Technology Microsoft Announces Major Security Push for Windows 11

Gandalf_The_Grey

Level 78
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,766
Microsoft today unveiled a wide array of new security features and updates for Windows 11, providing users with comprehensive protections.

“Today’s threat landscape is unlike any we’ve seen before,” Microsoft vice president David Weston writes in the announcement post. “Attacks are growing in speed, scale, and sophistication. In 2015, our identity systems were detecting around 115 password attacks per second. Less than a decade later, that number has surged 3,378 percent to more than 4,000 password attacks per second. This landscape requires stronger and more comprehensive security approaches than ever before, across all devices and technologies we use in our lives both at home and at work.”

The list of security advances Mr. Weston describes is vast, so I will focus on what I see as the highlights. But if you care about security, be sure to read the original post. It’s rather incredible.

Most impressively, perhaps, Microsoft convinced its PC maker partners to adopt its Pluton security processor in all new Copilot+ PCs, making them so-called Secured-core PCs. Pluton is like a TPM chip on steroids that uses Zero Trust principles to secure all the data on the PC, even if it’s physically stolen or compromised by malware. But that’s not all: Copilot+ PCs also provide Windows Hello Enhanced Sign-in Security (ESS), with more secure biometric sign-ins that eliminate the need for a password. (ESS is also available on other compatible Windows 11 devices.)

To protect against credential and identify theft, Windows 11 now enables Local Security Authority (LSA) protection on all PCs, not just on commercial PCs as before. Windows Hello has been updated to protect passkeys, and hardened by default on PCs without biometrics to protect against admin-level attacks. Looking to the future, Microsoft plans to deprecate NT LAN Manager (NTLM) in the second half of 2024, and is previewing a hardware-backed cryptographic key protection feature.

Smart App Control is a well-hidden feature in Windows 11 that helps protect you from malicious and untrusted apps that you download and install from the web. To date, this feature has been enabled in a special evaluation mode by default, but Microsoft has switched this to be enabled by default for all users now, thanks to AI learning enhancements. According to Weston, this feature “is incredibly effective protection against malware.”

Microsoft is opening up its virtualization-based security (VBS) functionality to third-party app makers so they can host this software-based trusted executive environment in their own apps. (You can learn more about this feature here.)

Microsoft also appears to have evolved the Win32 app container from Windows 10X into a new Win32 app isolation feature. Built on AppContainers, Win32 app isolation is now close to general availability and provides a security boundary between individual apps and the system, with brokered access to resources like printer, registry, and file access.

Because most Windows users run with Admin privileges, Microsoft is updating Windows with new just-in-time admin access to the kernel and other critical services as needed, and not by default. When this feature is enabled, you’ll be asked for approval, and you’ll use Windows Hello to approve or deny requests. This feature is currently in private preview but will enter public preview soon.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,224
After creating this thread, a similar one was created by D. Weston from Microsoft.
 

Victor M

Level 10
Verified
Well-known
Oct 3, 2022
452
The ever continuing 'pushes' mean little to home users. Microsoft has less incentive to improve security on Windows because they can never upset the security businesses. And if they try too hard to compete in security, the government will accuse them of ant-competition. They are forever stuck, Windows will always only offer minimum protection at most equivalent to free versions offered by vendors.
 
Last edited:

SpiderWeb

Level 11
Verified
Top Poster
Well-known
Aug 21, 2020
505
Copilot sounds like a privacy and security nightmare. Yeah it's convenient until you realize it is also snooping on anything deeply private you are doing on your PC including creating and typing passwords. Where is all that data going? They gave their AI an unprecedented level of access to the OS that would cause outrage if it was any other program. Like others have said, I am not confident about Microsoft's efforts to improve security. 1 step forward, 2 steps back.
 

oldschool

Level 82
Verified
Top Poster
Well-known
Mar 29, 2018
7,199
Copilot sounds like a privacy and security nightmare. Yeah it's convenient until you realize it is also snooping on anything deeply private you are doing on your PC including creating and typing passwords. Where is all that data going? They gave their AI an unprecedented level of access to the OS that would cause outrage if it was any other program. Like others have said, I am not confident about Microsoft's efforts to improve security. 1 step forward, 2 steps back.
I tend to agree with your concerns but will wait for details to be fleshed out by MS when these devices actually roll out. One thing I notice especially in the OP is this regarding Smart App Control:
... Microsoft has switched this to be enabled by default for all users now, thanks to AI learning enhancements. According to Weston, this feature “is incredibly effective protection against malware.”
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,224
Microsoft says that SAC “is incredibly effective protection against malware”. But why?
  1. Almost all malware is unsigned or signed with fake certificates.
  2. Even if the initial malware is signed, almost all payloads (especially DLLs) are unsigned.
  3. People who use SAC, usually do not download/install many applications.
  4. Currently, SAC is an unpopular protection among users.
I think SAC is now "incredibly effective", but this will change when most people start using it. The attackers will start using signed malware more often.
 

SpiderWeb

Level 11
Verified
Top Poster
Well-known
Aug 21, 2020
505
I tend to agree with your concerns but will wait for details to be fleshed out by MS when these devices actually roll out. One thing I notice especially in the OP is this regarding Smart App Control:
It didn't take long. Microsoft Copilot took out Bing, DuckDuckGo, and Ecosia due to an issue even OpenAI is being dragged down by this. Can you imagine the chaos if this is unleashed on consumer devices? Copilot is being rushed out, less than bera stage and I doubt Microsoft has covered most of the possible avenues that it can be abused to extract information from clueless users.

 
  • Wow
Reactions: oldschool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top