Microsoft Says Windows 10 Devices Can Be Made Secure: Here's How
If you have an up-to-date device running Windows 10, Microsoft has enabled new standards that it said can ensure "a highly secure experience." The new security standards apply to PCs, laptops, tablets, 2-in-1 devices, and mobile workstations running processors certified for the Windows 10 Fall Creators Update that began rolling out last month.
Those processors include Intel's 7th-generation i3, i5, i7, and i9 chips and 7th-generation AMD silicon, along with the Intel Core M3 and Xeon E3 processors and Intel's latest Atom, Celeron, and Pentium chips.
Microsoft has described its latest version of Windows 10 as its most secure operating system to date, with a number of new built-in features to protect against malware and other threats such as ransomware. The update includes several new security enhancements specifically for enterprise users, among them a suite of Windows Analytics services for business applications and devices.
Enabling Security Compliance
The new Windows 10 security standards also specify requirements for process architecture, virtualization, Trusted Platform Module, platform boot verification, RAM, and various firmware elements. For example, up-to-date security is enabled on devices with processors that support 64-bit instructions, and with at least 8 gigabytes of RAM.
That means even recent devices, such as Microsoft's Surface Pro 4, don't support the company's latest security standards. However, in an article earlier this week, BleepingComputer.com's Lawrence Abrams noted that buyers might not have to spend too much for compliant devices, adding that the $499 Asus ASUS P-Series P2540UA-AB51 appears to meet all the requirements.
"Unfortunately, many consumer based computers would not be 100% compliant with the . . . requirements, simply because many do not include a TPM module," Abrams said. That leaves two other alternatives: buy a device with an AMD Ryzen processor, "which includes a firmware based TPM implementation called fTPM," or buy an Intel-based system with a motherboard containing a TPM socket, then purchase a separate TPM to plug into the motherboard, he said.
New Enhancements for Enterprise Users
Enterprise users with compliant devices running the Windows 10 Fall Creators Update have multiple new resources to prevent and protect against threats, according to Rob Lefferts, partner director for Microsoft's Windows & Devices Group, Security & Enterprise. Those resources include the Windows AutoPilot cloud service for provisioning devices from original equipment manufacturing partners such as Lenovo, HP, Panasonic, Toshiba, and Fujitsu, he said.
Another enhanced feature, Windows Defender Advanced Threat Protection, provides a "'single pane of glass' view across the Windows preventative protection security stack," Lefferts wrote in a recent blog post. And Windows Defender Exploit Guard supports new Controlled Folder Access to allow only trusted applications to access protected folders and documents, he said.
More than one-third of global enterprises are now using Windows 10 and another 14 percent plan to deploy the OS over the coming year, according to a recent report from the analyst firm Forrester Inc. The level of security they gain with the updated OS, however, depends on a number of deployment factors, noted Forrester senior analyst Christopher Sherman.
"[W]hile Microsoft is making steps in the right direction, you may not be as protected as you think with just a simple Windows 10 upgrade," Sherman said last month. "The level of security Windows 10 provides depends on the choices you make related to your desired level of privacy, security add-ons, and supporting hardware."
Image credit: Microsoft. Windows 10 S laptops, pictured above, from left: HP Stream 14 Pro, Acer Aspire 1, Acer Swift 1 and Lenovo V330 (far right, front).