Microsoft Windows 10: Three Security Features To Know About

  /     /     /  
Publicated : 22/11/2024   Category : security


Microsoft Windows 10: Three Security Features To Know About


Microsofts next-generation operating system Windows 10 will be available as a free upgrade to Windows 7 and 8.1 users on July 29. But Windows Enterprise version customers will have to wait until later this year.



Application-vetting and biometric authentication headline the new main security features in Microsofts new Windows 10 operating system, which the company today said will begin shipping for free on July 29 to users of Windows 7 and 8.
Windows 10s arrival cant come too soon amid doom-and-gloom predictions of the demise of Windows after Microsofts failed makeover of Windows with the tile interface-heavy and startup menu-missing Windows 8. Aside from the return of the beloved startup menu, a personal assistant called Cortana and a new faster and more personalized browser called Edge, Microsoft also is launching some significant new security features in Windows 10, most of which are available in the first release.
Windows security expert Marc Maiffret says with the new Windows 10 security features combined with the new Windows Store for authorized and vetted applications, Microsoft is making the desktop ecosystem look a lot more like the smartphone -- which is good news for security. There are interesting security implications to that: part of what all of us are fighting is how to better control apps and code in environments, he says.
 
1.  Device Guard
Microsofts new Device Guard is aimed at blocking zero-day attacks by vetting applications that try to access a Windows 10 machine and its network. It basically blocks any applications that are not signed by specific software vendors, the Windows app store, and an enterprise itself.
Acer, Fujitsu, HP, NCR, Lenovo, Par, and Toshiba, have teamed up with Microsoft to use Device Guard on their Windows-based devices. It supports point-of-sale systems, ATM machines, and other Internet of Things-type devices running Windows.
To help protect users from malware, when an app is executed, Windows makes a determination on whether that app is trustworthy, and notifies the user if it is not. Device Guard can use hardware technology and virtualization to isolate that decision-making function from the rest of the Windows operating system, which helps provide protection from attackers or malware that have managed to gain full system privilege, blogged Microsofts Chris Hallum recently on the new Windows app feature.
Microsofts Hallum argues that Device Guard, unlike antivirus and whitelisting software, isnt an susceptible to insider tampering or credential hijacking or unknown malware sneaking past, but the feature likely will work in concert with AV and whitelisting or other app-control products.
Traditional AV solutions and app control technologies will be able to depend on Device Guard to help block executable and script based malware while AV will continue to cover areas that Device Guard doesn’t such as JIT based apps (e.g.: Java) and macros within documents, Hallum said.
Interestingly, Device Guard also operates virtually so that if the Windows kernel is compromised, Device Guard is not, according to Microsoft. It requires policy provision software.
2.  Windows Hello
Windows Hello has been touted by Microsoft as a password-killer feature that uses biometrics -- your face, iris, or your fingerprint -- to launch Windows 10 devices rather than those pesky and vulnerable passwords.
Joe Belfiore, corporate vice president of Microsofts operating systems group, says Hello is more secure because it allows you to authenticate applications, enterprise content, and online experiences without storing a password on the user device or on a network server.
The catch is you need a machine with a fingerprint reader and scanning software and hardware for the infrared technology to identify a user by his face or iris. And the devices require Windows Biometric Framework support.
Were working closely with our hardware partners to deliver Windows Hello capable devices that will ship with Windows 10 and we are excited to announce that all OEM systems incorporating the Intel RealSense 3D Camera (F200) will support the facial unlock features of Windows Hello, including automatic sign-in to Windows, and support to unlock Passport without the need for a PIN, Belfiore said in a post about Windows 10 today.
Maiffret says Microsoft appears to have developed Hello as a viable form of authentication for the enterprise as well. Theyve gone the lengths to make this secure from a crypto perspective, so it can be ... accepted as a real form of authentication in the enterprise, he says. 
[Harder to spoof and easier on users, behavioral biometrics may be bigger than passwords soon. Read
Behavioral Biometrics On The Rise At RSA Conference
.]
3. Passport
Also in sync with the theme of password liberation is Windows 10s new Passport feature that lets users authenticate to applications, websites, and networks
sans
passwords.
Windows 10 will ask you to verify that you have possession of your device before it authenticates on your behalf, with a PIN or Windows Hello on devices with biometric sensors. Once authenticated with “Passport”, you will be able to instantly access a growing set of websites and services … favorite commerce sites, email and social networking services, financial institutions, business networks and others, according to Microsoft.
Passport will work with Microsofts Azure Active Directory Services, according to Microsoft, and the users biometric signature is secured and stored locally on the user device and used only to unlock it and for Passport; its not used to authenticate via the network.
Microsoft isnt dictating the death of passwords, however, although now as part of the FIDO Alliance its working to help replace passwords in the future. So users or organizations who cant bear to part with their passwords and password management dont have to deploy Windows Hello and Passport in Windows 10 at all.
Meanwhile, Microsoft also has made some subtle but key changes in Windows 10 under the hood using containers and virtualized sandboxes to better secure desktops, Maiffret says. But Im sure at Black Hat or next year someone will do a talk on how to break out of the [Windows 10] sandbox. thats inevitable.
Even so, Microsofts taking that approach with Windows is a game changer for the OS, he says.
 

Last News

▸ Feds probe cyber breaches at JPMorgan, other banks. ◂
Discovered: 23/12/2024
Category: security

▸ Security Problem Growing for Dairy Queen, UPS & Retailers, Back off ◂
Discovered: 23/12/2024
Category: security

▸ Veritabile Defecte de Proiectare a Securitatii in Software -> Top 10 Software Security Design Flaws ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft Windows 10: Three Security Features To Know About