If you want, you can set up a Windows account the way you're used to and ignore all the new features. Or you can use a Microsoft account (Xbox Live, Hotmail, SkyDrive, Windows Messenger or any of the other Microsoft services you use) as your Windows account, which the Windows installer makes the first suggestion. It works the same way; you can have multiple accounts on the same PC, reset your password as normal, log in to your PC when you're not online and generally do what you've always done. But you can also use it to get your PC connected in a whole new way.
Getting the cloud right
Windows 8 is the first version of Windows designed to make sense of the way we use the Internet these days. That's not just having the kind of glossy, touchable apps that turn pages from websites into virtual magazines or an endless stream of social updates at your fingertips that you can get on iPad or the better Android tablets – though Windows 8 does that just as well, with apps like Pulse or the Bing offerings.
But Windows 8 plugs the cloud into almost everything you do. Preferably the Microsoft cloud, of course; you need to at least have a Microsoft account to make the most of Windows 8, but that can be a Gmail address if you want it to be (you'll get the information from that account in Windows but you'll have to verify that before contact, calendar and message information start arriving). But when you're saving or opening a file, that could be using your Google Drive sync folder just as easily as SkyDrive and you see Facebook and Twitter connections in the People app.
Really, this is cloud enabling a personal computer done right. Your Microsoft account becomes your Windows account, with your profile picture. The first advantage is that you automatically get your contacts, calendar and messages and you'll be signed in to SkyDrive when you download the SkyDrive app. But that spreads beyond individual apps. If you use SkyDrive, it automatically adds your pictures on SkyDrive to the Photos app; if you've linked Windows Messenger to Flickr in the past, you get your Flickr photos there and the same for Facebook – so you can pick an image you have online to use as your Lock screen as easily as you can choose a picture that's on your hard drive. Plus you see your Facebook friends in the People app and Facebook chat in Messaging. Install the SkyDrive app, even the desktop version that syncs files, and because your Windows account is your Microsoft account, it doesn't need to ask for your password one more time to sign you in. Your content is right there for you to do whatever you want with, wherever you keep it.
Your Microsoft account is what you use in the Windows Store to download apps. If you have an Xbox Live account, use that as your Microsoft account and you'll see your Xbox and Windows Phone Xbox Live achievements and avatar and friends – and you can use your PC to control your Xbox or buy a game and start playing it on your Xbox straight away (more of that later).
Got more than one PC? Whether that's a desktop and a notebook or a notebook and a Windows RT Surface tablet, using the same Microsoft account on them interconnects and syncs them. You get the same Lock screen, the same desktop background or theme, the same Start screen design and colour scheme on both PCs. Annoyingly, you don't get the same Start screen layout and tiles – Microsoft says that's because you might not have the same programs installed, but we'd like to see Windows 8 download your apps from the Windows Store automatically (being able to see the list of apps and pick individual ones is a good start but it's not enough – after all the Bing and Live apps install automatically so why not the apps you've chosen?).
But you do get your Internet Explorer favourites and history, from both desktop and 'modern' IE, plus your logins and passwords. Looking for that news story you read on your tablet? You can get to it easily on your desktop when you get to work. Want to authorise a Twitter app on a new PC; you won't need to type your username and password one more time. It's as if every PC you use is your own PC that you've spent time setting up (apart from having your programs on.
It just works, you might say – and it brings together so many of the online services you already use into something that feels seamless and connected and natural much of the time. Of course that makes the places where the experience doesn't join up even more annoying.
Obviously security for your Microsoft account also matters rather more than it did when it was just your Hotmail address. Some of that's common sense like setting a strong password (and then setting a picture password so you're not making your password simpler so you don't have to worry about typing it in every time you restart your PC). But you also have to explicitly trust your PC to use it with your Microsoft account and you can do that using two-factor authentication – giving Microsoft an alternative email address or phone number to send a code to that you then type in on the PC (setup prompts you to do both), or using another PC that you've already marked as trusted to trust a new PC. That takes advantage of the fact that again, most of us do have more than one computer these days, as well as having a mobile phone around all the time.
And when it comes to Windows 8, this is by far the most secure version of Windows ever. In fact, it has security features other operating systems should aspire to.
Windows Live account or not, the first account you make on Windows 8 is automatically an admin account. When you add a second account, which you now have to do through the 'modern' PC Settings app rather than the control panel, the first (and heavily recommended) option is to use a Microsoft account to do it. There's no option to make a new administrator account directly, as you realise the first time you try to install an app and have to put in the password of the original account. You can go into the control panel to change the account type, and it's a good idea not to have any more administrative accounts than necessary, but if you share a PC it's irritating not to get the option in the first place.
The assumption is that you're setting up an account for a child and you get the option to apply Family Safety to their account as you create it (this only works on standard accounts). This gives you reports of what they do and lets you control what Web sites they can visit, which apps they can install (by type or age rating) and when and for how long they can use the PC.
It combines the previous Parental Controls feature with the Windows Live Family Safety tool and you can manage settings locally on the PC or on the Family Safety website (which lets you manage the accounts of users on different PCs from the same place).
This is a nice way to seamlessly merge the previous Windows and Windows Live tools and means you don't have to spend money on separate tools to give you control over kids' PCs.
Security: sandbox to heap
The security features in Windows 8 go much deeper than accounts. It's the first operating system to use the UEFI secure boot feature that signs and validates boot components to make sure than a rootkit hasn't tampered with your system. Yes, if secure boot is turned on older operating systems won't boot, but that includes Windows XP and Windows 7 so it's not a dastardly plot to exclude Linux and you can turn it off on all x86/64 PCs. You can't turn it off on Windows RT, but then you can't load other operating systems on an iPad so again, this is about security rather than lockout.
Many more Windows 8 PCs will have TPMs, as will all Windows RT systems; this is used for additional security checks at boot (which applications will be able to see later; your online banking site could check if your PC is fully trusted before authorising a very big transaction, for example). Windows 8 includes Windows Defender (the new version of the excellent Microsoft Security Essentials). If you buy a different anti-virus package that will also be able to load before Windows starts up, to protect you against malware that starts up first and circumvents your security software.
Windows 8 uses the SmartScreen app reputation technology from IE to check applications you install on the desktop; if they're well known or signed by a well known developer they'll install as normal. If they're a new file or have the same name as a well known installer but not the same details, or they're signed with a key that's also signed malware, you'll get a full screen warning about the application. You can still install it if you want, but you'll know that what you have isn't the normal Adobe Acrobat, for example.
Any malware that does find its way onto your system is going to have to be a lot smarter. Any specific security holes that have been found will be fixed in Windows 7 by updates and Windows 7 will keep on getting updates for years. But only Windows 8 gets new protections in the kernel and the memory management system that mean there are no predictable areas of memory for malware to target, that it's harder to attack the way Windows keeps track of the 'heap' of allocated memory, that none of the memory allocated to applications for storing data can be used for running code and malware can't force the kernel to allocate and release memory for a virus to use. Not only are the specific exploits for the Windows 7 kernel fixed, but the design that allowed those exploits is much improved. Writing malware for Windows 8 is going to be far harder and many attackers will turn to attacking third-party applications instead.
'Modern' style apps are harder to attack as well. They run in their own sandbox with fewer privileges than desktop programs, with only the permissions to access files or your location that you agree to when you install it and they can't get into the sandbox of another app. Even the hackers at Black hat this year could only find ways of attacking 'modern' style apps through the desktop (using techniques that Microsoft says anti-malware software will already protect you against).
There are improvements to BitLocker, the whole-disk encryption feature that stops someone taking your drive out and reading it in another system. The main one is that only the disk space in use is encrypted, not the whole drive; that makes encrypting your drive far faster. That's good news if you get Windows 8 Pro. The equivalent of BitLocker is also turns on in Windows RT. Oddly though, Windows 8 users still don't get this feature – so Windows RT is more secure than plain Windows 8 because of encryption and because old Windows malware just can't run.