Since we’re already on the topic of Security (see previous post Windows Azure = Security + Privacy + Compliance), might as well talk about it within the context of Windows 8.1. We often get the question:
“What has Microsoft done to further enable security in its new Windows offering?”
Though there were many improvements in Windows 8.1, the ones that stuck out the most for developers were:
- AppContainers and Vulnerability Mitigations, in other words – safer apps.
It’s one of the things that customers have enjoyed on mobile operating systems such as Windows Phone 8 is a relatively malware free experience. There are two primary reasons driving these impressive results on mobile devices. First being the fact that all apps come from a centralized store that vets the apps before making them available to customers. Secondly, all of these apps run inside of a sandbox called the AppContainer. The AppContainer utilizes a sandboxing technology which is effective at preventing malicious apps from tampering with the system, other apps, and your data. Windows 8.1 also utilizes this technology making the system less susceptible to attacks even in the event that vulnerabilities are discovered. Improvements to technologies like ASLR and DEP where made in Windows 8.1 to ward off attackers and close said vulnerabilities.
- Biometrics – fingerprints for your apps
Windows 8.1 supports the use of fingerprint authentication for its own core scenarios such as buying apps from the Windows Store and purchasing music, to name a few. However, biometrics can be implemented into your Windows Store apps as well so that you can easily identify users for scenarios such as biometrics-based consent and quick sign-in. More >>.
- Strong Authentication Using Virtual Smart Cards
Windows 8.1 makes it easier than ever for Windows Store apps use virtual smart cards when strong authentication is needed, as in various enterprise Bring Your Own Device (BYOD) scenarios, as well as consumer scenarios that require strong authentication such as banking. The new Windows Runtime APIs make it easy to write apps to manage both real and virtual smart cards. More >>
It would not be proper of me to talk about security in Windows 8.1 and not mention what Windows is doing on the Trustworthy Computing side. Rather than going through it here though, take a half hour and watch Crispin Cowan’s What Every Developer Should Know About Building Trustworthy Apps. I know that learned a thing or two about how to avoid security pitfalls while developing Windows Store apps and how to inspire user confidence in apps. Is there something specific that you do in your apps that you believe increases your users’ confidence and trust in your app? If so, please share – start a new conversation in the Canadian Developer Connection LinkedIn group.
If you’re interested to learn more about the security improvements on more of the OS itself vs. what pertains specifically to Windows Store apps, make sure you check out the new What’s New in Windows 8.1 Security course on MVA.