本帖最后由 zdshsls 于 2011-9-17 16:13 编辑
我们MSE区,最近怎么这么冷清呢?Z龙抽空回来,热闹热闹,呵呵
这次Windows 8 系统真的很强大,内置的WD竟然采用系统的文件筛选机制,太恐怖了
闪人
================================================
Windows 8将包括更多的安全功能,为用户提供更好的安全防护,保护终端用户免受来自网络的威胁。微软强化了Windows Defender安全方案,保护用户远离所有类型的恶意软件,包括病毒、蠕虫、僵尸工具和rootkits。
Windows 8将通过Windows Update提供恶意软件签名,Windows Defender将使用文件系统过滤器来进行实时监测和防护,并与Windows 8的安全启动技术进行交互。如果你使用的PC支持UEFI Secure Boot(基于UEFI 2.3.1规范),那么Windows 8的安全启动将确保所有的固件和固件更新都是安全的。
除此之外,IE浏览器中使用的SmartScreen筛选器功能也入驻了Windows 8。就像在IE中一样,Windows 8会在用户首次下载、开启来自互联网的应用程序时使用SmartScreen进行信誉度检测。
在Windows 7中,当开启此类下载的应用程序时,你会看到下面的提示:
在Windows 8中,SmartScreen仅会在此应用程序尚未建立任何信誉度因而存在高风险时通知用户:
微软可靠性与安全团队项目主管Jason Garms对Windows 8的安全防护进行了详细介绍:
===============================================================
Keeping malware off your PCHaving effective malware protection is important for any device connected to the Internet and almost all Windows PCs sold today include a traditional antimalware solution, though it is often a time-limited or trial version.
Shortly after Windows 7 general availability in October 2009, our telemetry data showed nearly all Windows 7 PCs had up-to-date antimalware software. However, a few months later the trend started to decline month-to-month, likely reflecting antimalware trial subscriptions expiring. A year later, at least 24% of Windows 7 PCs did not have current antimalware protection. Our data also shows that PCs that become unprotected tend to stay in this unprotected state for long periods of time. And when antimalware software is even one week out of date, its ability to protect against new malware drops significantly.
We believe that all Windows 8 users should be protected by traditional antimalware software that provides an effective, industry-recognized level of protection. There are a lot of great antimalware solutions available that we expect will be updated to protect Windows 8 PCs and we believe most PC makers will continue to ship Windows PCs with these solutions installed.
Windows DefenderIf you don’t have another solution installed, Windows 8 will provide you protection with a significantly improved version of Windows Defender.
Improved protection for all types of malware. The improvements to Windows Defender will help protect you from all types of malware, including viruses, worms, bots and rootkits by using the complete set of malware signatures from the Microsoft Malware Protection Center, which Windows Update will deliver regularly along with the latest Microsoft antimalware engine. This expanded set of signatures is a significant improvement over previous versions, which only included signatures for spyware, adware, and potentially unwanted software.
In addition, Windows Defender will now provide you with real-time detection and protection from malware threats using a file system filter, and will interface with Windows secured boot, another new Window 8 protection feature.
When you use a PC that supports UEFI-based Secure Boot (defined in the UEFI 2.3.1 specification), Windows secured boot will help ensure that all firmware and firmware updates are secure, and that the entire Windows boot path up to the antimalware driver has not been tampered with. It does this by loading only properly signed and validated code in the boot path. This helps ensure that malicious code can’t load during boot or resume, and helps to protect you against boot sector and boot loader viruses, as well as bootkit and rootkit malware that try to load as drivers.
The same interfaces for secured boot used by Windows Defender, as well as all APIs used by Windows Defender, are available for use by our antimalware partners to deliver additional protection to Windows customers.
- Improved user experience. We have designed Windows Defender to be unobtrusive for most daily usage, and will notify you only when you need to perform an action, or critical information demands your attention. Windows Defender will also use the new Windows 8 maintenance scheduler to limit interruptions.
- Improved performance. Traditionalantimalware technologies are well known for impacting system performance. It’s not uncommon that running antimalware software doubles the amount of time required for core scenarios like file copy and boot. As you read in last week’s blog entry, we have a lot of people working on system performance and Windows Defender dramatically improves performance on all key scenarios compared to common antimalware solutions on Windows 7, while maintaining strong protection. For example, Windows Defender with its full protection functionality enabled adds only 4% to boot time, while dramatically reducing CPU time during boot by 75%, disk I/O by around 50MB, and peak working set by around 100MB.
These same improvements benefit energy efficiency, meaning Windows Defender consumes less power, and gives you longer battery life.
We’re continuing to work with antimalware partners during the Windows 8 development process so you have the best possible Windows PC experience no matter what antimalware solution you choose. We provide them with resources, such as the technical details of how we architected the performance improvements for Windows Defender, so they have the opportunity to make similar improvements to their products.
Microsoft SmartScreen for Internet Explorer and now for Windows tooTraditional antimalware software plays a critical role in defending and remediating attacks. However, reputation-based technologies can help provide effective protection against social engineering attacks before traditional antimalware signatures are available, especially against malware that pretends to be legitimate software programs.
Windows 8 will help protect you with reputation-based technologies when launching applications as well as browsing with Internet Explorer.
Since its release, the SmartScreen filter has used URL reputation to help protect Internet Explorer customers from more than 1.5 billion attempted malware attacks and over 150 million attempted phishing attacks. Application reputation, a new feature added to SmartScreen in Internet Explorer 9, provides an additional layer of defense to help you make a safer decision when URL reputation and traditional antimalware aren’t enough to catch the attack. Telemetry data shows 95% of Internet Explorer 9 users are choosing to delete or not run malware when they receive a SmartScreen application reputation warning.
We understand that Internet Explorer isn’t the only way you download applications from the Internet, so Windows now uses SmartScreen to perform an application reputation check the first time you launch applications that come from the Internet.
In Windows 7 when launching these downloaded applications, you get the following notification:
In Windows 8, SmartScreen will only notify you when you run an application that has not yet established a reputation and therefore is a higher risk:
The user experience for applications with an established reputation is simple and clean: you just click and run, removing the prompt you would have seen in Windows 7.
SmartScreen uses a marker placed on files at download time to trigger a reputation check. All major web browsers and many mail clients, and IM services already add this marker, known as the “mark of the web,” to downloaded files.
We expect average users to see a SmartScreen prompt less than twice per year and when they do see it, it will signify a higher risk scenario. Telemetry data shows 92% of applications downloaded via Internet Explorer 9 already have an established reputation and show no warnings. The same data shows that when an application reputation warning is shown, the risk of getting a malware infection by running it is 25-70%. And SmartScreen gives you administrative controls to prevent your non-techie friends or children from ignoring these warnings.
We’ve seen dramatic results with this approach in Internet Explorer and we’re happy to bring it to a broader set of Windows scenarios.
Here’s a video that shows you Windows Defender and SmartScreen URL and application reputation in action:
In conclusion, we’ve taken a very broad approach to improving the level of protection you’ll get from malware in Windows 8, including the use of SDL processes to be secure by design, the implementation and upgrading of mitigations to help protect you against exploits used by malware, improvements to Windows Defender to provide you with real-time protection against all categories of malware, and the use of URL and application reputation to help protect you against social engineering attacks.
Thanks,
|
[复制链接]
发表于 2011-9-17 16:11:28
高中木时间