Optimizing Win 8 + Haswell Security?

Toggle sidebar Toggle sidebar
Hooobi

Hooobi

Golden Member
Jan 26, 2001
1,217
0
76
I thought I'd read somewhere that there are certain security features that can be used with Win 8 + Intel Haswell to increase system security. Anyone have a link or brief description of these in layman's terms? I'd like to implement any that aren't too complex on the system in my sig.

TIA
 
P

PrincessFrosty

Platinum Member
Feb 13, 2008
2,300
68
91
www.frostyhacks.blogspot.com
Is it seamless disk encryption?

http://arstechnica.com/information-...matic-disk-encryption-if-your-pc-supports-it/

I know that the newer intel CPUs support hardware based AES which means they can deal with AES encryption super fast, fast enough to make the performance hit a non-issue.

FYI Truecrypt supports hardware accelerated AES as well so you can use that with the newer intel CPUs for more flexible encryption.
 
mechBgon

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
You might be thinking of Supervisor Mode Execution Prevention and/or Supervisor Mode Access Protection. Ivy Bridge has SMEP, and Haswell has both. Win8.x makes use of SMEP, but as far as I've been able to find out, SMAP isn't used by Windows yet.

There's nothing special you need to do for Win8 to use SMEP. Its purpose is to arbitrarily prevent high-privileged code from being tricked into executing stuff that was planted in user memory space.
 
Hooobi

Hooobi

Golden Member
Jan 26, 2001
1,217
0
76
Thanks for the replies.

PF - Interesting concept, but doesn't look like my system will support it, since at the very least, my RAM isn't soldered. I'll check out Truecrypt.

mB - I'm reading your security guide and wonder if you could clarify for me whether it is still effective to enable secure boot after I've already been using my system for a while. Your guide suggests doing so before OS install. If it makes a difference, I'm on Win 8.1 Pro. That seems like one of the features I had read about.
 
mechBgon

mechBgon

Super Moderator<br>Elite Member
Oct 31, 1999
30,699
1
0
Hooobi said:
Thanks for the replies.

PF - Interesting concept, but doesn't look like my system will support it, since at the very least, my RAM isn't soldered. I'll check out Truecrypt.

mB - I'm reading your security guide and wonder if you could clarify for me whether it is still effective to enable secure boot after I've already been using my system for a while. Your guide suggests doing so before OS install. If it makes a difference, I'm on Win 8.1 Pro. That seems like one of the features I had read about.
Click to expand...

If Windows installed in EFI mode, then you can enable SecureBoot after the fact and it'll take effect.

If Windows installed while the system was booting in "legacy" mode, then first you'd have to switch your BIOS to boot "UEFI only" and do at least a repair installation of Windows.

Another tweak you can consider if you have Win8.x Pro, is Bitlocker drive encryption. When the apartment right next door to me got burglarized, I said "that's it, I'm encrypting my drives," which Bitlocker makes very painless. Since my system doesn't have a TPM chip, I did have to change a setting in its Local Group Policy to allow Bitlocker without TPM. If you need that setting, start gpedit.msc with a Run As Administrator and it's in Computer Configuration > Windows Components > BitLocker Drive Encryption > Operating System Drives.
 
Last edited:
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom