by | | 0 comment(s)

Microsoft Windows 10 and the era of security customization


Secure Windows 10 laptops

Whether you have just bought a brand new laptop, or are still plugging away with that 10+ years old beige tower with the Windows XP sticker on the back, Microsoft Windows 10’s hardware requirements are among the most lax ever, compared to any previous version of Windows. As long as your PC has a 1GHz CPU, 2GB of RAM, a 20GB hard drive, and the ability to handle DirectX 9 graphics at a minimum resolution of 800x600 pixels, Windows 10 will run, more or less, smoothly, and comparatively better than Windows XP or Vista.

Running better, however, does not equate to running more safely, as decent a job as Windows Defender does in keeping common threats at bay, there are a few caveats that one must consider when running Windows 10 on older hardware, and many of the latest security features that are common on new laptops and tablets, may not be available on older PCs.

Credential Guard

Enterprise customers and government agencies require the ability to secure login information that belong to different types of users on a network and locally. Credential Guard does that, aided by a series of CPU extensions that keep passwords and other security information safely stored away into a virtual container separate from the operating system itself. For this feature to work, a series of hardware requirements need to be met, including TPM (not required but recommended), Virtualization extensions (Hyper-V), SLAT, UEFI 2.3.1, and a 64-bit CPU.

Device Guard

This feature has been in the works long before it got its name, and finally announced in April of last year. Device Guard enables PCs to block any app and software program that does not come from a trusted source. Sources can be customized to allow certain applications to operate, for instance when developers want to test brand new programs and security certificates.

For Device Guard to work, your PC should have TPM, an I/O Memory Management Unit, Hyper-V support, SLAT, UEFI 2.3.1 and a 64-bit CPU.

BitLocker

BitLocker was first introduced with certain editions of Windows Vista as far back as 2007. Since then, BitLocker has improved dramatically to a point where home and enterprise users can enjoy the same level of encryption. The only difference between Pro / business users and home users is that when using BitLocker as a home user you can only encrypt the entire hard drive as a whole unit, while Pro and business users can select which files and folders they want to encrypt.

BitLocker requires no specialize hardware at all, but having TPM can make things a little safer.

Configurable Code Integrity

This feature is, much like BitLocker, has no mandatory hardware requirements, and it’s more relevant to developers than consumers, as it presents an alternative to older ways to sign applications for Windows 10 to recognize as trusted programs. The only recommendations are a 64 bit CPU, and UEFI 2.3.1.

Windows Hello

Windows Hello is Microsoft Windows 10 biometric security guard. Windows Hello’s fallback is the use of a PIN, if no other hardware is available, and the use of TPM is recommended. Other than that, it will work with many types of fingerprint readers, and face-recognition cameras.

The best cameras for the job would be Intel RealSense 3D cameras, as they are capable of scanning a face in 3D, to determine if the face used to unlock Windows 10 is real, a photograph, a mask, or even an identical twin sibling.

UEFI Secure Boot

The Unified Extensible Firmware Interface, UEFI for short, is a feature that allows to restrict unauthorized operating systems from installing on a PC. UEFI Secure Boot replaces the default boot loader, and prevents malicious bootloaders to install and take control of a PC.

For instance, many types of ransomware replace the default boot loader of a PC with their own, thus taking control of a computer beyond the capability and experience of any regular computer user. Once that happens, there is no sense trying to reinstall an operating system, or even format a hard drive, because the boot loader itself is irreparably compromised.

For Secure Boot to work, there are not hardware requirements, but TPM is strongly recommended.


Ready to shop?

PortableOne has the best deals on Windows 10 Pro laptops, featuring the latest hardware-based security features, and full BitLocker encryption to protect your files from prying eyes.


You must be logged in to post comments.