Featured Mobileburn Video

Mobile Security in-depth: Windows Phone is the most secure platform says Microsoft

Editorial by Luke Jones on Tuesday September 02, 2014.

editorials · microsoft news · windows phone news · software news · luke jones

Sponsored links, if any, appear in green.

Windows Phone 8.1
Windows Phone 8.1

With frequent reports of insecurity on Android, it is time to throw the spotlight on Google's main mobile platform rivals. We will take a look at iOS later in the week, but today we will focus on Microsoft's Windows Phone 8.1, a platform that struggles to compete with Android in terms of market share but is apparently much more secure.

Android has come under attack many times in recent months, while a report this summer revealed that 5 million Android devices are infected. It does seem that Android gets a bad rep sometimes, and the truth is if you use it with common sense then you should avoid any malicious attack, much like with a PC. However, there is no doubt that closed rival ecosystems are more secure, and Microsoft says on its official website that Windows Phone 8.1 is the most secure mobile platform available.

AllAboutWindowsPhone found some white paper on the company's website that says the following:

The modern threats that organizations face require more than software solutions. Trust and security must be anchored in standards-based security hardware. Windows Phone is built on top of just such a foundation, which enables the protection of the Windows Phone operating system, the apps, and the data stored on the device. The trustworthy hardware components that Windows Phone supports include:

UEFI. Help protect your devices from firmware master boot record rootkits (or bootkits) by using UEFI. This replacement for a traditional BIOS helps ensure that only trusted software is booted on the device and prevents malware from being booted on the device.

TPM. Perform cryptographic calculations and help protect the public key certificates by using this security processor. You can use the TPM to enhance authentication and identity control by using TPM with virtual smart cards for MFA.

-Malware resistance

It is imperative that all devices be resistant to malware, but it's even more important for mobile devices like smartphones. Windows Phone devices are frequently used in public, unsecured places, and thieves and security attackers look at smartphones as easy prey. Windows Phone includes features that help make these devices highly resistant to malware. Each is discussed in later sections.

-Boot process

Windows Phone uses some of the same technologies that Windows 8.1 uses to secure the boot process-specifically, UEFI and its Secure Boot component. Secure Boot is a feature of UEFI that helps protect devices against malware or other tampering during the boot process.

When a Windows Phone device starts, the firmware starts the boot loader only if the boot loader's digital signature has maintained integrity and the boot loader is signed by a trusted authority that is registered in the UEFI database. In the case of all Windows Phone devices, the Windows Phone boot loader signature is trusted.

For Windows 8.1 operating systems, you can disable Secure Boot. Windows Phone and Windows RT devices are designed to run only their respective operating systems, so Secure Boot cannot be turned off and users cannot load a different operating system.

-Trusted Boot

As mentioned in the UEFI section above, UEFI Secure Boot verifies that the boot loader is trusted, and then Trusted Boot protects the rest of the startup process by verifying that all Windows boot components have integrity and can be trusted. The boot loader verifies the digital signature of the Windows Phone kernel before loading it. The Windows Phone kernel, in turn, verifies every other component of the Windows startup process, including the boot drivers and startup files.

If a file has been modified (for example, if malware has modified the file to launch malicious code), Trusted Boot protects all of the Windows components and prevents any components that have been tampered with from starting.

-System and app integrity

After Trusted Boot has completed the startup process, Windows Phone loads the system components and any apps that are loaded automatically at startup. The system components and apps must be properly signed before Windows Phone will load and start them. If a malicious user or code has tampered with the system component or app files, the corresponding component or app will not be loaded and started.

Unsigned apps are unable to run on Windows Phone, because an app must be signed to be in the Windows Store or be signed with the organization's enterprise development signature. Because all system components and apps must be signed, it is extremely difficult for attackers to run malicious code on a device.

-Microsoft security development life cycle

Windows Phone 8.1 is the culmination of many years of effort from Microsoft. With each release, Windows operating systems improve their defense-in-depth implementation for security. The strategy is derived from the Microsoft Security Development Lifecycle (SDL), which ensures that our research and development teams create software that is secure by design and can eliminate or at least mitigate potential security risks. The use of the SDL has paid big dividends in the case of Windows Phone and has created an environment that contains far less malware than peers such as Apple iOS and Google Android.

Quite a lot to get through, and Microsoft goes into much more detail on the site. The gist of it is that Windows Phone from top to bottom is secure, whether you are booting the system, downloading apps, or worrying about future protection. Admittedly, the stories about Windows Phone security issues are scarce, so if you have had any problems with your Windows Phone device, let us know.

source: AllAboutWindowsPhone

blog comments powered by Disqus

About the author

Luke Jones
Luke Jones is the Managing Editor at MobileBurn.com and is the person you need to speak to about the content on the site. Luke studied creative writing at degree level before carving out a reputation as a freelance tech writer. He settled here at MobileBurn, where he reviews devices and contributes to the news, as well as overseeing the site's content and direction.

Related Stories