Figure 12-15: Windows Defender
There’s not a heck of a lot to do here. Configured properly, Defender’s real-time protection against viruses and malware will be enabled, and its virus and malware definitions—part of its ability to detect errant software—should be up to date. You can manually update the definitions from the Update tab, but it’s unlikely there’s an issue here unless the PC has been offline for weeks or longer.
Potentially harmful items that have been found are cataloged on the History tab. Here, you’ll see different buckets for quarantined, allowed, and all detected items. If there are any items here, you can further remediate them if you’d like—perhaps by removing them entirely—but there’s usually no reason to bother.
The Settings tab has, as expected, a number of configuration options and is worth looking at. For example, you can configure Defender to scan removable drives during a full scan. This is desirable if you regularly use an external disk, like a USB hard drive, when you’re home. You can also configure Defender to automatically remove quarantined items after a set time period—by default it does nothing—and determine whether to participate in Microsoft’s Active Protection Service, or MAPS, which is used to make Defender more effective for everyone. Do your part: We recommend at least a basic membership.
Boot-Time Security
Windows Defender, like its predecessor, is great at what it does. But there’s one problem with an integrated antivirus and anti-malware solution like Defender, and that is that Windows 8 must be running for it to work. There are certain situations in which you may wish to secure your PC’s hard disk—just as when it’s booting—or need to run a security scan against the hard disk when Windows isn’t running. And while one might argue that these capabilities aren’t technically Windows 8 features per se, you need to know about them.
First, as PCs have become more sophisticated, the architecture on which Windows runs has evolved. And one of the biggest changes that Windows 8 has been designed to accommodate is the long overdue switch from the primitive BIOS (basic input/output system) environments that have graced (disgraced?) PCs since the 1980s. BIOS is a type of firmware, a tiny bit of software that runs before Windows when the PC first powers on. And while it’s possible to run Windows 8 on a BIOS-based computer—basically every single PC made before 2012—a new generation of more sophisticated PCs and devices are instead using BIOS’s replacement. It’s called UEFI, or the Unified Extensible Firmware Interface.
UEFI provides many advantages over BIOS, but from a security perspective the big deal is that PCs based on this firmware type can support a new technology called Secure Boot. Based on industry standards, Secure Boot ensures that a system hasn’t been tampered with while offline. (That is, while Windows isn’t running.)
It sounds Orwellian but the purpose of Secure Boot is valid: It targets a growing class of electronic attacks that insert code before Windows boots and try to prevent the OS from loading security software like Windows Defender at boot time, leaving the system vulnerable to further attack. Secure Boot ensures that only properly authorized components are allowed to execute at boot time. It is literally a more secure form of booting.
All Windows 8 PCs and devices will be configured from the factory to support Secure Boot and have this firmware feature enabled. But if you are going to install Windows 8 on a previous PC, you can check to see whether this feature is supported and then enable it before installing the OS.
As a feature of the PC firmware, Secure Boot isn’t configured in Windows; it’s configured in the UEFI firmware interface. This interface will vary from PC to PC, but it’s generally available via a Boot or Security screen in the firmware and is toggled via an option that will be labeled UEFI Boot. This can be set to Enabled or Disabled.
The other security issue that arises at boot time occasionally is the need to scan an offline system. That is, you may want to run a Windows Defender security scan against a Windows 8 hard disk, but when Windows isn’t running. This can be a vital capability if your system is infested with a bootkit or rootkit, malicious forms of software that are both hard to detect and almost impossible to remove … when Windows is running. But if you can attack bootkits and rootkits while Windows is offline, then voila! Problem solved.
Fortunately, Microsoft makes a standalone version of Windows Defender called the Windows Defender Offline. As you might expect, it is based on Windows Defender, and looks almost identical to that tool. But you install it to a bootable optical disc or USB memory stick and then boot the PC from that. Windows Defender Offline is shown in Figure 12-16.
Strictly speaking, there’s no reason to run Windows Defender Offline unless you know you have a problem. But don’t wait to create a bootable Windows Defender Offline disc or USB key until you have a problem: This is a tool you should have at the ready, just in case. You can download Windows Defender Offline from the Microsoft website at tinyurl.com/defenderoffline.
Some related security features, BitLocker and EFS, can be used to protect the contents of a Windows PC’s hard drive. These are discussed in Chapter 14.
Figure 12-16: Windows Defender Offline can clean an offline PC.
Windows SmartScreen
Microsoft added an interesting and useful security feature to Internet Explorer 9 called SmartScreen that helps guard your PC against malicious software downloads. IE 9’s SmartScreen feature works very well, but of course it can’t help you if you use a different browser, such as Google Chrome or Mozilla Firefox, or if you download a malicious file through another means, such as an e-mail application or USB storage device.
SmartScreen uses a Microsoft hosted “reputation” service that uses actual user feedback to help determine whether files are trustworthy. So that means you can help make the service more useful for everyone simply by using this feature.
To help protect you against malicious software more globally, Windows 8 includes a special version of SmartScreen, called Windows SmartScreen, which protects the filesystem against malicious files, no matter where they come from. Windows SmartScreen works exactly like IE 9’s SmartScreen feature, meaning it utilizes both holistic sensing technologies and an Internet-hosted service to determine whether files are malicious or at least suspected of being so.
To configure Windows SmartScreen, you’ll need to launch Action Center, which is available via the system tray (it’s the icon that resembles a cute little white flag) or through Start Search.
Using the Action Center route, you’ll see an option on the left of the window called Change Windows Start Screen settings. Click this option to display the window shown in Figure 12-17.
Figure 12-17: Windows SmartScreen settings
We recommend using the default setting, which is “Get administrator approval before running an unrecognized app from the Internet.” Unless you’re regularly hanging out in torrent sites or other gray areas of the Interwebs, you’ll find this isn’t too annoying.