seandakid says:

    Race is on for the first official virus to be released for Windows 8 specifically. Prolly already out there floating around…

  33. fjpoblam says:

    Has Microsoft done a serious study of how often folks just click through the warning?

    "Run anyway" or

    "Are you sure?" "Yes"

    Yes, I realize the prompts serve a purpose and represent a substantial protection mechanism. But has Microsoft taken a study of, how often the "average user" takes advantage of this mechanism?

  34. Gustavo Nieves says:

    What will happen to Microsoft Security Essentials in Windows 8? Which to choose? Windows Defender, or Essential?

  35. Does Defender have the firewall integration that Security Essentials has? It looks like it is missing many options from the latest version of SE, so is Defender expected to be upgraded to SE for more comprehensive security, like in Vista and 7?

  36. ktyle says:

    @James Tiberius Kirk Macs are for people who are computer illiterate. You pay double the price for a computer that has half the functionality and specs of it's competitors because you don't have any common sense.

  37. Joshua says:

    @TPM Bob

    If this is implemented, I guarantee you that I and many others who sell Windows software will require it to be turned off. Heck, my installer is a .exe so it won't even run.

    As for why I do not use MSI: Cannot install MSI from inside MSI indirectly. Therefore, cannot decide on the fly whether or not to install SQL Express unless my installer does not use MSI.

  38. Anon says:

    Let me give you some examples why MSDN and your blog postings are vague and contain lots of mistakes, or your naming is illogical:

    1. Is it Windows Live or simply Live?

    On MSDN you call the new sdk as the Live Connect SDK and not the Windows Live sdk. But the services are still called Windows Live. Decide please. Is it Live or Windows Live? Live Hotmail or Windows Live Hotmail? Remember Windows Live Search, afterwards renamed to Live Search, etc.

    2. From Windows Defender help in Windows 7:

    "Real-time spyware protection alerts you when

    spyware and other potentially unwanted software attempts to install itself or run on your computer."

    So there is realtime protection after all? So, what are you adding in Windows 8?

    3. From the same help topic:

    "Real-time protection agent Purpose

    Downloaded files and attachments Monitors files and programs that are designed to work with web browsers. These files can be downloaded, installed, or run by the browser itself. Spyware

    and other potentially unwanted software can be included with these files and installed without your knowledge."

    Hehehe. Downloaded files and attachments are certainly not files and programs that are designed to work with web browsers. So, what did you mean? Browser pluggins perhaps? And which browsers anyway are you talking about? Vague vague vague. And wrong. Perhaps you mean e-mail attachments and IE downloads? Then why would you say "programs that work with web browsers". Frustration!

    4. At the top of all the MSDN pages describing the new Live Connect SDK:

    "This page describes features that are scheduled to be updated. For information about upcoming programming interfaces to Live Connect, see the Live SDK preview documentation at the Microsoft Connect website for Live Connect."

    What do you mean? Honestly. Does the above make sense to anyone?

    "features that are scheduled to be updated" means what? Do you mean to say that this is a pre-release version of the documentation?

    "see the Live SDK preview documentation at the Microsoft Connect website" means what? The documentation is on the MSDN page I am currently reading and which contains this notice. Why should I go to MS Connect to read the same things there?

    OK, let me go to MS Connect. You click the link and it takes you to a Live ID sign-in page. Still and after so many years and even though it is used by 500 million users, the Windows Live ID (or is it Live ID) sign-in page is slow sooo sloooow to load. Compare this to Google's sign-in page which appears instantly.

    OK, I don't want to sign-in, I decide to press back. Oh, look, back does not work! You can't go back. The log-in page loads and re-loads when you press back.

    You see, errors, mistakes, broken experiences everywhere.

    5. OK, I manage to go back to MSDN after trying and re-trying. But look, if I click the Documentation link at the top of the Live Connect SDK it takes me to an API reference!

    Honestly now, when somebody tells you they want to read the DOCUMENTATION of a new technology, like the Live Connect SDK in this case, the first thing any intelligent person would show them is a reference? Ask yourselves. I would show an overview, a programmers introduction, a developers Guide, etc. Certainly not switch to the Reference section right away.

    Compare this to Android's documentation. You click on something and the page you expect comes up. Not something illogical.

    By the way, that MSDN section includes things that I think are not even distributed with current versions of Windows Live Messenger for example, like the Activities SDK. Again, another problem is that your documentation is updated slowly and sometimes never. Win32 API MSDN section for example which contains things from the 90s and even samples which do not compile.

    6. OK, let me go back to dev.live.com, perhaps there I will find what I want. Oh, look some graphics which I have to click on to get to the information I want not links? And some vague promises like:

    Skydrive enables you to work with users' photos and documents. Photos? Documents? Why not they say simply users' files? Oh, perhaps they only restrict Skydrive to specific file types, such as JPG. Who knows. Let me read on.

    Later down of course it appears that photos = both photos an videos. I guess for Microsoft videos are simply large photos, so we'll call everything photos. It makes sense doesn't it?

    But wait a moment, perhaps documents now equals all files too. Because how can you tell if something is a "document" or not.

    Again confusing.

    Oh, I am fet up. Unclear as always.

    I guess I will not use Live Connect after all.

  39. Do a Bing search on the recent malware attacks to OS X.   Then say that OS X is more secure.   Windows has more attackers specifically because it has 90% marketshare.  Why even target something with 3% when you're getting paid for the number of computers either taken over or infected?

    And yes, as indicated in the article above, Microsoft has done studies on how often the user clicks "yes" continue and has a problem and when the click "yes" and don't.   Please read the article before commenting.

    I also agree with the guy who said that "how security prevents attacks should be kept vague", and you should too, unless you're a hacker, that is.

  40. gawicks says:

    @Anon

    Defender will pick up all the capabilities of MSE and will take advantage of windows 8 specific security features. Wasn't that vague was it ?

  41. Wanna know a great way to protect everyone from malware??????

    Move onto a UNIX like Kernel 😉

  42. Tuxplorer says:

    @BumbleBritches75,

    Windows is FAR more secure than UNIX and Linux will ever be.

  43. Tuxplorer says:

    @BumbleBritches75,

    Windows is FAR more secure than UNIX and Linux will ever be.

  44. FZB says:

    "The same data shows that when an application reputation warning is shown, the risk of getting a malware infection by running it is 25-70%."

    Thats quite a broad percentage range. Would be interesting what makes it 25% risk and what 70%.

  45. ray says:

    windows 8 preview is slower than windows 7.

  46. ray says:

    no screen resolution on windows 8 preview? bring back aero them

  47. nathen says:

    what happen to themes on windows 8? y the blurry look. bring the glassy interface

  48. nathen says:

    what happen to themes on windows 8? y the blurry look. bring the glassy interface

  49. alex says:

    MORE WORK FOR WINDOWS 8. WAY BEHIND THAN WINDOWS 7

  50. alex says:

    MORE WORK FOR WINDOWS 8. WAY BEHIND THAN WINDOWS 7

  51. alex says:

    MORE WORK FOR WINDOWS 8. WAY BEHIND THAN WINDOWS 7

  52. alex says:

    MORE WORK FOR WINDOWS 8. WAY BEHIND THAN WINDOWS 7

  53. Kris says:

    Hi,

    it's great to see that Windows now gets an anitmalware solution built-in but as an ITPRO I do have a lot of questions on how this will behave in an enterprise environment. We all use solutions like FEP,McAfee or Symantic, … How will they be able to deactivate Windows Defender? if it a feature which you can remove? or is it like in Windows 7 that you can disable it but that the shortcuts and so on remain visible causing confusion and helpdesk calls. Are you guys thinking about this? Do you talk with the systems management team about this? Forgive me but sometimes I get the feeling that the teams are not always working close togheter which has a negative impact on the products being released. Do you have some comments on that?

    Thx,

    Kris

  54. ali says:

    @ Microsoft

    1. Does new Defender use metro design language?

    2. Some windows users don't have access to high speed internet to update their Anti-malware's virus definitions (database).

    Avast company has a solution for these users. Avast has provided a installer file in their site that contains latest virus(malware) definitions. When people find access to high speed internet, they can download this installer from Avast site and then install latest definitions to a computer that has not access to high speed internet.

    Please add this feature to windows 8 Defender, so that virus(malware) database of computers with no access to high speed internet can be updated.

    thanks!

  55. uhm says:

    If don't want Windows 8 to be banned in EU or even in the US, you better reconsider it…

  56. aussiebear says:

    Currently using Windows 7 Home Premium with EMET, Parental Controls (as application whitelisting) and MSE; I'm just wondering if…

    (1) Is MS going to incorporate EMET into the next version of Windows?

    (2) What about DLL checking for Parental Controls?

    (The option is there for Software Restriction Policy in Win7 Pro, but not in Parental Controls…According to the Windows Registry.)

    Thanks.

  57. Chocojay says:

    I didn't understand why everyone wants to know every minute details at this time? Just hold for some time, details will emerge, there will be beta releases and more with more functionality showing in Win8.

    There is still 5-9 months at least before it will go to RTM..

  58. @Tuxplorer says:

    *nix is nothing but a crapOS for cheap orphan servers, or for some retarted kids, that no one (from the real hacker's community) deems to attack! Hackers have more interest in widespread/pervasive OS like windows.

  59. @thommck says:

    For people asking what is happening to Microsoft Security Essentials, it looks like Windows Defender has merged with MSE. When looking in the Win8 Action Center it says Defender has the latest VIRUS definitions and it also has the same interface as MSE v2.

    I find it slightly a bizarre omission that Microsoft didn't mention this in the article. in fact the seem to have purposefully avoided the fact.

    Also, if all Windows 8 devices have this complete firewall/virus/malware/smartscreen solution built in, why should a business pay for their Forefront solution? I know they will say for management purposes but this article is saying that it manages itself (along with WSUS definition updates)

  60. @ali

    1) Currently, it looks similar as MSE.

    2) Check this support.microsoft.com/…/923159

  61. Yes, the posts are quite cryptic. Not only this one, but also about Hyper-V, the "reflecting" ones etc. Some of them have more marketing buzz words than facts and from the others is really hard to dig and guess what is really new in Win8.

  62. B8Blog says:

    @MCCZ what is cryptic?

  63. The computer (PC) should swallow the phone.

    PC is a computational devices like a phone or tablet, Microsoft dominates PC (desktop) which can transform (allows a socket for a SIM card to be a phone, allow its screen to be feel touch to be a tablet, unplug its self from the wall and make its self smaller to fit your Desk (desktop), Your Lap (laptop) or Palm (phone or tablet))to any format running  the same engine. This is the route Microsoft should take instead off calling it a phone call it a mini PC (or palmtop) in its marketing campaigns and functioning.

    You should not allow a distinction between the same computational devices (non mobile or mobile) this confuses consumers and producers present a clear path forward just computational devices in deferent physical formats for particular purpose and function running the same engine and not allowing deferent UI across the devices keep the traditional Microsoft UI feel to remind users this is a computer device in your all your marketing campaigns.

    To achieve this remove the metro UI or allow users to choose between normal icon view on a platform (desktop).

    As an mechanical engineer i wont be using my fingers rather a pen or mouse on tablets or phone. The interface can generally be in any visual format (metro style included), if your products force people to change when they don’t want to change this will affect market share and you might loose, allow people to choose what kind of interface they want to use not force a particular visual style on them allow default windows desktop format enlarged to accommodate touch.

    Website interfaces are different relative to the audience or user group, windows OS should have non specific style for a general purpose, this style is not appealing for business, government, academic, student, home users its more appealing to a niche design group, a style that will go out fashion like clothing or any other design. This UI hides the desktop, rather than find software programs or application icon within the desktop, laptop or palmtop (tablet or phone). It should have a main board or platform on its interface where you find all installed software programs/applications not pin social media as core, in business only PR and marketing will use this, how about accounting, operations, Research, Human resource etc, how about government units, how about academic units the user that use this.

    Recommendations: if you like it so much allow users to choose between metro UI and other millions of UI ideas or concepts that can be formed (designed by third parties including other that come with the OS). Or simply enlarge normal windows UI to allow touch (this ui only works for touch not pen or mouse unless you want waste space) for all computer devices (desktop, laptop, palmtop (tablet or phone) with a consistent normal window UI enlarged with a main board/platform with software programs/application icons on it. Allow open use as windows has always been, allow user to reconfigure it in any they like, add external devices (printer, etc drivers coming from a download etc) easily with all the devices like always.

    A quote from steve jobs “users that are familiar with something that, you know, they don’t want a car with six wheels. They like the car with four wheels. They don’t want to drive with a joystick. They like the steering wheel.” allthingsd.com/…/d5-gates-jobs-transcript

    My predictions: The Computer is going to or should swallow the phone, why because it’s a computational device that allow a socket for a SIM card to be a phone, allow its screen to be feel touch to be a tablet, unplug its self from the wall and make its self smaller to fit your Desk (desktop), Your Lap (laptop) or Palm (phone or tablet)

  64. @Steven Sinofski: For example, at blogs.msdn.com/…/bringing-hyper-v-to-windows-8.aspx I have almost no clue what is "old" and what features and characteristics are "new" in Windows 8. The section "An introduction to Hyper-V" seems to talk about Hyper-V as a general, non Windows version specific, but then you have a video about how it works in Windows 8 (which is version specific). Being not keen in the current version of Hyper-V I do not see what is new to Windows 8 and is already in the market, or whether there are no changes in Windows 8 and you are just mentioning the current state and the video is just mispositioned – if this is the case, I do not understand why the section exists in the first place, instead of providing a link to an appropriate part of the existing documentation and introducing just the smallest part needed to understand the new things.

    In this post, my understanding and parsing was much better in general than in the Hyper-V, but I was lost a little bit in the place what malvares are new in Windows 8 in contrast to the Defender + MSE combo in Windows 7 and whether they are really consolidated in one product (there is no word about MSE at all).

    From a part of the post I have a suspision that you use SDL to build Windows in general, not only with this version, but from the conclusion it seems like that you have just started using SDL in Windows 8.

  65. How developers protect their code? says:

    I am maybe a bit off topic, but I am interested to learn how developers are going to protect their games and apps code from being stolen and also getting cracked.

    I have already explored js code of all built-in apps came with Windows 8 preview.

    .net apps are also easy to decompile.

    Why is MS recommended to protect the apps?

    //  chall3ng3r //

  66. B8Blog says:

    @MCCZ – it is a safe bet to assume we're not blogging about old features of Windows 🙂

    I am not sure how you would conclude that about SDL, but you initial assumpion is correct.

  67. Guest says:

    Please, enhance your UAC/SmartScreen/etc. to reach the process-control functionality like in the modern firewalls, with rules, program groups etc.

    For example: www7.pcmag.com/…/235706-comodo-antivirus-5-0-defense-rules.jpg , http://www.computersecure.org/comodo-bg_cpf_alert.gif (but it can be made much better, of course).

    That's not what firewalls must do, proccess controlling is the system work.

  68. @Steven Sinfosky: Every single other item in the list is a "new" feature, so the SDL should also logically be one of them. And as you stated you do not blog about the old ones 🙂

  69. @Steven Sinfosky: Every single other item in the list is a "new" feature, so the SDL should also logically be one of them. And as you stated you do not blog about the old ones 🙂

  70. Jan Kučera says:

    During the developer preivew (clean) setup, I have explicitly turned off the SmartScreen. What a suprise when I tried to run a network driver installer and was presented with a "Windows SmartScreen can't be reached right now. Check your internet connection…" message.

    So, great, but make sure the user can switch it off and respect their wishes! 🙂

  71. Somebody says:

    Excuse me if it's not the right theme to report a bug, but my Win 8 dev preview spontaneously changed the color style: rghost.ru/…/image.png .

  72. Mohit says:

    I dont quite understand how this will work in enterprise scenerios.. will FEP still be there ? will windows defender will still be controllable via registry / group policies..

    And, while writing technet/msdn help files, divide them into average and advanced user scenerios. Its like i know 4 things, get there to clear 2 things and lost previous 4 things in confusion….

  73. Ian says:

    @Somebody

    There seems to be a big with the high contrast option in Windows 8 Dev Preview, which I have experienced as well. I started encountering the same issue after enabling "High Contrast" in the control panel to see what it was like, then after turning it off, locking the computer, then logging back in, bits and pieces of the interface began to go back to the high contrast look. I was able to fix it by disabling high contrast in the control panel (such as through the Metro interface) then restarting your computer. Even if you turned off the high contrast option, it appears to turn itself on again 😉

    —–

    Anyways, how come there are so many missing options from Windows Defender compared to MSE? Is this just because its still under development? Just checking.

  74. @Kirk says:

    So, MacOSX is more secure than Windows? That's probably why they implemented NT security model (file-only subset) almost 15 years after NT itself. That's why they are revolutionary implementing full ASLR just now (5 years after Vista). That's why they STILL don't have any means of UI isolation/UAC (no sudo is stupid-stupid-STUPID hack around STUPID-STUPID-STUPID "security" design). That's why they don't have any remotely exploitable PUBLICLY DISCLOSED vulnerabilities unpatched for years. That's why they don't have any decent malware protection. That's why Safari unpacks and executes "safe" installation packages automatically.

    In short words, they don't have any clue about "security-as-a-process". Maybe they'll try to implement SDL (ten years behind Microsoft) – only after that it will have SOME chance to get on par with Windows.

  75. @Kirk says:

    Ah, you've mentioned Linux as well. They actually have yet to implement decent ACL-s (even Apple have already done that),  Their Loadable Security Modules design is horrible (as no design at all).

    But let's look at facts. Let's take last 10 years. Every single piece of widespread Windows malware relied either on user stupidity (trojans) or non-updated systems (which is a kind of user stupidity as well). Msblast, Lovesun, Sasser, Code Red, Sadmind,  MyDoom, Zotob, Nimda, Conficker… you name it. Machines running by clueless operators and still there is 0.2-0.4% infection rate total.

    Let's look at Linux. High profile LAMP servers are operated by qualified operators, which don't execute everything they can find on the Internet on those servers, apply patches in time and so on.

    We have seen Red Hat compromised (two times), Mozilla, Apache, Savannah, PHP and just about every "iconic" open source project server.

    Even funnier, Sony runs all their servers on Linux.

    kernel.org is still "Down for maintenance" after their main server (Hera) and couple of other has been compromised 1.5 month ago.

    linux.com and linuxfoundation.org has been compromised (down for maintenance as well).

    Again, all those hacks were strictly technical (as in no human error involved apart from running Linux in first place)

  76. @Kirk says:

    Ah, you've mentioned Linux as well. They actually have yet to implement decent ACL-s (even Apple have already done that),  Their Loadable Security Modules design is horrible (as no design at all).

    But let's look at facts. Let's take last 10 years. Every single piece of widespread Windows malware relied either on user stupidity (trojans) or non-updated systems (which is a kind of user stupidity as well). Msblast, Lovesun, Sasser, Code Red, Sadmind,  MyDoom, Zotob, Nimda, Conficker… you name it. Machines running by clueless operators and still there is 0.2-0.4% infection rate total.

    Let's look at Linux. High profile LAMP servers are operated by qualified operators, which don't execute everything they can find on the Internet on those servers, apply patches in time and so on.

    We have seen Red Hat compromised (two times), Mozilla, Apache, Savannah, PHP and just about every "iconic" open source project server.

    Even funnier, Sony runs all their servers on Linux.

    kernel.org is still "Down for maintenance" after their main server (Hera) and couple of others has been compromised 1.5 month ago.

    linux.com and linuxfoundation.org has been compromised (down for maintenance as well).

    Again, all those hacks were strictly technical (as in no human error involved apart from running Linux in first place)

  77. @Steven Sinfosky: HTML5.com, Ziad Ismail and MS... says:

    @Steven Sinfosky:

    Dear Mr. Steven Sinfosky,

    I am reaching out to you as we would like your valuable input, insight and thoughts on our discussions on HTML5.com.  I have signed an NDA with MS through Ziad Ismail and he told me to get ahold of others at MS as I need but won't provide contact details.  So here I am… We've have temporarily pointed HTML5.com to BeautyOfTheWeb.com.  As we all know, HTML5 is the one standard that allows for purchase once and use on Desktop, Tablet and Mobile, while over coming the limits of other ECO systems.  I cannot go into any further details, so please contact me directly at HTML5.com ((at)) Gmail.com.

    Kindest regards.

  78. EuroScept1C says:

    It's so simple:

    Windows 7

    Win Defender: Antimalware Engine

    MSE: Antimalware Engine + Antivirus Engine + Network extra Protection

    Windows 8

    Windows Defender: Antimalware Engine + Antivirus + Network Extra Protection Engine ( ex-MSE )

    Perfect move the integration of the great MSE into Windows 8. Along with ISO support, better tools such as Defragment and Cleaning etc. We're not gonna need may 3rd party software. Even less, at least.

  79. Anupom says:

    Its nice. *****We want Windows 8 more more faster & with low memory consumption******. And we also want some of most important features like ***Linux based operating System. Such as **VIRUS Free OS, **Outlook/Themes, **Style customization, **bug proof, **more driver supports, **3D automatic Vision ready, ***prevent storing Junk Files!

    Thanks

  80. @Steven Sinfosky: And in the Hyper-V artice.

    From the title "An introduction to Hyper-V" I understood that you are going to explain us what the Hyper-V technology is about. That technology is already in the market for several years, so I expect that the text is just for those of use who are not experienced in it, so they can understand the rest of the article (the new things). So I do not expect that the text introduce something new unless that part is clearly tagged as "new in Windows 8".

    After several paragraphs of "an introduction" there is a video how it works in Windows 8 as that the (old) Hyper-V is about something new in Windows 8. Quite unexpected, confusing and requiring to ask mysql "Have I missed something? Was there something new in the previous text? Should I sit down and compare the existing documantation with the previous text to localize the new parts?" Quite a lot of work for (almost) no benefit.

  81. clearly, because only EVERYONE except Microsoft uses some form of Unix Kernel… so logic dictates that it has to be insecure. :Facepalm:

  82. Tech savvy says:

    HyperV was for server environments and now it’s supported for all versions of Windows 8. That’s the new thing.. that we, the average user, can experience bare metal virtualization on our home PC.

    P.S. if you are just a hater, please mention in the post-script, rather than making it complicated for us.

  83. @Anon says:

    You are a lowlife troll and you are not welcome here. Live with this.

  84. This makes me laugh says:

    The blue screen page when Windows 8 crashes suggests to find the solution to that problem over the Internet, but…. if that's the only PC I've got and it keeps crashing, how can I find the solution?

    Here we have the usual stupid Microsoft defective by design thing….

    😉

  85. Jason Garms [MSFT] says:

    @Mohit: Microsoft Security Essentials will not be needed on Windows 8. We remain committed to providing strong protection of Windows 7 and earlier Windows users with Microsoft Security Essentials. Both are based on the same core technology (engine, signatures, filter driver), but Windows Defender on Windows 8 also provides additional functionality, such as integration with Windows 8 secured boot, as described in the blog. There is nothing time limited about Windows Defender's protection in Windows 8.

    @fjpoblam: Yes, we’ve done quite a bit of research and refinement on the SmartScreen user experiences in Internet Explorer over the years and we’re carrying that learning forward to the Windows SmartScreen experience. In the linked blog you can read more about the Internet Explorer 9 application reputation results. The top level result is that 95% of users make a safe choice when presented with the equivalent Internet Explorer 9 warning.

    @FZB: 25-70% is a day-over-day risk range depending on the attack landscape, but is influenced by a number of factors including the daily volume of attacks and the zero hour protection rate of upstream detection mechanisms.

  86. @Anon – you have my respect dude. And some people are just to dumb and ignorant to understand simplest things and for that they will call you a troll.

    I totally agree with Anon that the MSDN and these blog postings are very unclear and somewhat misleading. If you want to do something, do it right or don't do it at all.

  87. Jeffery says:

    @magistarx You and Anon should learn how to read then.

  88. Anon says:

    There is nothing whatsoever unclear about these blog posts. It's simply the dumb people who cannot understand basic English, who continue to misinterpret information due to a lack of a decent education regarding their native language. The posts are lucid, informative and well written.

    P.S. Linux sucks.

  89. Anon says:

    The posts are well-written regarding their use of English. I agree with that. They use ellegant wording and sometimes very elloquent phrases. But this is the problem with them and with MSDN. Many times I find myself have to dig deep inside the wording in order to gleam the meaning that is really important or relevant. The meaning that would add to my knoledge of Windows or its API.

    Sorry if I sound too picky but I feel that at Microsoft the documentation is not written by developers but by some marketting people most times. They take perfectly simple English and marketize it. They add phrases like, "Increasing your productivity", and "We remain committed", or "Enhances business continuity", or "Improves your agility", phrases which at least to my mind give no real information. I have to agree that posts on this blog are on the better side of things but don't you agree that at least they could have been less wordy? Bla bla bla. And these people also take perfect product names and mess them up. Like the Live vs. Windows Live madness.

    I am talking out of many years of experience on reading MSDN and some experience on developing apps for iPhone and Android. For example, try to read and understand and then develop using the COM documentation on MSDN. It is hundreds of pages long and instead of starting out with an example or a tutorial-like explanation of COM, like say the Android documentation would have done, it writes tens of pages on the theory of COM, the importance of COM, the abstract description of COM, etc. It is full of hard words, convoluted phrases and even marketting phrases. Instead of the more simple approach of having a documentation that talks to you, that takes you by the hand and walks you through how to use COM and how to write a simple COM application. Compare the COM documentation for example to the new Learning section on MSDN. There you will find a sample of how all of MSDN should have been written. The learning section is more personal and like a tutorial, not like some marketting abstract spec. Also, look at the all important Windows Development section. There, the Win32 API is described using some documentation written in the 90s, which even though it is being constantly updated, has changed little. And this despite the fact that it is full of errors or ommitions, contains unclear or incomplete description of the scenarios in many cases, or even samples that do not compile. One would have hoped that after decades, MSDN Win32 API documentation would have been perfect. After so many years of feedback, it should have at least become just perfect.

    Anyway, I am just trying to describe what should be improved with MS documentation. Perhaps, since English is not my native language, it is all my fault. But why is it then that I continuously find mistakes or sloppyness in MSDN or in KB articles, whilst I don't find this sloppyness in the iPhone or the Android documentations? Even the formatting of MSDN pages is bad. They use no HTML headings, do not provide alt text for images, etc, and generally their HTML is of lower quality. Like the text; being written by some low-wage secretaries that are not developers and have a degree in marketting. I can't convince you though if you don't agree with me. This is just my opinion, again after many years of trying to decipher MS KB articles and MSDN materials.

    Let me give you another two examples:

    I want to look through all the Microsoft Windows Embedded products and quickly find (A) on which kernel technology they are based on, (B) what is the latest versions and how much they would cost, (B) and what unique features each one offers. Go to MSDN and try to find out. It will take at least one hour or more, for these simple questions. Firstly, the old documentation is not separated from the latest version and even the latest documentation refers to products at times with the older names, like Windows CE. The tables containing the product features are written by marketting people, and are thus vague. Etc. The same when you try to find out the differences between the various Windows 7 editions. There is a comparison table on the MS Windows website but I found that it is not complete. On non-Microsoft sites, I found more detailed comparisons between the Windows 7 editions, comparisons which are more technical and complete and thus much more useful to developers or IT personnel.

    Try to find out what Windows Automotive is for example. You will be greeded with a page talking about the latest in infoteinment, whatever that marketting phrase might mean. No clear, technical, deep and complete description of features.

    Look at the different Microsoft Dynamics products. Let's say you want to advise a customer of yours on which Dynamics product is good for them. Now try to find on Technet a table comparing the various Dynamics products, giving all the price information and clearly describing each product's cababilities. You will not. I tried some years ago but in vein. I got lost in marketing speak. "Increases your agility and threngthens customer relationships and improves business processes and enhances your managibility". Etc, etc. So, which Dynamics product out of the 4 or 5 (God knows how many there really are) available should I buy. God knows.

    OK, let me call MS Support. Oh, look these support personnel are low-wage people that are really so stupid. I am sorry.

    The same with the support personnel of Hotmail. You send them e-mail saying that you cannot log-into your account and they respond talking about the effectiveness of spam filters. Like a robot would respond.

    Anyway, again this is my experience and it might not be the same with all users.

    Whatever you might think though, "I can assure you that I remain committed in enhancing the productivity of the developer ecosystem by injecting quality and simplicity in all educational materials describing public programming interfaces, in an efford to improve the speed-to-market and the correctness of all solutions created by this ecosystem". In addition, "Acting on fellow commenters feedback, I will engage the community in a constructive approach in order to continuously distill my views and refine my actions with the aim of learning from others and increasing the clarity of my thought processes".

    I am sure it makes perfect sense!

    And now time to go back to "Enhancing my work productivity" again.

  90. arnold says:

    Microsoft has been promoting Security Essentials as their antivirus solution, at least for the home market. How is a blog article on malware that doesn't even mention it "clear"? Please explain that to us.

    I completely agree with the above comment on MSDN's quality, btw. That's why when I really want to learn about the stuff that MS produces, I reach out for books by the likes of Jon Skeet or Jeffrey Richter.

  91. @avon, @arnold: The people who develop and those who document an API or product are strictly different at Microsoft.

    Have you tried to read Open XML MSDN documentation and update a column range for a particular existing conditional formatting in XLSX file based on that documentation?

  92. I rock says:

    You protect me from malware ? Why should i trust a company like Microsoft that render customers serials unusable ? No i don't trust Your spyware You force on to Your users; Office Genuine Advantage (never worked for me – had to crack my payed office), Windows Genuine Advantage (that now have renedered my genuine XP and Vista x64 unusable), SmartScreen or whatever You call it is spyware (where else should You know how users use it), Vista and Windows 7 is a spyware in itself because it is phoning home on and off. What do i get from Microsoft in return ? Exactly – Nothing ! I have to crack something i payed for. Contacting Microsoft haven't changed a thing. Microsoft know nothing about how to take care of real customers ! You protecting Your customers ?

  93. What? says:

    "Windows is FAR more secure than UNIX and Linux will ever be."

    – Linux – opensource -> trustworthy. Windows – FAIL

    – Linux – central repo -> secure, Windows – FAIL

    – Linux – unstable kernel ABI -> unstable to infect, Windows – FAIL

    – Linux – ACL+SeLinux RT protection -> complete rights lock, Windows – FAIL(Cacls -> mix of garbage )

    – Linux – Kernel Address Space Randomization since June 2005. Windows – FAIL

    – Linux – FREE and OPEN. Windows FAIL!

    – Linux – never spreading FUD or sabotaging companies. WINDOWS FAIL!

    You guys serious? Maybe Microsoft should openup the OS and stop charging for doing NOTHING?

    Or maybe they should die because Google does the right thing and eventually overthrowns it?

    Windows 90% market  FAIL!

    Windows 99,9% preinstalled on Desktop machines via illegal hidden agreements with OEMs (either preinstall or pay full price).

    Means every 10 desktop machine gets its preinstalled windows REPLACED by Linux or Hackintosh straight.

    Microsoft, please, continue bribing graphics cards companies to develop your MS-Only DirectX driver support instead of crossplatform graphics! Please! Because, else, you already dead and lost.

    And whats about that new interface in 8? I think you copy-pasted it from "Idiocracy" the movie. No, seriously 🙂

  94. Julian P. says:

    I never understood why the user has to search for anti-malware software, install it, maybe even pay for it and so on. If a product isn't secure by default additions that make it secure should be built-in and free. They should work by default. So: Because Windows isn't secure against viruses and other malware by default it should be clear that Windows needs a built-in malware-protection without using any additional software. Or make Windows secure against malware by default without any additional software.

  95. joeshmoe7 says:

    Doesn't matter how secure they make it… it will be bypassed and there will be security holes… it's just a never ending rat race nothing new here.  

    More secure vs. older malware…. forcing malware evolution..  and on it goes.

  96. @Julian P.: Even the Windows has no security hole on its own, the weakest security holes are still alive – the users. In most cases, the anti-malware solutions protects users from themself than from anything else.

  97. @ktyle: Well said. Very well said indeed!

    @James Tiberius Kirk: What is it with Mac users that hang out in Windows-specific blogs just to troll? Can't you find something else to do on your Mac?

  98. Chen says:

    Why not sandbox each application for itself. It's ridiculous that i have to give an installer FULL admin rights, including ability to modify windows system files, just so that it can create a folder and copy some files into %PROGRAMFILES%

    You have really thought your users to ignore UAC warnings, some applications (spotify for example) require elevation upon almost every startup just for auto update to work. People get used to it and just click past.

  99. mitchel says:

    its still 'boy that cried wolf' scenario.

    needs a built in sandbox…. i agree with Chen

  100. AntiLinSux says:

    LinSux -> Open Source -> Sucks

    Windows -> Closed source -> rocks

    LinSux -> 1% markets share -> pathetic

    Windows -> 90% market share -> wonderful

    LinSux -> insecure -> crap

    Windows -> secure -> trustworthy

    LinSux -> fugly as hell -> epic fail

    Windows -> beautiful Metro and Aero UI -> gorgeous

    All in all, OPen source stinks ass. Closed source FTW. CAPITALISM FTW. LinSux will always rot in hell. Lollll.

  101. is this remove all viruses  is with this antivirus i did not have to download any other antivirus like norton

  102. Nice post. I just hope that if I want to live without Defender, Windows would allow it and just let me be.

    Cheers!

  103. Haze says:

    We wanna see a sandbox architecture like qubeos in windows 8. I definitively will love microsoft if the guys behind this make it a reality.

  104. developer says:

    Metro is a stupid mistake. Limited, no extensible, bad looking and organized on the screen, heavily restricted and ultra expensive for developers (30% of the app piece for nothing – ridiculous).

    Worst and most stupid idea created by Microsoft so far.

  105. xpclient says:

    Wow the security enhancements are really exciting and comprehensive. Doesn't randomizing the heap lead to heap defragmentation?

    I just have one request for this area. I cannot stress how important it is for me to be able to optionally disable the reputation based download feature without disabling the SmartScreen filter for browsing. I am an experienced/power user and I only wish to enable SmartScreen. Please give us this choice through IE settings and a Group Policy. There is already an option for disabling SmartScreen which also disables the reputation based download warning feature but disabling SmartScreen entirely for browsing is dangerous. Please allow individual controls for disabling SmartScreen and disabling the application reputation based download feature. I know what I am downloading and do not wish to receive additional and obtrusive warnings.

  106. amani says:

    I have been running windows 8 for the past week. it is OK but if we are talking about security a company in India by the name of Live PC Solution was able to get my phone number form the IP address. And called me several time in regards to accessing my computer since it has some virus and they are going to help me fix it by remoting into my computer as they say. they called over 5 times in one day. the calls stop when i turned off my computer

  107. Hop says:

    Windows 8 run better. but I can install Kasspersky Internet security 2011 (KIS 2011) on Windows 8.

    How to run it?

  108. polb says:

    Hey that little green prompt is great for untrusted apps except for one little thing… most apps ARE untrusted anyway! Including most MS downloads direct from your site!

  109. prthrokz says:

    Nice work done to make security a more integral part of windows os. I have one doubt though, will windows defender be compatible with third-party anti-virus softwares ie will I be asked to turn off defender when say I install AVG on my machine ?

  110. ilcanecaldo says:

    It is called Windows Developer Preview for a reason, is under development..

    Wait for the Beta release to make comments and sugestions/changes.

    OS X, linux, unix, ubuntu, users please stop wasting time.

  111. Jason Garms [MSFT] says:

    @xpclient: You can separately enable the protection SmartScreen provides through Internet Explorer from the protection it provides at app launch time.

  112. Jason Garms [MSFT] says:

    @prthrokz: Windows Defender will get out of the way when you chose to use a different solution.

  113. @Jonathan Thu, Sep 15 2011 11:49 PM #

    "I was very glad to see MSE rebranded as Windows Defender and bundled with Windows 8"

    MSE is NOT Windows Defender and is NOT bundled with Windows 8. Windows Defender is the same with older Windows Defender bundled with Vista or 7, just improved.

    You can succesfully install MSE in Windows 8 Developer preview however.

    @Jason – it seems to be quite annoying to include SmartScreen in Windows. Norton Products uses something similar also. But if a file is new, there is no reputation for it. Your telemetry statistics may be accurate, but not for some wich uses to keep his software up to date. I got warnings in IE 9 even for Microsoft Software or Codeplex downloads. There is almost no week to not receive warnings, wich of course I decide to ignore. So if you don't find a way to update more frequently SmartScreen database, better get rid off.

  114. Josth says:

    one feature which would DRAMATICALLY reduce the attack surface (at least for a while) of windows is the capability of turning wow64 off (making it a windows feature), like here:

    msdn.microsoft.com/…/dd371790%28v=vs.85%29.aspx

    that means, no 32 bit malware can run. at all. we have 64 bit IE, FF (waterfox, pale moon at least), flash, java, silverlight (in rc, stable before the end of year), so it actually starts to make sense! there's also 64 bit office, total commander, utorrent, 7-zip, … so it would be a great help for casual users! please port your common apps to 64 bit (like wmp and windows live essentials)!

    if it's not possible in windows 8 as of yet, please, please make it so for the release! thank YOU!!

  115. xpclient says:

    There exists some issue with MSE and AutoHotkey compiler. See http://www.autohotkey.com/…/viewtopic.php. Just tested it, it exists in Windows Developer Preview too. Please fix this for the beta. When you start compiling an AHK script into an EXE, CPU usage increases if MSE is running, everything stops responding and sometimes script compilation fails.

  116. ObiWan says:

    The lack of protection (obsolete/not-updated antimalware) often comes from the fact that home computers come with some preinstalled 3rd party "antivirus" (either russing on a "trial" license or on a regular time limited one) now, more often than not, people won't care (or notice) about that license expiration and will keep running the system even if the AV isn't "working" anymore and this, by the way, leaves such systems unprotected since the AV will be out of date and the native Windows Defender will, in most cases be disabled (by the AV). To help avoiding such a situation, I think that Microsoft should arrange things so that, in case a given installed 3rd party AV will "expire", the AV itself should disable (or partially disable) its protection and re-enable the windows defender so that the system will have at least a line of defence; I believe that Microsoft should enforce such an approach and ensure that all 3rd party antimalware brands will follow such a guideline since this may greatly help reducing the impact of malware

  117. john says:

    I had feed back Microsoft to offer free anti-virus, other security sofware include in their product instead of buying separate software with other security software companies. All in one protection in Microsoft operationg software is a uniquie, and well performance run with windows.

  118. john says:

    I had feed back Microsoft to offer free anti-virus, other security sofware include in their product instead of buying separate software with other security software companies. All in one protection in Microsoft operationg software is a uniquie, and well performance run with windows.

  119. John Emily says:

    I had feed back Microsoft to offer free anti-virus, other security sofware include in their product instead of buying separate software with other security software companies few years ago. All in one protection in Microsoft operationg software is a uniquie, and well performance run with windows.

  120. windows defender uses a poor virus and Mal-ware  detection technology just like Kasper-sky  av online protection and

    Norton av and NIS 2006 / 2007 which decrease the explorer process work-time . affects features like moving and coping files

    check the screenshots i shared to describe this http://www.mediafire.com