5 ways Windows 8 can be great for agencies

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By John Breeden II
 

Connecting state and local government leaders

By John Breeden II

|

Innovative security, a friendly (for real) cross-platform interface, and handy support for telework and BYOD could do a lot for public-sector organizations

Microsoft’s Windows 8 operating system could do a lot to change computing across all form factors. Make no mistake, this isn’t an incremental upgrade. Windows 8 is a sea change, in the way Windows 3.0 moved the world away from DOS.

Having spent the past couple months diving into every aspect of the new operating system, I can say that there will certainly be a bit of a learning curve, but probably less than most users expect. Once that hill is overcome, Windows 8 will offer so many advantages in terms of security and usability that it will be difficult to imagine how the world worked without it.

Public-sector workers especially should embrace these changes, because a stable and secure OS running across desktops, notebooks and tablets has been a missing component to most agencies’ build-out plans, leading to a bit of a hodgepodge of interfaces. For example, in the Commerce Department, the agency has about half of its systems running Microsoft Windows XP and half running Windows 7, which is about the same dispersal of systems worldwide. Getting every desktop and laptop onto the same page, and then extending that page to tablets would be a big help.

Windows 8 is part of Microsoft’s vision of a global operating system that is both platform and geographically independent. It looks exactly the same on a notebook, desktop, tablet or mobile device anywhere in the world. I learned how to use it on a desktop computer without a touch screen, and that made using the OS on a tablet like the Samsung Galaxy second nature without further training.

Most of the keyboard shortcuts from the desktop are simply replaced with hand gestures on the tablet, but everything looks and works exactly the same. Once the new OS proliferates, if you learn how to use Windows 8 on a notebook in France, you can run it on a desktop in the United States or a tablet in Japan. Changing the language options is easy to do, but almost not necessary since all devices will work the same way.

The new OS offers a lot of advantages for organizations. We’ve broken out five general advantages below, each of which include some other good features.

Windows 8 touchscreen

1. Bye, Bye BIOS

Beyond usability and the new interface, the biggest focus for Windows 8 is security, which we all know is the No. 1 concern for federal agencies. Here we find that new systems shipping with Windows 8 will benefit more than older ones being upgraded because of two key new features, with the biggest surprise being the elimination of the system BIOS.

The Basic Input/Output System was invented in 1976 and still acts as a bridge between hardware and most operating systems today. If you ever needed to hold down a function key during the boot process to type on that DOS-like screen in order to do things like changing your system clock, then you’ve been inside your BIOS. It works OK, but it’s also a very vulnerable part of the computing landscape and a favorite target of root kits, malware and modern viruses.

Windows 8 will work with BIOS, but it’s designed to function securely with the Unified Extensible Firmware Interface (UEFI), which should start replacing BIOS pretty soon after Windows 8 ships. In fact, to be considered Windows 8 certified, systems will need to use UEFI instead of BIOS.

The biggest security feature with UEFI is that it allows Windows 8 to reach out to the master boot record and check to ensure that everything is still in a pristine state, a process called Secure Boot. If any root kits or other malware have changed anything at all, or if the connection between Windows 8 and UEFI is somehow blocked, UEFI won’t allow a system to boot.

Some people might complain that this effectively makes it so that hardware designed for Windows 8 can’t ever run alternative operating systems, like Linux. In a sense this is true because if the connection between the Windows 8 OS and the UEFI is not made, the system won’t boot. However, Microsoft is allowing Linux companies to register so that their OSes can function the same way as Windows 8, and protect machines from boot-level malware. Red Hat Linux has already done that.
 
2. Boots kick out malware

The second major security upgrade with Windows 8 is Trusted Boot, which modifies a convenience technology found in Windows 7 to prevent accidental deletion of critical files. You might not know this, but if you’re running Windows 7 and you delete your Notepad program, it should come back after a few minutes. That’s because Notepad is considered essential, and a copy is stored in a secure part of your OS. If the system detects that it’s gone missing, it will copy it back over for you, which sort of idiot-proofs critical files.

Microsoft has taken that technology and modified it to work with critical .dll and system files during the boot process for Windows 8. The Trusted Boot process scans every file being loaded during the boot phase, including all the usual suspects targeted by malware. If any of the files have been replaced or modified in any way, the OS simply copies the actual file over the top of them from the secure area, and boots normally.

Trusted Boot and Secure Boot require new hardware, but there are several security features that will work just fine with existing computers being upgraded from an older OS. The most impressive is the early loading of anti-virus software, something that is sorely needed to combat malware.

A trick virus writers have used in recent years is to have their malware load its drivers and system commands before any anti-virus program. Then they can block AV from working, or even give false information to users. Windows 8 identifies legitimate anti-virus programs from known companies and loads their drivers first. And even if you don’t have an anti-virus program, Windows 8 ships with Windows Defender, which is of course flagged as a first-load program. So everyone with Windows 8 will have some form of virus protection, and it will be given priority over almost everything else on the system.

I was able to test this feature with a piece of malware from the GCN Lab’s virus vault that tries to pre-load before an AV program. The virus was successful in taking over a system running Windows XP even though it was protected by anti-virus software. But it failed in trying to use that same first-load trick to get around identical protection running under Windows 8. So this is a huge weapon in the fight against malware.

3. Encryption made easier

Specifically for feds, but good for anyone, Windows 8 has the option to fully encrypt an entire system using the BitLocker program. In the past, feds have been cool to embrace BitLocker because when pushing out an update to distributed systems, administrators did not have access to BitLocker-protected computers. What would happen is that the encrypted system would wake up and ask for the security key, but not install any patches or updates until that key was entered locally. Then when it was entered, the user, who was just coming into work, had to wait for the patch process to complete.

Windows 8 solves this problem by giving access to BitLocker-protected systems if a variety of conditions are met. A system must be plugged into its home and trusted network with a cable — wireless does not count — and then the administrator can wake it up and apply patches without local intervention. This could make BitLocker far more attractive in enterprise environments.

Where BitLocker protects entire drives, Windows 8 also improves security on individual files by adding an extra layer to Dynamic Access Control lists, which track permissions across a network, and are notoriously difficult to manage in large groups. An administrator can use common language to create an extra gateway to help plug holes that develop in the DAC list. For example, adding “If User.country = US, allow Read/Write” would be a way some organizations could make sure that each user is only reading a file if they are stationed within the United States, according to their Active Directory listing. This extra check happens before the DAC is even accessed, so if a user is from China in this example, the system doesn’t even bother to check the DAC. They are simply rejected and not allowed to read a protected file.

4. Keys to working remotely

The final major upgrade for Windows 8 in terms of security is that all copies of Windows 8 will support Windows to Go. That basically means that Windows 8 can be installed on a flash drive. Then when you plug the flash drive into any computer, you are able to work from the secure OS stored there and ignore whatever’s on the host computer you happen to be using.

This would allow feds and other government employees to work securely from a public terminal inside a mall if necessary, and would also prevent the loss of data if a notebook or tablet is stolen, since all the real data and even the OS is sitting on a secure key drive. It would allow feds to work from home and enable telework, bring your own device programs and continuity of operations plans.

There are some restrictions. Key drives must be certified as USB 3. You can use a USB 2 port on a host system, but the drive itself must be USB 3. The portable drive must also report itself as a fixed drive to the OS, something only a few do right now. Finally, you also need to purchase a number of Software Assurance Licenses from Microsoft, one for each drive you want to use, which gives you permission to use Windows To Go.

5. Friendly interface (really)

Beyond whether the new OS will be secure, probably the biggest fear people have is about the interface. Potential users are worried that their desktop computers, without touch screens for the most part, are being forced to boot into what looks like a tablet interface. I admit this was a concern when I started my testing. The old nightmare of going to class in your underwear could be replaced with showing up for work and suddenly not knowing how to use your computer. But trust me, this won’t be a problem.

The main boot screen is both incredibly powerful and easy to use. Every program installed on the system has an associated icon on the main screen. Clicking, with your finger or a mouse, depending on the device, runs the program. If you would like to get rid of a program, you simply uninstall the icon and that takes the entire thing away.

So the problem of eliminating shortcuts and leaving the actual program behind no longer exists. That should even reduce the bloatware that ships with some manufacturer’s systems, because it’s easy to see and can be eliminated in seconds by users of any skill level.
 
There is also a cheat with the new interface. If you really don’t like the point and click simplicity of Windows 8, you can hit your Windows key on your keyboard. That brings up the more classic view, and looks likes a Windows 7 desktop. And the Windows 7 desktop is also represented as an icon on the new main screen, so you can also click to get it there. Internally, most of the programs look and act the same as before. At most, a user might need an hour of training to learn the new interface, though they will probably catch on much more quickly than that.

Once you get used to the look of your new working environment, it’s easy to have it completely duplicated across all notebooks, desktops and tablets that you associate with yourself, so you can truly take your home screens with you anywhere. Or, an agency can create a perfect working space with all the programs users need, and then replicate that so everyone has access to the exact same configuration regardless of platform. Desktop, tablet and notebook users will all see the same screens, which is not only easier for users, but should take a huge load off of the tech support staff.

We don’t know if Microsoft’s vision of a globally used operating system will ultimately come to fruition, but feds don’t need that to happen in order to start taking advantage of Windows 8 right away. The new OS offers some incredible and innovative security features along with an easy-to-use-package that can be duplicated across almost every device in an entire agency. So there’s a lot to love about Windows 8, and really no reason to fear it.

It easily earns a GCN Lab Reviewer’s Choice designation, and our highest recommendation.

NEXT STORY: A few ways to protect yourself against 'visual malware'

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.