Most of the security features at this week's Build conference extend design features that appeared in Vista and Windows 7 and have gradually been added through updates.

These include Address Space Layout Randomization (ASLR), which will be used more extensively in Windows 8, as will a new feature that protects the core of the OS from what are called 'kernel-mode NULL dereference vulnerability', basically a way for an attacker to elevate privileges once on the system.

Windows 8 will also make extensive use of memory heap randomisaiton, another technique tried on Windows 7, which makes it difficult for malware programmers to 'overrun' the space given to an application for malicious purposes.

Probably the biggest security addition is Windows 8's support for UEFI 2.3.1 secured boot technology (which requires BIOS support), which stops early-booting malware from interfering with antivirus products before they load into memory.

None of these changes are particularly radical but they continue the design policy of restricting as far as possible what applications can do on the platform without upsetting the OS. Of course, in the Web 2.0 world, what an application can do is increasingly governed by software interfaces other than those looked after the OS.