Gandalf_The_Grey
Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Apr 24, 2016
- 7,364
Microsoft today unveiled a wide array of new security features and updates for Windows 11, providing users with comprehensive protections.
“Today’s threat landscape is unlike any we’ve seen before,” Microsoft vice president David Weston writes in the announcement post. “Attacks are growing in speed, scale, and sophistication. In 2015, our identity systems were detecting around 115 password attacks per second. Less than a decade later, that number has surged 3,378 percent to more than 4,000 password attacks per second. This landscape requires stronger and more comprehensive security approaches than ever before, across all devices and technologies we use in our lives both at home and at work.”
The list of security advances Mr. Weston describes is vast, so I will focus on what I see as the highlights. But if you care about security, be sure to read the original post. It’s rather incredible.
Most impressively, perhaps, Microsoft convinced its PC maker partners to adopt its Pluton security processor in all new Copilot+ PCs, making them so-called Secured-core PCs. Pluton is like a TPM chip on steroids that uses Zero Trust principles to secure all the data on the PC, even if it’s physically stolen or compromised by malware. But that’s not all: Copilot+ PCs also provide Windows Hello Enhanced Sign-in Security (ESS), with more secure biometric sign-ins that eliminate the need for a password. (ESS is also available on other compatible Windows 11 devices.)
To protect against credential and identify theft, Windows 11 now enables Local Security Authority (LSA) protection on all PCs, not just on commercial PCs as before. Windows Hello has been updated to protect passkeys, and hardened by default on PCs without biometrics to protect against admin-level attacks. Looking to the future, Microsoft plans to deprecate NT LAN Manager (NTLM) in the second half of 2024, and is previewing a hardware-backed cryptographic key protection feature.
Smart App Control is a well-hidden feature in Windows 11 that helps protect you from malicious and untrusted apps that you download and install from the web. To date, this feature has been enabled in a special evaluation mode by default, but Microsoft has switched this to be enabled by default for all users now, thanks to AI learning enhancements. According to Weston, this feature “is incredibly effective protection against malware.”
Microsoft is opening up its virtualization-based security (VBS) functionality to third-party app makers so they can host this software-based trusted executive environment in their own apps. (You can learn more about this feature here.)
Microsoft also appears to have evolved the Win32 app container from Windows 10X into a new Win32 app isolation feature. Built on AppContainers, Win32 app isolation is now close to general availability and provides a security boundary between individual apps and the system, with brokered access to resources like printer, registry, and file access.
Because most Windows users run with Admin privileges, Microsoft is updating Windows with new just-in-time admin access to the kernel and other critical services as needed, and not by default. When this feature is enabled, you’ll be asked for approval, and you’ll use Windows Hello to approve or deny requests. This feature is currently in private preview but will enter public preview soon.
Microsoft Announces Major Security Push for Windows 11
Microsoft today unveiled a wide array of new security features and updates for Windows 11, providing users with comprehensive protections.
www.thurrott.com