• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Optimizing Win 8 + Haswell Security?

Hooobi

Golden Member
I thought I'd read somewhere that there are certain security features that can be used with Win 8 + Intel Haswell to increase system security. Anyone have a link or brief description of these in layman's terms? I'd like to implement any that aren't too complex on the system in my sig.

TIA
 
You might be thinking of Supervisor Mode Execution Prevention and/or Supervisor Mode Access Protection. Ivy Bridge has SMEP, and Haswell has both. Win8.x makes use of SMEP, but as far as I've been able to find out, SMAP isn't used by Windows yet.

There's nothing special you need to do for Win8 to use SMEP. Its purpose is to arbitrarily prevent high-privileged code from being tricked into executing stuff that was planted in user memory space.
 
Thanks for the replies.

PF - Interesting concept, but doesn't look like my system will support it, since at the very least, my RAM isn't soldered. I'll check out Truecrypt.

mB - I'm reading your security guide and wonder if you could clarify for me whether it is still effective to enable secure boot after I've already been using my system for a while. Your guide suggests doing so before OS install. If it makes a difference, I'm on Win 8.1 Pro. That seems like one of the features I had read about.
 
Thanks for the replies.

PF - Interesting concept, but doesn't look like my system will support it, since at the very least, my RAM isn't soldered. I'll check out Truecrypt.

mB - I'm reading your security guide and wonder if you could clarify for me whether it is still effective to enable secure boot after I've already been using my system for a while. Your guide suggests doing so before OS install. If it makes a difference, I'm on Win 8.1 Pro. That seems like one of the features I had read about.

If Windows installed in EFI mode, then you can enable SecureBoot after the fact and it'll take effect.

If Windows installed while the system was booting in "legacy" mode, then first you'd have to switch your BIOS to boot "UEFI only" and do at least a repair installation of Windows.

Another tweak you can consider if you have Win8.x Pro, is Bitlocker drive encryption. When the apartment right next door to me got burglarized, I said "that's it, I'm encrypting my drives," which Bitlocker makes very painless. Since my system doesn't have a TPM chip, I did have to change a setting in its Local Group Policy to allow Bitlocker without TPM. If you need that setting, start gpedit.msc with a Run As Administrator and it's in Computer Configuration > Windows Components > BitLocker Drive Encryption > Operating System Drives.
 
Last edited:
Back
Top