Microsoft sheds light on Windows 10 security improvements
Microsoft has not really revealed a lot about Windows 10 up to this day. While it has released a preview build of the operating system and a first update for it recently, one could still come to the conclusion that Windows 10 is like Windows 8 but with a start menu and the option to run apps in windows on the desktop.
The company started to open up only recently and reveal additional information about Windows 10. It published a lengthy blog post today on the Windows For Your Business blog that details security improvements coming to the operating system.
Aimed at business and enterprise customers, it provides insight for consumers as well.
One of the changes discussed in the blog post is how Microsoft plans to change how users identify themselves on the system. Microsoft plans to eliminate single-factor authentication systems such as user/password log ins by building improved protection right into the operating system.
The core idea is to use the device itself as a factor for authentication while a password or fingerprint is being used as the second factor.
This is multi-factor authentication at its core but with the difference that the computer or device itself is being used as a factor in the authentication process.
Users enroll one, some or all of their devices and can use these devices for authentication then. This can be a mobile phone for example, a laptop or a desktop PC.
Users will be able to enroll each of their devices with these new credentials, or they can enroll a single device, such as a mobile phone, which will effectively become their mobile credential. It will enable them to sign-in into all of their PC’s, networks, and web services as long as their mobile phone is nearby. In this case, the phone, using Bluetooth or Wi-Fi communication, will behave like a remote smartcard and it will offer two factor authentication for both local sign-in and remote access.
Another new feature that Windows 10 ships with is better control over VPN connections. The operating system ships with control options to select which apps have network access when the device is connected to a virtual private network.
Security can be strengthened further by specifying ports and IP addresses of allowed connections.
A third change is an ability to lock down devices. This enables organizations to only allow trusted apps to run on a device. Trusted in this regard means signed using a Microsoft provided signing service. Apps in this context includes desktop (Win32) applications as well.
Last but not least, Microsoft attempts to protect information on corporate systems to avoid the leaking of corporate data by using automatic encryption for documents, emails and other sensitive information when it arrives on a device from a corporate network location.
With all that said, it is unclear right now which features discussed in this article will find their way into consumer versions of Windows 10 and which are limited to enterprise versions.
Very interesting post. I can see that the “run only trusted applications” may be tricky. I have *.exe applications that I have built for my own use — no Microsoft trust key. I usually distribute these intramurally to my co-workers by packing them in a setup file. Presumably installation of these would be disallowed by Win 10, I guess?
I also expect that there will be small-pool applications — like the obscure trending program I use, which was ported from Linux — which may not get a trust key. Or may not get it expeditiously. (In essence, this last issue is the same one faced by Linux trusted repositories: how do the curators keep the repo up-to-date in all cases? How soon can a user — or a developer — expect to see an application added to the repository? Get in the queue, lads… corporate players go to the head of the line, small-scale devs to the tail end.)
But certainly the current situation is destructive, with trojans, spyware, and adware a growing scourge among Windows software.
Tricky. Microsoft dominated the desktop/laptop market in large part because of the hugely diverse software ecosystem it encouraged. And that ecosystem grew precisely because of its uncontrolled nature — write a really good application, put it online, and watch the downloads roll.
Putting the brakes on the Windows ecosystem without stifling it: that will be an interesting balancing act for Microsoft.
It sounds like blocking non-signed applications is simply an option rather than a locked-in feature of the OS.
Yeah, probably. Which makes it fully as secure as the current system of “run as administrator” popups… which can allow a 10-year-old to install any executable they fancy. Making it optional makes it ineffectual, doesn’t it?
No, making it optional doesn’t make it ineffectual, not exercising the option makes it ineffectual.
10-year-olds can only ‘run as administrator’ if there is no admin password or somebody told it to them.
Mmm. Well, perhaps, John. What I see when I look at friends’ computers is that they’re all — every one of them — running as administrator. They want to install whatever they download easily and quickly. The most recent call I got was from a friend who installed Open Office, a trustworthy package, from an untrustworthy site. The site loaded the Trovi hijacker, which was why she called me.
Personally, I think that the average consumer-level Windows user does not understand why they should put up with the limitations of logging on with less than full privileges. Given an option, they will always choose to log on as admin.
Here’s a snip from a Windows blog: “There are times when some applications require administrator permissions in order to work or to run specific commands. Luckily, both Windows 7 and Windows 8 provide many ways you can use to run programs as administrator. We found 5 methods and if you know others, you are welcome to share them.”
Five methods for bypassing user account control! Post more if you know them, guys.
I think that where an IT department enforces account control, the security system will work. Where users are careful and cautious, it will work. But otherwise, I think that for average Windows users optional account control will always mean ineffectual account control.
Just my opinion, of course. Perhaps you’re right with regard to Win 10, though.
That’s not five methods of bypassing account control, that’s five methods of using account control to legitimately access administrator privileges. I do not know why you want to blame Microsoft for users not being careful. They aren’t our mothers. I’m not a fanboy of theirs by any means but people seem to want the impossible from them – an easy to use system with foolproof security that is not cumbersome and inconvenient, that users cannot turn off or make ineffective with their own stupidity. That’s not a thing that can be made. It’s like asking for a fruitless fruit cake.
Consumers will never stand for this. Start the PC and log in to Facebook, check email, and browse. If more restrictions are put on consumers using Windows 10, more will avoid it and move to Mac or Chromebooks. Enterprises, on the other hand will likely find this intriguing, as long as IT has control. This should be a part of Windows 10 Enterprise, possibly Pro, but not bare bones Windows 10.
Consumers will never stand for what? I don’t see any actual restrictions here, just greater options.
I overgeneralized by using the word consumers, when I was considering a subset of our customers. Many of our customers do not want passwords on their PC’s. So we setup Windows 8.1 with local accounts, not MS accounts, for these people. I agree that giving the user the option of adding layers of security is desirable. Some people, just won’t go for it.
All is for naught as long as all uses are superusers.
The only way any OS Windows will ever be even close to secure is if Microsoft quits automatically giving superuser privilege to ALL user accounts by default, and instead make all new installation instances of Windows OS default to having an Admin account with superuser privilege and one or more limited-privilege accounts for the user(s) to do their daily work.
In addition, by default, NO .exe or .dll or other binary program should be executable in the context of any limited-privilege account, meaning that all binary software MUST first be installed from a superuser account for the system to use as a whole. It will also most likely be necessary to prevent even non-binary programs from running in the user-context without explicitly granting them permission.
That would solve about 99.999% of the malware problems and until that is done everything else is just adding additional ineffective security band-aids on top of a whole pile of other, older, ineffective security band-aids.
Furthermore, my experience with those piles of security band-aids is that malware finds a way around them every time, and then those “security” band-aids turn into major impediments for removing the malware. In other words, the security measures don’t block the malware, but does block the sys admin efforts.
Yeah, Asok, I tend to agree… mostly. Of course, if it’s my box and I know the superuser password, then there’s nothing to prevent me from typing something like sudo dpkg -i nastytrojan.deb. But we agree that whatever happens next is my own fault. Just as it would be if I clicked “run as administrator” when launching nastytrojan_setup.exe.
I think Microsoft is still floundering — you’re right about the band-aid approach, Asok. I don’t see “trusted applications” as a strong security solution, or even an especially sturdy leg. I’m not sure how effective their “limited-permissions-for-apps” approach will be, or whether it is even viable for applications using the Win32 API. I don’t see strong user permissions enforced. I don’t see an OS-wide sandboxing of processes, though MS’s flirtation with Docker may lead in that direction.
But at least MS is thinking about security. Um. Wait. There is that thing about the keylogger-and-call-home code in Win 10 preview… how much will be removed in the final release, and how much of the code will remain in the OS, inactive but waiting?
So perhaps “security” is an ironic word to use in the context of Microsoft.
This is as clear as mud. Enroll?? Enroll where? With Microsoft? Also, it sounds like it requires an Internet connection to login to your computer. Does it?
It sounds like they’re going off the deep end with respect to login security, which really isn’t all that much of a problem. How about changes to the OS that defend against malware? That’s a far more significant threat.
Windows 10 is still a NT/Win2000 copied code OS. No amount of slapping security patches will help. The same goes for IE11/12.
Foe secure OS Microsoft has to re-write the OS from the start.
I foresee that when you upgrade PC, OS became locked down and fails to log in or operate. Don’t like that already.