Windows 8 Security
10/8/2011 6:25:05 PM
Upgrading windows defender is a great idea but there are a few improvements that can be done.
• Mini Scan (This is a scan that runs when it detects a threat on the computer. After it has clean the file/folder it will run a mini scan on the same file/folder to make sure it got rid of any traces of the malware. I have seen this run in a few products and it has produced great results by removing left over traces it left behind.)
• Force Protection (This is an interesting feature that can be extremely beneficial for windows defender. This feature can only be activated when windows defenders protection has been turned off. This feature will force windows defender protection on for one hour regardless of administrative privileges. During the hour, no options can be changed or modified. It does allow the user to update defender and run scans. This is used when a virus turns off windows defender and the user cannot turn it back on. Since windows defender is built into windows, it can’t be removed from the system but can be turned off. With this feature it will force protection for one hour say that if any new threats emerge it will protect the user and also provides information on the possible virus that has turned off defender.)
• Emergency Scan (This is a scan that can only run when defender is in force protection mode. It will analyze the entire system and report it to Microsoft to analyze so that the virus that is causing defender to be turned off will be found and will release the definition update to get rid of the virus and also prevent other computers to lose their malware protection.)
• System File Scan (This is an option that could be added to windows defender or just to windows itself. This option will run a scan on the computer, when idle; to see if any changes have been done to the system files that would require a restart and have the computer start the windows recovery system. This is handy for people like me that don’t restart their computer very often which means if a rootkit found its way onto my computer, it may stay on their for one month till I restart and secure boot can take place. It would scan the computer and if it found anything it would pop-up saying windows will restart at so and so time to repair possible damage to computer.)
• Boot Scan (Add an option to scan the system before system loads. Will allow removal of malware that is hard to get rid of, such as rogues. Should be in the scanning options say users can choose when to run it. Also should ask a the user if he would like to do a boot scan if windows defender has detected the same piece of malware at least three times in a row; this pretty much says that it has been detected but can’t be removed while system is running.)
• Idle Scanning (Have an option that allows idle background scans. Should include options that ask what type of scan, how long computer needs to be idle before scan, and how many maximum numbers of scans that user wants in one day. Also the scan should pause when the computer is used and start back where it left off when idle again instead of starting a new scan.)
This is a feature that truly needs to see some work done to it.
• Outbound Protection (Yes I know that windows 7 firewall allows outbound protection but doesn’t have any signatures for it so it always pop-up asking what to do. This is great if a computer gets a bot on it, with outbound protection it will block the bot to send information to other computers so as to stop a possible botnet.)
• Silent Firewall (This is being added to almost every security product because it doesn’t annoy the user with questions they don’t know. It will provide protection for both inbound and outbound and if it detects anything it will just say it blocked an attack. If nothing seems malicious about a program/file then it will allow it run with both inbound and outbound privileges.)
• Application Control (Another feature that is being added to almost every firewall. This shows everything that is connected to the internet and allows you to change how they connect to the internet. By default it allows all programs to connect to the internet with inbound and outbound privileges. There should be an option beside each program/file to either connect to the internet by Auto/Both (Allows both inbound and outbound connection), Inbound only connection, outbound connection only, and block (Cannot access the internet at all.)
• Signatures (The new firewall should also have the capability to block exploits. Since one of the new features in windows 8 is that it will stop windows update if the user is on a limited bandwidth/Internet they are allowed, then they may not be getting the new Security updates that will block the most recent exploit found. It could say something like… A recent attempt to attack your computer was blocked. No action required.)
Please comment if you liked or disliked any of the ideas listed above.