Windows 11, an even safer operating system

(To Carlo Mauceli)
09/08/21

We want to move people from needing Windows,
to choosing Windows,
to loving Windows.

[Satya Nadella]

Microsoft had the ambition to make Windows not just an operating system but a brand and a brand is not just a name, a color or a logo. It is what we can define as something that “allows people to do the things they think are of most interest to themselves while offering the best possible experience”.

If companies can draw a great lesson from the experience lived last year, I believe that it can be said that: "they must be resilient and that technology and the cloud are two of the most important factors to be able to meet this need".

The global pandemic has accelerated digital transformation in a way unimaginable until recently and the fact that more and more thehybrid works it created the conditions for various organizations to need an operating system that allowed people to work, study or learn no matter where they were. All this, without forgetting safety because, as Albert Einstein said: "Man and his safety must be the first concern of any technological adventure".

It is precisely the security features of Windows 11 that I want to tell you about. For everything else, I refer you to the blogs and official sites:

Let's start again from what happened in the last year, the year in which Personal Computers and, in general, devices of all kinds have kept us in contact with family and friends and have allowed companies to continue to operate even in an extremely critical situation. In this context, the responsibility of a company like Microsoft, whose operating system is used by over a billion people, has grown even more and the thought has turned to how to continue to offer the best quality, experience and safety possible.

As a matter of fact, while everyone, more or less, has adapted to working from home, it has been rare to spend a day without reading reports of new cybersecurity threats. Phishing, ransomware, supply chain and IoT vulnerabilities were the headlines in newspaper and media articles that highlighted even more how attackers are constantly developing new ways to wreak digital chaos.

Therefore, as the scale and sophistication of attacks increases, operating systems must also be developed according to different paradigms that take into account the entire chain of protection, from hardware to software, from chip to cloud.

As I said, Windows 11 has been redesigned forhybrid works but with extremely high security criteria based on the adoption of the "security by design" principle, adopting new embedded security technologies that add an additional level of protection both during use locally and during access to platforms and cloud services while enabling productivity and new experiences.

The key security features, activated by default, in addition to those already present in Windows 10, are:

  • hardware-based process isolation;
  • cryptography;
  • malware prevention.

In addition, Windows 11 will make it easier to leave passwords by improving the way corporate endpoints are accessed using the “Windows Hello for Business” service.

And we all know how much access to systems via username and password poses the greatest risk to users and organizations around the world.

In this regard, I invite all readers to visit the site https://haveibeenpwned.com/ and enter your email address.

For the development of Windows 11 Microsoft has worked, if possible even more strongly, in close contact with its partners to ensure better digital security thanks to the specifications of the so-called "secured-core PC", a new generation of devices in which the best safety features are adopted already at the level of firmware systems. The declared goal is to make this type of Personal Computer extremely more resistant to cyber threats than traditional devices.

These devices combine hardware, software, and operating system protections to provide end-to-end guarantees against sophisticated and emerging threats such as those against hardware and firmware that are on the rise according to the National Institute of Standards and Technology and Department of Homeland Security.

The report Security Signals found that 83% of companies have experienced a firmware attack and only 29% are allocating resources to protect themselves.

If threats continue to grow and improve in terms of sophistication and quality, we can't think of not doing the same on the device development front. Those who think or argue about the fact that it is a deliberate maneuver to allow multinationals or hardware manufacturers to get rich, forget that it is the normal development of technology or make ideology or even pretend not to look reality in the face.

As a demonstration of the increasing importance of cyber security, the use of Windows 11 is dependent on the presence of the TPM (Trusted Platform Module), that is a chip integrated in the motherboard of the PC or added separately in the CPU whose purpose is that to protect encryption keys, user credentials and other sensitive data thanks to a sort of hardware barrier so that malware and attackers cannot access or tamper with such data.

It is correct to underline that for some years Microsoft has been requesting it on certified products, that is, on notebooks and, more generally, on all products designed for companies.

On many assembled systems, also for reasons of price containment, motherboard manufacturers do not integrate this module and therefore it may be possible to encounter some difficulties in installing Windows 11 on your PC. In any case, this is an “obstacle” that can be overcome thanks to the fact that processor manufacturers have been integrating, for some time now, a specific security module compatible with the Trusted Platform Module specifications in their latest CPU models. Some examples? Intel Platform Trust (Intel PTT), AMD PSP fTPM and Qualcomm TA. And in any case, safety comes first !!!

It is important to remember that, in most cases, the TPM embedded in the CPU must be enabled by the BIOS.

Finally, Windows 11 also has immediately available support for MAA (Microsoft Azure Attestation), a unified solution to remotely verify the identity, trustworthiness of a platform and the integrity of the binaries running within it, based on Azure and which allows you to apply zero trust policies to any platform.

All of the above is compatible with the next devices that will be equipped with Pluton chip, unveiled in November 2020, as well as with any device using the TPM 2.0 security chip, including hundreds of devices available from Acer, Asus, Dell, HP, Lenovo, Panasonic, and many more.

The release of Windows 11, as mentioned, takes place at a time when it is now clear that smart working, from a necessity linked to the pandemic emergency, has become a company policy that will also be consolidated in the near future and will evolve more and more towards forms flexible working: in the office and remotely.

Just to try to improve collaboration in the new "hybrid" work environments, Windows 11 has a revised user interface that maintains, in any case, a certain familiarity with the past.

The Start menu has been completely revised to have a more modern interface and allow you to find the most used apps and documents more easily and quickly.

Windows 11 improves interaction with open windows on the desktop by keeping "memory" of running processes. In this way, for example, when we unplug our notebook from the workstation at home, the system automatically recharges them when we reconnect from the office, in order to resume the work flow.

In Windows 11 there is a great focus on the world of collaboration thanks to the integration with Microsoft Teams. It will be easier to mute or unmute the microphone, share your desktop or even a single application during a meeting right from the desktop taskbar.

To conclude, it is no coincidence that the development of the new Microsoft operating system has taken into account the increasing spread ofhybrid works, a new way of working that virtuously includes both distance and presence. The new challenge for all organizations is to create a physical and digital workplace capable of meeting the new needs of people and business.

Microsoft has tried to respond to the requests, opportunities and still open questions that have arisen by thinking of a product that can help organizations be resilient thanks to a technology that is an essential part of it.

The goal or ambition, if you prefer, is to make Windows 11 an ideal platform to complete the digital transformation of companies and to allow people to work from home or office seamlessly.

Finally, Windows 11 will be easy for IT teams to manage and provide advanced security to address the increasingly complex cyber security landscape.

A security that is really a service, according to the strategy of the Redmond house; Security as a service.

Useful links

Introducing Windows 11 | Windows Experience Blog

Windows 11: The operating system for hybrid work and learning | Microsoft 365 Blog

https://haveibeenpwned.com/

National Institute of Standards and Technology

Department of Homeland Security

Security Signals Report

TPM

Microsoft Azure Attestation

Pluton chip

Events

Click on the days highlighted in red and find out what's in evidence.
Tales of military life
Send us your story
Tribute (due) to the 80th "Roma" infantry who takes leave with honor

Well, yes, we are now used to witnessing the closure of the barracks and perhaps even a little to burying the long history of the departments, a phenomenon which however does not erase the memories. It also touched...

Read the story
"Il Signor Parolini" (ninth part)

The baked chicken, as expected, had lived up to its reputation, consolidating, where needed, the undisputed culinary mastery of Gastone, chief ...

Read the story