Windows 8.1: High-performance behaviour monitoring for Defender

The virus scanner Defender, a standard component of the operating system since Windows 8, will include high-performance behaviour monitoring in version 8.1. So far, Defender has only detected viruses using its signature database and online queries, but once the behaviour monitoring is in use and detects problems, the scanner will also send an activity log to Microsoft so that it can send out updated signatures as quickly as possible. Microsoft introduced this and other changes (PPTX file) intended to increase security on Wednesday at the TechEd Europe developer conference in Madrid.

Starting with Windows 8.1, the system partition will be automatically encrypted on all versions, not just Pro and Enterprise, once a user with administrator privileges logs on with a Microsoft account. If the computer is not linked to a domain, Windows stores the recovery key in the user's SkyDrive. More extensive BitLocker features will still be exclusive to the more expensive versions of the operating system.

PC Health is a service that verifies system integrity by sending the Action Center's current status and Measured Boot data to a cloud service. If the analysis uncovers a security issue, the service informs the computer. This feature is only available for home users.

Microsoft is also working to improve protection against compromised certificates. As part of their strategy, starting in 2015, only machines with the TPM (Trusted Platform Module) security chip will be recognised as "Designed for Windows". The company is also planning a cloud service that combs the internet for invalid certificates, and Windows 8.1 users can opt in to SmartScreen to anonymously send all certificates for analysis.

The new fingerprint recognition system can be used not just to log on to Windows but also to make purchases in the Windows Store, Xbox Music and Xbox Video. Now that modern fingerprint sensors recognise whether a finger actually belongs to a living person ("liveness detection"), Microsoft believes there is less of a risk of fake fingerprints.

Selective Wipe is useful for companies that allow their employees to handle company data on their private devices ("bring your own device"). Data is only saved to an employee's machine with EFS encryption, and if that employee leaves the company, the key is simply deleted – although the data is still on the private computer, it is no longer readable. In Windows 8.1, the mail app can use Selective Wipe to protect both e-mails and attachments; the Work Folders introduced with Windows Server 2012 R2 also use the feature.

(djwm)