What should Microsoft do in Windows 8 and beyond to make Windows more secure?

Which is ridiculous, IMHO. I mean, unlike Windows without a browser, a media player, and, in a few cases, a much better one, is one search and a few clicks away. *Conspiracy theory alert*: That report is also from Microsoft itself, take that as you will.

 

Yeah, so? Digital signatures are not there to scan for malware. They are only there to verify that the software came from the person who owns the digital signature. That person can still be evil. It's up to humans to decide whether or not that person (or company) is trustworthy. The digital signature's job is to make sure the software wasn't tampered with by some third party.

No. I can create a signing key in a few minutes on my PC. Anyone can. I personally sign some of the software I have created with GPG for use in my Ubuntu PPA (Ubuntu requires all third party developers use GPG keys for signing software). Now, if one uses a certificate authority for identity verification, that can cost some money, but it is nothing prohibitive.

I'm not quite sure how malware scanners not keeping up has anything to do with digitally signed repositories. All software that would be allowed in would have to be vetted by the staff, and that would not only be a simple virus scan -- ideally they would physically inspect the application, build it from source (if possible), install it, use it, test it.

Who is to say that some rogue M$ developers have not put a backdoor in Windows? Who is to say Intel or AMD are not secretly working with the Chinese and backdooring all CPU's? One can never be sure about every possible angle; one must trust at some point. However, just because we can't guarantee perfection doesn't mean we can't clean up the security disaster that has been Windows since like forever. And that would be a good thing.

I agree with you, but not for the same reasons as you state. I think it's more of a logistical and legal issue. For instance, how would M$ decide what software gets included and what doesn't? Think about all of the hell they have caught over not including third party browsers in the OS. If you think that is bad, wait until some vendor's software is left out of M$'s repositories. Ergo, I don't think M$ will ever go this route. The reason Linux distros are able to get away with having such large repositories is because the software they carry is mostly licensed under the GPL, BSD or MIT licenses, all of which are basically "Do what the hell you want with it" licenses. They don't have to worry with legal and licensing issues from third-party vendors whose only goal is profit like Microsoft would.

 

Well, even if some software is not included in reposiotories, it doesnt mean the user cannot install them. A MS repository would just be for user convinience, and an outside software would be no difficult to install then it is now. An MS can put in aa disclaimer that a software no included in the repo does not mean its bad, its just that it has not been tested yet.
So, MS can maintain 2 lists - one that is good, and thus included in the repos; and a second one that lists software that is problematic. Everything else goes into "not sure".

In fact, just like linux, MS can allow "outside" repositories to eb chosen by the user; those that are maintained by AV vendors say.

 

Microsoft wouldnt be allowed to enable Microsoft security essentials as default since two av's will conflict and Microsoft will be sued again.

I agree with user accounts being created limited user by default.
I do think applocker and srp should be in the home versions. there isnt any harm in doing it since most users wont use it. I would make use of both.

Most of the list i do agree with but I feel its unrealistic. Microsoft dont have enough people to add all the safe software developers to a trust list. only the big companies would be on the list and the small developers software would be marked as unknown and not allowed. uploading all unknown files to a cloudscanner will take a long time and people will just cancel it because they just want to install the software they downloaded.

i agree with having Full DEP on as default as well as SEHOP.

 

I don't foresee this happening either. The behavioral profiling technology would collect and upload behaviors, but not files themselves.

 

As long as you were to make use of both separately, because they don't work together. Besides, I don't know why anyone would want to use a toyota (SRP) when they'd have a Mercedes (AppLocker) available to them.

 

Rather than point out a long list of to-dos, I'd rather them improve the way UAC alerts the user first so that more people would actually adopt/use it. At the moment, a number of home users still disable their UAC or simply click on OK at each prompt without thinking twice and unfortunately that kinda defeats the purpose.

1. Make it less annoying for the average user to run apps that require admin rights without any UAC prompt. That could be done by providing a built-in "UAC white-list manager" so that users can white list their trusted safe apps that require admin rights...and leave others running with standard user rights.

2. Make it a compulsory one-time UAC prompt (with credential) when running any newly-introduced executable ('new' to the system that is) and when installing software would be good. That could widen the concept of "installing software that you trust only" to the masses. Once installed, programs run with standard user rights and would only receive admin rights when the user him/herself white-list it.

3. Make it an optional one-time UAC prompt (with/without credential) when doing system tasks/change Windows settings. Users need not be prompted every time for each task he initiates. Give the user the choice of setting how long the period of time (with a max limit) he/she would be allowed to gain that 'temporary' admin rights specific for system tasks...

4. Finally, provide a way for users to go back to a "tighter" UAC if they wish so...like the way it is currently for Vista and Win7 users.

This change would mean trading 'security' for convenience but if it's going to convince more users to hold on to UAC and the standard user concept, then it'd be an overall improvement to the entire Windows user-base. If MS can bring about this change, then perhaps this would be the 1st right step into making Windows "more secure". The other suggestions mentioned by others (such as DEP, SEHOP, etc) can come in at a later time when more legit software developers and more users adapt to the structure...

P.S. I'm running under a LUA/SRP approach currently but I can understand why some users still run under Admin account - they're not entirely to be blamed.

 

Port it to Linux

Just kidding

 

There's one very basic thing that Microsoft could actually do: Educate their user base, by making partnerships with governments, and then take free courses to each town!

How about that?

 

I Give up.

 

• By default, don't hide extensions for known file types in Windows Explorer.

 

I don't know if anyone has mentioned this as I did not read all the previous posts, but to answer your question MrBrian - Microsoft should bring to market as quickly and reliably as possible - the Midori (successor of Singularity) research project as a bridge to their existing revenue stream products. Seems things are hush-hush for now from Microsoft.

-- Tom