You may have heard that Windows 11 will only run on new computers, all because of security concerns. This is not entirely a true statement, so let’s explain what changes and novelties appear in Windows 11 and how they affect the protection of your computer.
If you remember older editions of Windows, mainly before Windows XP, you surely know that antivirus was an inseparable companion at that time. It also required adequate machine performance, as this type of program running in the background was a resource-intensive program and should not be turned off. After the spread of access to the Internet, the situation became even more serious, as the threats increased – not only files that were transferred to each other via various carriers, but also data, applications and multimedia from the Internet. Circumstances have become more user-friendly when Windows systems gained built-in protection mechanisms, and those available today are fully sufficient for many users to maintain data security against various threats, because these take more and more forms and do not apply only to software.
A new era in computer security
That is why Windows 11 was built from scratch, including TPM 2.0 support. Trusted Platform Module is an extension of this abbreviation, and it is a chip present on the computer’s motherboard. It is responsible for the protection of encryption keys, user authentication and all other compromised data and information. This module is not required for the operation of Windows 11, but it is recommended, so before updating it is worth making sure that our computer is compatible with the new version of Microsoft’s system. This module protects, for example, a set of information that allows you to confirm the user’s identity when logging in, and to do this we no longer only use passwords and PIN codes, but also biometric solutions. Windows 11 thus combines security on the level of software and hardware like no previous system.
Login without a password, i.e. safer login
Our faces and fingerprints are more secure than any passwords. Thanks to Windows Hello, all we need to do is look at the screen or put our finger on the reader to log in to your account. According to Microsoft, the future is passwordless, and the capabilities of Windows 11 fit into it perfectly – today you can disable the classic password on your Microsoft account and choose from several methods of user verification. TPM is also the foundation for BitLocker-based solutions that protect user data stored in computer memory.
The second name worth mentioning is Platoon, which only takes a few years to move from Xbox to PC. This solution uses a chip embedded in the processor, which recognizes possible physical manipulations in the communication between the processor and the TPM chip. Pluto provides the unique Secure Hardware Cryptography Key (SHACK) technology that helps confirm that the keys have never been exposed outside of the protected hardware, even for the Pluto software itself. It sounds quite complicated, but in the end we are sure that the sensitive information stored in the TPM chip has not left our virtual “safe”.
Security in Windows 11 and the cloud
But omitting the issues related to the remote protection of machines in 2021 would be inadvisable, because Windows 11 supports MAA, i.e. Microsoft Azure Attestation, which allows for remote verification of hardware and software integrity. The presence of this solution in Windows 11 will allow organizations to enforce Zero Trust policies when accessing sensitive cloud resources. Briefly explaining what Zero Trust is, it is enough to say that it is about strong verification of user identity, verification of the health of devices and applications, and access with the lowest level of rights to resources and services. It is worth mentioning that the combination of such technologies resulted in a reduction of malware presence by 60% on the tested devices.
All settings in one place
On the highest security layer, there is a new interface for security and privacy settings in Windows 11, where a clear and readable section with all the most important system functions awaits each user. In one place you can decide which applications get access to what information and data (such as location, microphone sound, camera image, contacts, calendar and many others), as well as enable the device finding function in case of loss due to theft or failure. Also here you can see what changes and actions were made not only on this one, but also on other devices, where we are logged in to Windows 11 using a Microsoft account, thanks to which we can conveniently control more than one device.
Windows 11 focuses on more convenient management of security settings and extends the scope of protection with hardware isolation. All this makes the use of Windows 11 not too complicated and demanding for the user, and at the same time the level of security has significantly increased to additional solutions that have not been available so far.
The material was created in cooperation with the Microsoft brand