Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Microsoft shows why Windows 11 needs TPM – even if some PCs are left out in the cold

Image Description

Windows 11 security is something of a hot topic, as the revamped OS comes with much tighter defenses than Windows 10, but with the side-effect of creating controversy and confusion on the system requirements front (and indeed for gamers – more on that later).

However, Microsoft recently produced a video to show how Windows 11’s new protective measures – which include TPM (Trusted Platform Module), Secure Boot and VBS (Virtualization-Based Security) – help to make systems safer against hackers. And furthermore, it reminds us how these moves are an extension of what was already happening with Windows 10 (but crucially, not on a compulsory level).

The clip stars Microsoft’s security expert Dave Weston who explains more about why this higher level of security, which entails the aforementioned raised hardware requirements – including support for TPM 2.0, which rules out a fair number of not-all-that-old PCs – is required to defend against some potentially nasty security breaches.

Weston shows how this nastiness could play out in real world situations, first of all demonstrating a remote attack leveraging an open RDP (remote desktop protocol) port, brute forcing the password, and then infecting the machine with ransomware. This was on a PC without TPM 2.0 and Secure Boot, and naturally, wouldn’t be possible on a Windows 11 system.

The second attack used for demo purposes is an in-person one using a PCI Leech device to access system memory and bypass fingerprint recognition to login. VBS stops this kind of attack being leveraged against a Windows 11 system, and the former remote attack is prevented by UEFI, Secure Boot and Trusted Boot (in conjunction with TPM).


Analysis: Land of confusion

This is an interesting look at the nuts-and-bolts of how these security countermeasures work against real life attacks. Clearly, in some scenarios there are good reasons for mandating TPM and the other mentioned security technologies to help keep a PC safer against a possible attack, whether that’s a remote or local intrusion.

No one is going to argue against better protection, but the issue with making these pieces of security tech a compulsory part of the system requirements is the confusion around whether or not a PC has these capabilities.

In some cases, newer machines do indeed have TPM on-board, it just isn’t enabled – leading to a frustrating situation where the owner of a modern device could be told it isn’t compatible with Windows 11. And while it might just be a case of switching TPM on, which isn’t difficult for a reasonably tech-savvy person, it could be very intimidating for a novice user (involving a trip to the BIOS, a scary place for the untrained eye).

VBS or Virtualization-Based Security has run into further controversy, as well, given that while this isn’t an issue for upgraders from Windows 10, it will be enabled by default on new PCs that come with Windows 11 – and it causes slowdown with gaming frame rates. By all accounts, VBS can be a pretty serious headwind for frame rates, too; and again, this adds to the confusion around what’s going on with Windows 11 machines in general.

Having a more secure PC is great, without a doubt, but there are costs here which have a potentially negative impact on the experience of some users adopting (or trying to adopt) Windows 11.

Via Neowin

Date

11 Oct 2021

Sources


Share


Other Blog

  • Microsoft is drenching its Azure servers to boost performance

    A production Azure server is dishing out compute from inside a bathtub.

    Read More
  • All AMD EPYC processors could be vulnerable to some serious security flaws

    Academic researchers discover vulnerabilities that affect the first three generations of AMD EPYC processors.

    Read More
  • Computex goes online-only for the second year running – here are the dates

    TAITRA has cancelled the show's onsite exhibition due to the ongoing pandemic

    Read More
  • Trying out Windows 11 ahead of release just got a bit easier

    Microsoft has released ISO images for Windows 11, essentially bypassing the need to update.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us