From the 80s through the 90s, Microsoft didn’t take security seriously. They acted as if it was someone else’s job, and companies like Symantec and McAfee came to market and flourished. But, to flourish and sell their security offerings on Windows, the security company had to increasingly disparage the product they were securing—Windows.
In the early 2000s, Microsoft had had enough, and they bought their security firm and began to focus on securing their platforms more aggressively. As time went on and Satya Nadella put his brand on the company, Microsoft put even more resources on security. It now appears to be one of the primary strategic areas for the firm. They are more like IBM regarding their security priorities than the old Microsoft that existed before the last century.
Windows 10 represented a significant jump in Windows security, but Windows 11 goes much farther and forces decisions like using secure boot and enabling the TPM to function. The result is that Windows 11 should be significantly more secure than even the most well-patched version of Windows 10.
Windows 11 Specifications
Microsoft, in August, released an update to their hardware requirements for Windows 11, and virtually all of the focus is on security. You have to have a relatively current processor that contains the security elements they now require. You have to have and have enabled the system’s TPM (Trusted Platform Module) and enable secure boot.
Interestingly, most of the consumer products I’ve tested in the last several years don’t have a TPM and have secure boot enabled. While this is a significant step away from backward compatibility that has been a part of other Windows launches, the user and corporate benefits are significant.
These security improvements were driven from input from the NSA, UK National Cyber Security Center, and the Canadian Centre for Cyber Security. This compliance with government advice helps assure Windows 11 will meet the aggressive security requirements in the US, UK, and Canada.
User And Corporate Security Benefits
As I mentioned, the benefits to the user are, according to Microsoft, significant. These benefits include a far higher reliability level; systems without these requirements have 52% more kernel mode crashes, supporting the conclusion that Windows 11 will be far more reliable.
Requiring the TPM enables Windows 11 to become a trustworthy passwordless platform with easy-to-use dual-factor authentication finally. This TPM is also critical for tools like BitLocker and advanced encryption to protect the system better. The TPM also binds the web credentials to the team, enables better device encryption, and significantly limits the amount of data loss resulting from PC hardware theft.
UEFI Secure Boot ensures that the system only boots from trusted sources like OEM, core technology, silicon vendor, or Microsoft. This approach largely immunized the related machine from identity theft, validated by the NSA; UEFI Secure Boot is one of the few ways to ensure your PC isn’t infected by a rootkit that operates below the OS.
One additional benefit is that the new hardware requirements for Windows 11 provide a more consistent baseline for collaborative apps like Microsoft Teams—assuring that new systems running Windows 11 should run collaborative apps like WebEx, Zoom, and Microsoft’s Teams more reliably.
Drivers that were poorly written and implemented were the bane of Windows 95 and have continued to be problems since. A significant focus on assuring modern drivers are installed in a timely manner should significantly improve Windows 11 reliability and security.
The PC Health app for Windows 11 has been updated and now provides more assistance to the user to make his PC compatible with the new operating system. While users on Windows 10 will still have support through October 14, 2025, it is generally advised that, if possible, they upgrade and gain the benefits of the far more secure Windows 11 platform when practical.
Windows 11 supports VBS, Virtualization-Based security, which enables some special extra security functions. VBS disables dynamic code insertion into the Windows kernel, assures drivers meat policies set by Microsoft and the user, and enables credential types (like NTLM). VBS also makes the systems compliant with DoD security requirements. VBS alone could be a security game-changer.
Finally, raising the system requirements improves compatibility by reducing the complexity and diversity of the hardware, ensuring parts suppliers a more reliable and easier path to releasing a reliable, headache-free offering.
Windows 11 represents the most significant security move Microsoft has ever made on the desktop. Windows 11 is the first product version that forces users and companies to turn on security services like the TPM and Secure Boot to create a far more secure and reliable solution for desktop work and collaboration.
With Windows 11, Microsoft has significantly raised the bar for desktop security. In the face of nation-state level threats, it may be the single most extensive protective measure a user or a company can make to secure their PCs.
*** This is a Security Bloggers Network syndicated blog from Security – TechSpective authored by Rob Enderle. Read the original post at: https://techspective.net/2021/08/28/why-microsofts-hardware-baseline-for-windows-11-is-important/