{"id":18990,"date":"2022-05-09T08:30:16","date_gmt":"2022-05-09T16:30:16","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2022\/05\/09\/news-12723\/"},"modified":"2022-05-09T08:30:16","modified_gmt":"2022-05-09T16:30:16","slug":"news-12723","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2022\/05\/09\/news-12723\/","title":{"rendered":"Just what does Windows 11 bring to the table?"},"content":{"rendered":"

<\/p>\n

Credit to Author: Susan Bradley| Date: Mon, 09 May 2022 07:43:00 -0700<\/strong><\/p>\n

The other day, my Dad \u2014 my bellwether for technology \u2014 mentioned in passing that he\u2019d read online that Windows 11 shouldn\u2019t be used and that the operating system wasn\u2019t being adopted.<\/p>\n

Dad had a point. He\u2019s more of an Apple user now \u2014 I have him on my phone plan to support his tech needs, he uses an iPhone and has an iPad. As his needs have changed, his reliance on Windows devices has decreased. In fact, his current Windows needs involve applications not on the Apple platform. (And because he\u2019s a standalone user, not a domain user, many of the advances in Windows 11 having to do with authentication won\u2019t be available to him.)<\/p>\n

“Computerworld” recently noted that the uptake for Windows 11 was moving slowly, with it running on just 1.44% of all systems<\/a>. \u00a0This is similar to what I see at home and in my office.\u00a0 At home I have a single computer, a Surface Pro 7, that can run Windows 11. At the office, I only have two computers that support Windows 11.<\/p>\n

A lot of users actually can\u2019t<\/em> run Windows 11. If that\u2019s you, and you\u2019re interested about why you can\u2019t run Windows 11, you can download the Bytejeans<\/a> tool to find out exactly why. This laptop I use, for example, has a Trusted Platform Module that will support Windows 11. But it doesn\u2019t have Virtualization Based Security (VBS) support in its processor.<\/p>\n

Windows 11 ensures that VBS is enabled by default to support Hypervisor-Enforced Code Integrity. While you could argue that in a standalone workstation this protection may not be needed, in the enterprise you\u2019ll want to ensure it is enabled. (This is not a new technology<\/a>, but the mandate is new.)<\/p>\n

VBS is needed for Windows Defender Credential Guard<\/a>, which protects domain credentials in a network. As noted<\/a>: \u201cCredential Guard is a virtualization-based isolation technology for LSASS which prevents attackers from stealing credentials that could be used for pass the hash attacks. \u2026After compromising a system, attackers often attempt to extract any stored credentials for further lateral movement through the network. A prime target is the LSASS process, which stores NTLM and Kerberos credentials. Credential Guard prevents attackers from dumping credentials stored in LSASS by running LSASS in a virtualized container that even a user with SYSTEM privileges cannot access. \u2026The system then creates a proxy process called LSAIso (LSA Isolated) for communication with the virtualized LSASS process.\u201d<\/p>\n

While this is already working in Windows 10, Windows 11 builds on this protection. Sounds great for businesses, right? But there\u2019s one problem: many users won\u2019t be properly licensed for most of Windows 11\u2019s security goodness.\u00a0 Case in point is Windows Defender Credential Guard \u2014 you need an Enterprise license<\/a> to use it. So while it provides a great deal of protection<\/a> for your user or login secrets, it\u2019s not available for many users. In future versions of Windows 11, Credential Guard<\/a> will be enabled by default, but again, only for enterprise customers.<\/p>\n

Another new technology I\u2019m excited about is Smart Application Control, though I have some concerns about it. Smart app control, as Microsoft explains it, \u201cprevents users from running malicious applications on Windows devices that default blocks untrusted or unsigned applications. Smart App Control goes beyond previous built-in browser protections and is woven directly into the core of the OS at the process level. Using code signing along with AI, our new Smart App Control only allows processes to run that are predicted to be safe based on either code certificates or an AI model for application trust within the Microsoft cloud.<\/p>\n

\u201cModel inference occurs 24 hours a day on the latest threat intelligence that provides trillions of signals. When a new application is run on Windows 11, its core signing and core features are checked against this model, ensuring only known safe applications are allowed to run. This means Windows 11 users can be confident they\u202fare using only safe and reliable applications on their\u202fnew\u202fWindows devices. Smart App Control will ship on new devices with Windows 11 installed. Devices running previous versions of Windows 11 will have to be reset and have a clean installation of Windows 11 to take advantage of this feature.\u201d<\/p>\n

I still install software on a regular basis that is unsigned. So I know ahead of time that Smart Application Control will not work for me either in the office or at home because I can\u2019t run software using a \u201cwhitelist\u201d approach. I\u2019m also unsure of what licensing will be needed. Will it be available to all? Will it be an Enterprise-only feature?<\/p>\n

Bottom line: Windows 11 will be great for enterprises if you have the right licensing to take advantage of these features. But I\u2019m not convinced it gives you a great advantage at home. If you\u2019re concerned that your older hardware can\u2019t run Windows 11, don\u2019t be. Windows 11 is just the next version of Windows and really doesn\u2019t bring much in the way of security advantages for a typical user. That\u2019s why my Dad will continue to use Windows 10 for now and not worry about Windows 11.<\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Susan Bradley| Date: Mon, 09 May 2022 07:43:00 -0700<\/strong><\/p>\n

\n
\n

The other day, my Dad \u2014 my bellwether for technology \u2014 mentioned in passing that he\u2019d read online that Windows 11 shouldn\u2019t be used and that the operating system wasn\u2019t being adopted.<\/p>\n

Dad had a point. He\u2019s more of an Apple user now \u2014 I have him on my phone plan to support his tech needs, he uses an iPhone and has an iPad. As his needs have changed, his reliance on Windows devices has decreased. In fact, his current Windows needs involve applications not on the Apple platform. (And because he\u2019s a standalone user, not a domain user, many of the advances in Windows 11 having to do with authentication won\u2019t be available to him.)<\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[714,10761,24583],"class_list":["post-18990","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-security","tag-windows-10","tag-windows-11"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18990","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=18990"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18990\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=18990"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=18990"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=18990"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}