What’s changed in Windows 8.1 Pro
Windows 8.1 is the latest release of the Windows operating system for client computers. Windows 8.1 natively supports image-based installation and deployment. Windows 8.1, Windows 8.1 Pro, and Windows 8.1 Enterprise support 32-bit x86 and 64-bit x64 processors for PCs and tablets. Windows 8.1 RT supports ARM processors. For many advanced features, including BitLocker, Encrypting File System, Domain Join, Group Policy, and the Remote Desktop host, computers will need Windows 8.1 Pro or Windows 8.1 Enterprise.
Windows 8.1 has many enhancements to improve security, including memory randomization and other improvements to prevent malware from inserting itself into startup and running processes. Windows 8.1 uses address space layout randomization (ASLR) to randomly determine how and where important data is stored in memory, which makes it much more difficult for malware to find the specific locations in memory to attack.
Windows 8.1 has enhanced support for devices that use Trusted Platform Module (TPM). Although always-on devices require TPM 2.0, all other devices require at least TPM 1.2. Firmware can use TPM to store hashes, which verify that important operating system files haven’t been changed, and keys, which verify that digital signatures are valid.
Windows 8.1 requires a processor that includes hardware-based Data Execution Prevention (DEP) support. DEP uses the Never eXecute (NX) bit to mark blocks of memory as data that should never be run as code. DEP has two specific benefits. It reduces the range of memory that malicious code can use and prevents malware from running any code in memory addresses marked as Never eXecute.
If your organization doesn’t use an enterprise malware solution, you’ll also be interested to know that Windows Defender for Windows 8.1 has been upgraded to a more fully featured program. Windows Defender now protects against viruses, spyware, rootkit, and other types of malware. Rootkit detection helps to safeguard PCs and tablets from malware that inserts itself into non-Microsoft drivers. If Windows Defender detects that a non-Microsoft driver has been infected, it prevents the driver from starting. It’s important to point out that other features, such as Secure Boot, Trusted Boot, and Measured Boot, protect Microsoft drivers and other critical operating system files.