Announcements, Microsoft, Windows 10

Why We Can’t Stop Talking About Windows 10 Security!

Many of you have heard us talking nonstop about how Windows 10 is more secure!  Since we deal with computing security…and literally problems on people’s computers, it is a big deal for us.

Why?  Here’s a few things to know:

Windows will get more secure with Windows 10. And while Windows security features are designed for the world’s largest enterprises and governments, its foundation is built into all Windows editions so you benefit from that design as well. Windows 10 helps you secure your devices, your user identities, and your data.


  • Trusted Boot. Windows maintains platform integrity such that Windows components and even anti-virus software itself are protected from tampering. When Windows starts on the device, one of the very first actions it will take is to start the Windows Trusted Boot feature. This feature protects the Windows system core (kernel), privileged drivers, and system defenses such as an antimalware solution. The idea here that if Windows can prevent malware from being able to start early in the boot process and before system defenses have started, then Windows can prevent malware from hiding from those defenses. Trusted Boot is an architectural change in Windows 10 that effectively eliminates the potential for rootkit attacks, which are attacks that gain system access by tampering with the Windows boot process.


  • App security. Once you have an OS platform running and start using apps, you need to have platform and application security to help ensure both are resistant to exploits when vulnerabilities are discovered. The reality when it comes to vulnerabilities is that as long as human being are writing software they’ll continue to introduce vulnerabilities into their code, and thus in Windows 10 Microsoft invested in a deep bench of functionality to deal with this eventuality. Microsoft calls this set of functionality “vulnerability mitigations,” and they’re designed to prevent attackers from being able to manipulate application functions that are already running in system memory. In Windows 10, these mitigations are designed to break the attacker’s playbook. For instance, one mitigation (called CFG) that Microsoft added to Windows blocked 96% of the vulnerability exploit techniques that were used against IE since 2011. That’s just one mitigation – there are many, many more in Windows 10.
  • Investments in vulnerability mitigations are critical for the platform, but Windows’ key strategy for addressing them in the application space is within what are called “Universal Apps.” Vulnerabilities that are exploited in apps running in the sandbox are extremely limited in what they can do, as the app is isolated from the system, data, and other apps. Microsoft originally shipped in this Windows Phone 7 and then later integrated the capability into Windows 8, and it has been producing great results on those platforms ever since.


  • Online Safety and Windows Defender. One of the challenges faced with any 3rd party antimalware solution is that when malware gets onto a device with sufficient privileges it is pretty effective at actually disabling the AV solution itself. In the consumer space, large percentages of devices are either out of date, have been disabled by malware or, in many cases, are devices that were protected only by a trial or subscription-based antimalware solution that has since expired.


  • Starting with Windows 10, when a 3rd party antimalware solution has expired and is offering no protection Windows will attempt to help the user re-subscribe to their original antimalware solution. Windows 10 will remind them a number of times, but if within 3 days a user does not act Windows will then automatically turn on Windows Defender to ensure the user is protected.


  • In addition, Windows Defender itself will be less susceptible to malware tampering. Microsoft calls this “protecting the guard.” In Windows 10, Defender has been isolated in the system using a technology called “Protected Processes” so that malware can’t tamper with its configuration and state. Interaction with Windows Defender and its configuration can only occur with processes that are trusted and signed using a special process. This level of protection is also available for 3rd party solutions.


  • Microsoft also dramatically improved Windows Defender’s ability to detect malware. Windows Defender takes full advantage of the power of the cloud to get the fastest possible detection times, even for highly polymorphic malware. For instance, in some cases a device won’t have a signature for new malware that Microsoft is aware of, but your AV solution hasn’t yet received this latest signature file from Windows Update. When new suspicious files are detected on the system, Windows 10 can quickly use the cloud to vet whether or not it knows the file’s reputation and, if need be, can automatically force a cloud block well ahead of the distribution of the signature file. In addition, Windows Defender takes full advantage of new APIs and event channels that were designed based on 3rd party feedback, giving you the best protection capabilities yet.


  • In today’s world it is fair to assume that all of defenses will fail us at some point, and to deal with this eventuality Windows put Defender Offline in the Windows Recover environment. In the event that Windows Defender can’t resolve an issue because the malware is too deep in the system, Windows can boot into the secured Windows Recover environment and repair the system from there. No longer will you need to go to the web to acquire an offline scanning tool that runs from a USB, DVD, or other peripheral.


  • Windows and IE SmartScreen. Finally, it turns out that the best pathway for threats, whether they are phishing or malware related, is through a browser. It could be IE, Firefox, Chrome, you name it. As opposed to an antimalware solution which addresses threats after they’ve already landed on the device, the browser is in the unique position to be able to detect and block the threats before they ever make it onto the device. This type of blocking is done using SmartScreen technology and it quite literally is your first line of defense while you’re online. SmartScreen technology takes advantage of the Microsoft cloud, which crawls the internet looking for new URLs and apps to apply reputations to. From there, Windows and Internet Explorer can block malicious, or even suspicious, sites and apps.

Interested?  Learn more:

Or Contact Us today…you know we’d love to talk about Windows 10!

Leave a Reply

Theme by Anders Norén