If it's August, a whole lot of security professionals and hackers alike are headed to Las Vegas to spend as much time indoors as possible at the Black Hat conference to avoid the 110-degree daytime temperatures.
Ahead of the show, Microsoft Group Program Manager for Windows Security and Identity Dustin Ingalls posted a lengthy outline on what the Trustworthy Computing (TwC) team at Microsoft will discuss at the show.
The changes will be a part of Windows Blue, a.k.a. Windows 8.1, the upgrade to Microsoft's current operating system. As it is, the upgrade already has a bunch of new features aimed at enterprise customers, which have pretty firmly rejected Windows 8 in favor of its older brother, Windows 7.
In the blog, Ingalls details a few more features. Former Microsoft CTO Craig Mundie established the TwC group in 2002 with emphasis on improving four areas: security, privacy, reliability and business integrity. They don't just work with Microsoft software, they also try to help the rest of the industry build more secure, reliable software.
First up, the group is updating the Trusted Platform Module, a hardware security device or chip that provides a number of crypto functions. TPM 2.0 is required for all InstantGo devices, which will ensure modern devices are ready for BYOD scenarios. Windows 8.1 adds support for ensuring safety for private key and WinRT APIs to enable Windows Store apps to set up and manage virtual smartcards.
Secondly, Windows 8.1 will add new methods of access control beyond just the old password. This includes capacitive full-fingerprint security and expanding biometrics beyond just first signing in to the device. So now any time a user sees a Windows credential prompt, he or she can use biometrics, so you don't have to keep typing in login/password connections every time.
To protect sensitive data, Windows 8.1 will offer device encryption on all editions of Windows for devices that support InstantGo. Windows 8.1 Pro and Windows 8.1 Enterprise will also get fully functional BitLocker. Also, Microsoft will introduce Remote Data Removal, which will allow an IT department to wipe corporate data off a BYOD device without affecting personal data.
To fight malware, Microsoft will introduce an improved version of Windows Defender that adds behavior monitoring to detect certain bad behaviors in memory, the registry, or the file system, even before virus signatures have been created. IE 11, coming with Windows 8.1, will offer an API that enables anti-malware solutions to make a security determination before a binary extension is loaded.
You can read the details at the blog. Hopefully some of these fixes will trickle down to Windows 7 as well.