Acumen Security Update

Should You Upgrade to Windows 11?
Here's what you need to know about Security.

Chapter 1:

Security unlike anything before

With Windows 11 Security, Microsoft is making an aggressive attempt to raise the security floor of the PC platform, and that’s a good thing for everyone’s security. Here is just a snapshot of the significant security upgrades you can expect:

windows 11 security
If you’ve read anything about Windows 11 it’s probably that it will only run on “new” computers. Microsoft needs new processor technologies to provide higher security – this is called a Secured-Core PC.
Example of a Secured-Core PC
https://techviral.news/microsoft-secured-core-pc-to-protect-against-firmware-attacks/

New Hardware Requirements Bring Vital Security

Three of the new OS’s hardware requirements play major, interlocking roles in security:

 

 

 

Virtualization-Based Security (VBS)

VBS runs Windows components in secure spaces that are isolated from the main OS. Doing that requires hardware-based virtualization features, and enough horsepower that you won’t notice the drag on performance. Noteworthy security features that rely on VBS include:

 

  • Kernel Data Protection protects the Windows kernel and its drivers.
  • Memory Integrity provides stronger protection against viruses and malware.
  • Application Guard limits damage from untrusted websites and office documents.
  • Credential Guard stops attackers from using credentials in pass-the-hash attacks.
  • Windows Hello Enhanced Sign-In isolates biometric software to secure facial recognition and fingerprint systems.

Measured/Secure Boot (UEFI)

Measured/Secure Boot checks the digital signatures of the software used in the boot process. It protects against bootkits that load before, or modify, the operating system.

 

Trusted Platform Module 2.0 – Based Security Features (TPM 2.0)

TMP is tamper-resistant technology that is best known for its role in Secure Boot, ensuring computers only load trusted boot loaders, and in BitLocker disk encryption. In Windows 11 it forms the secure underpinning for a host of security features, including BitLocker and Windows Defender System Guard.

     BitLocker. BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.

     Windows Defender System Guard.  System Guard prevents attacks using a unique hardware isolation approach, with the goal of destroying the playbook that attackers use by making current attack methods obsolete. It works on:

  • Enterprise desktops
  • Enterprise mobile laptops
  • Bring your own device (BYOD) mobile laptops
  • Personal devices
 
Hardware-Enforced Security Benefits

 

Hardware-enforced Stack Protection prevents hijacking. Windows 11 extends the Hardware-enforced Stack Protection introduced in Windows 10 to protect code running in kernel and user modes. It’s designed to prevent control-flow hijacking by creating a “shadow stack” that mirrors the call stack’s list of return addresses. When control is transferred to a return address on the call stack it’s checked against the shadow stack to ensure it hasn’t changed. If it has, an error is raised.

Control-Flow Enforcement Technology protects against malware attacks. Control-Flow Enforcement Technology delivers processor-level security structures to protect against common malware attack methods that have been a challenge to mitigate with software alone.

Eliminate Passwords with Windows Hello. Windows Hello helps keep your information protected and is a more personal, secure way to get instant access to your Windows 11 devices using a PIN, facial recognition, or fingerprint.  

Windows-11-Hello-Login-Screen
The Evolution of Security

For several years, Microsoft’s approach to Windows security has been to create a chain of trust that ensures the integrity of the entire hardware and software stack, from the ground up. Windows 11 Security demands the hardware necessary to make it work. Microsoft is making an aggressive attempt to raise the security floor of the PC platform, and that’s a good thing for everyone’s security.