Microsoft shows why Windows 11 needs TPM – even if some PCs are left out in the cold

Windows 11 security is something of a hot topic, as the revamped OS comes with much tighter defenses than Windows 10, but with the side-effect of creating controversy and confusion on the system requirements front (and indeed for gamers – more on that later).

However, Microsoft recently produced a video to show how Windows 11’s new protective measures – which include TPM (Trusted Platform Module), Secure Boot and VBS (Virtualization-Based Security) – help to make systems safer against hackers. Furthermore, it reminds us these moves are an extension of what was already happening with Windows 10 (but crucially, not on a compulsory level).

The clip stars Microsoft’s security expert Dave Weston who explains more about why this higher level of security, which entails the aforementioned raised hardware requirements – including support for TPM 2.0, which rules out a fair number of not-all-that-old PCs – is required to defend against some potentially nasty security breaches.

Weston shows how this nastiness could play out in real world situations, first of all demonstrating a remote attack leveraging an open RDP (remote desktop protocol) port, brute forcing the password, and then infecting the machine with ransomware. This was on a PC without TPM 2.0 and Secure Boot, and naturally, wouldn’t be possible on a Windows 11 system.

The second attack used for demo purposes is an in-person one using a PCI Leech device to access system memory and bypass fingerprint recognition to login. VBS stops this kind of attack being leveraged against a Windows 11 system, and the former remote attack is prevented by UEFI, Secure Boot and Trusted Boot (in conjunction with TPM).

Analysis: Land of confusion

This is an interesting look at the nuts-and-bolts of how these security countermeasures work against real life attacks. Clearly, in some scenarios there are good reasons for mandating TPM and the other mentioned security technologies to help keep a PC safer against a possible attack, whether that’s a remote or local intrusion.

No one is going to argue against better protection, but the issue with making these pieces of security tech a compulsory part of the system requirements is the confusion around whether or not a PC has these capabilities.

In some cases, newer machines do indeed have TPM on-board, it just isn’t enabled – leading to a frustrating situation where the owner of a modern device could be told it isn’t compatible with Windows 11. And while it might just be a case of switching TPM on, which isn’t difficult for a reasonably tech-savvy person, it could be very intimidating for a novice user (involving a trip to the BIOS, a scary place for the untrained eye).

VBS or Virtualization-Based Security has run into further controversy, as well, given that while this isn’t an issue for upgraders from Windows 10, it will be enabled by default on new PCs that come with Windows 11 – and it causes slowdown with gaming frame rates. By all accounts, VBS can be a pretty serious headwind for frame rates, too; and again, this adds to the confusion around what’s going on with Windows 11 machines in general.

Having a more secure PC is great, without a doubt, but there are costs here which have a potentially negative impact on the experience of some users adopting (or trying to adopt) Windows 11.

Via Neowin

TechRadar – All the latest technology news

Read More

Shift Left Is Upon Us

In the past few weeks and few months we’ve published demos, event sessions, webinars and whitepapers all sharing how organizations can embed security earlier on in the DevOps process. Securing their c…

Articles RSS Feed

Read More

Byte app launches to fill the 6-second video gap left by Vine

If you've been missing the ability to make and share short videos from your phone since Vine shut down, some good news: its replacement Byte has now officially launched for iOS and Android devices.

Byte is a lot like Vine – it's been developed by Vine co-founder Don Hofmann, and it sticks to the same 6-second recording limit of its predecessor.

Having launched at the start of 2013, Vine found a reasonable level of success before being picked up by Twitter. It was then shut down by Twitter as a cost-cutting exercise.

That happened in 2017, but shooting and sharing short videos has continued to be hugely popular among users – just take a look at the success of TikTok, for example.

Taking a Byte

Byte's backers will be hoping that it can tap into some of TikTok's success using even shorter video clips. For now the apps are fairly basic, without any of the filters or effects you might find in something like Snapchat.

One feature that is coming soon, and which is apparently a priority for the developers, is a way for creators to easily make money from their videos (something that apps like this don't always get right).

"Byte celebrates life, community, and pure creativity," runs the blurb alongside the newly released mobile apps. "Nostalgia is our starting point, but where we go next is up to you."

It's free to install and sign up for Byte, so point your phone towards the download pages for iOS or Android if you feel you've got some content sharing to do (and want to claim your username before anyone else does).

Via TechCrunch

TechRadar – All the latest technology news

Read More