Windows 11 enables security by design from the chip to the cloud


  • Staff
Over the last year, PCs have kept us connected to family, friends, and enabled businesses to continue to run. This new hybrid work paradigm has got us thinking about how we will continue to deliver the best possible quality, experience, and security for the more than 1 billion people who use Windows. While we have adapted to working from home, it’s been rare to get through a day without reading an account of a new cybersecurity threat. Phishing, ransomware, supply chain, and IoT vulnerabilities—attackers are constantly developing new approaches to wreak digital havoc.

But as attacks have increased in scope and sophistication, so have we. Microsoft has a clear vision for how to help protect our customers now and in the future and we know our approach works.

Today, we are announcing Windows 11 to raise security baselines with new hardware security requirements built-in that will give our customers the confidence that they are even more protected from the chip to the cloud on certified devices. Windows 11 is redesigned for hybrid work and security with built-in hardware-based isolation, proven encryption, and our strongest protection against malware.

Security by design: Built-in and turned on

Security by design has long been a priority at Microsoft. What other companies invest more than $1 billion a year on security and employ more than 3,500 dedicated security professionals?

We’ve made significant strides in that journey to create chip-to-cloud Zero Trust out of the box. In 2019, we announced secured-core PCs that apply security best-practices to the firmware layer, or device core, that underpins Windows. These devices combine hardware, software, and OS protections to help provide end-to-end safeguards against sophisticated and emerging threats like those against hardware and firmware that are on the rise according to the National Institute of Standards and Technology as well as the Department of Homeland Security. Our Security Signals report found that 83 percent of businesses experienced a firmware attack, and only 29 percent are allocating resources to protect this critical layer.

With Windows 11, we’re making it easier for customers to get protection from these advanced attacks out of the box. All certified Windows 11 systems will come with a TPM 2.0 chip to help ensure customers benefit from security backed by a hardware root-of-trust.

The Trusted Platform Module (TPM) is a chip that is either integrated into your PC’s motherboard or added separately into the CPU. Its purpose is to help protect encryption keys, user credentials, and other sensitive data behind a hardware barrier so that malware and attackers can’t access or tamper with that data.

PCs of the future need this modern hardware root-of-trust to help protect from both common and sophisticated attacks like ransomware and more sophisticated attacks from nation-states. Requiring the TPM 2.0 elevates the standard for hardware security by requiring that built-in root-of-trust.

TPM 2.0 is a critical building block for providing security with Windows Hello and BitLocker to help customers better protect their identities and data. In addition, for many enterprise customers, TPMs help facilitate Zero Trust security by providing a secure element for attesting to the health of devices.

Windows 11 also has out of the box support for Azure-based Microsoft Azure Attestation (MAA) bringing hardware-based Zero Trust to the forefront of security, allowing customers to enforce Zero Trust policies when accessing sensitive resources in the cloud with supported mobile device managements (MDMs) like Intune or on-premises.
  • Raising the security baseline to meet the evolving threat landscape. This next generation of Windows will raise the security baseline by requiring more modern CPUs, with protections like virtualization-based security (VBS), hypervisor-protected code integrity (HVCI), and Secure Boot built-in and enabled by default to protect from both common malware, ransomware, and more sophisticated attacks. Windows 11 will also come with new security innovations like hardware-enforced stack protection for supported Intel and AMD hardware, helping to proactively protect our customers from zero-day exploits. Innovation like the Microsoft Pluton security processor, when used by the great partners in the Windows ecosystem, help raise the strength of the fundamentals at the heart of robust Zero Trust security.
  • Ditch passwords with Windows Hello to help keep your information protected. For enterprises, Windows Hello for Business supports simplified passwordless deployment models for achieving a deploy-to-run state within a few minutes. This includes granular control of authentication methods by IT admins while securing communication between cloud tools to better protect corporate data and identity. And for consumers, new Windows 11 devices will be passwordless by default from day one.
  • Security and productivity in one. All these components work together in the background to help keep users safe without sacrificing quality, performance, or experience. The new set of hardware security requirements that comes with this new release of Windows is designed to build a foundation that is even stronger and more resistant to attacks on certified devices. We know this approach works—secured-core PCs are twice as resistant to malware infection.
  • Comprehensive security and compliance. Out of the box support for Microsoft Azure Attestation enables Windows 11 to provide evidence of trust via attestation, which forms the basis of compliance policies organizations can depend upon to develop an understanding of their true security posture. These Azure Attestation-backed compliance policies validate both the identity, as well as the platform, and form the backbone for the Zero Trust and Conditional Access workflows for safeguarding corporate resources.
This next level of hardware security is compatible with upcoming Pluton-equipped systems and also any device using the TPM 2.0 security chip, including hundreds of devices available from Acer, Asus, Dell, HP, Lenovo, Panasonic, and many others.

Windows 11 is a smarter way for everyone to collaborate, share, and present—with the confidence of hardware-backed protections.

Learn more

For more information, check out the other features that come with Windows 11:
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.


Source: Windows 11 enables security by design from the chip to the cloud | Microsoft Security Blog
 

Attachments

  • windows_security_new.png
    windows_security_new.png
    5 KB · Views: 1
Last edited by a moderator:
Thank you! It's about time they put this out.....
 

My Computers

System One System Two

  • OS
    Windows 11 23H2 Current build
    Computer type
    PC/Desktop
    Manufacturer/Model
    HomeBrew
    CPU
    AMD Ryzen 9 3950X
    Motherboard
    MSI MEG X570 GODLIKE
    Memory
    4 * 32 GB - Corsair Vengeance 3600 MHz
    Graphics Card(s)
    EVGA GeForce RTX 3080 Ti XC3 ULTRA GAMING (12G-P5-3955-KR)
    Sound Card
    Realtek® ALC1220 Codec
    Monitor(s) Displays
    2x Eve Spectrum ES07D03 4K Gaming Monitor (Matte) | Eve Spectrum ES07DC9 4K Gaming Monitor (Glossy)
    Screen Resolution
    3x 3840 x 2160
    Hard Drives
    3x Samsung 980 Pro NVMe PCIe 4 M.2 2 TB SSD (MZ-V8P2T0B/AM) } 3x Sabrent Rocket NVMe 4.0 1 TB SSD (USB)
    PSU
    PC Power & Cooling’s Silencer Series 1050 Watt, 80 Plus Platinum
    Case
    Fractal Design Define 7 XL Dark ATX Full Tower Case
    Cooling
    NZXT KRAKEN Z73 73.11 CFM Liquid CPU Cooler (3x 120 mm push top) + Air 3x 140mm case fans (pull front) + 1x 120 mm (push back) and 1 x 120 mm (pull bottom)
    Keyboard
    SteelSeries Apex Pro Wired Gaming Keyboard
    Mouse
    Logitech MX Master 3S | MX Master 3 for Business
    Internet Speed
    AT&T LightSpeed Gigabit Duplex Ftth
    Browser
    Nightly (default) + Firefox (stable), Chrome, Edge
    Antivirus
    Defender + MB 5 Beta
  • Operating System
    ChromeOS Flex Dev Channel (current)
    Computer type
    Laptop
    Manufacturer/Model
    Dell Latitude E5470
    CPU
    Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz, 2501 Mhz, 2 Core(s), 4 Logical Processor(s)
    Motherboard
    Dell
    Memory
    16 GB
    Graphics card(s)
    Intel(R) HD Graphics 520
    Sound Card
    Intel(R) HD Graphics 520 + RealTek Audio
    Monitor(s) Displays
    Dell laptop display 15"
    Screen Resolution
    1920 * 1080
    Hard Drives
    Toshiba 128GB M.2 22300 drive
    INTEL Cherryville 520 Series SSDSC2CW180A 180 GB SATA III SSD
    PSU
    Dell
    Case
    Dell
    Cooling
    Dell
    Mouse
    Logitech MX Master 3S (shared w. Sys 1) | Dell TouchPad
    Keyboard
    Dell
    Internet Speed
    AT&T LightSpeed Gigabit Duplex Ftth
Lightbulb moment!

WFH (Work From Home) - that's driving the emphasis on security. Because people using personal machines at home for business related stuff has created a lot more havoc in the Enterprise than would normally have occurred.

And it explains the accelerated timeline for W11 versus trying to incorporate this into the next Win10 release.
 

My Computers

System One System Two

  • OS
    Windows 11 23H2 Current build
    Computer type
    PC/Desktop
    Manufacturer/Model
    HomeBrew
    CPU
    AMD Ryzen 9 3950X
    Motherboard
    MSI MEG X570 GODLIKE
    Memory
    4 * 32 GB - Corsair Vengeance 3600 MHz
    Graphics Card(s)
    EVGA GeForce RTX 3080 Ti XC3 ULTRA GAMING (12G-P5-3955-KR)
    Sound Card
    Realtek® ALC1220 Codec
    Monitor(s) Displays
    2x Eve Spectrum ES07D03 4K Gaming Monitor (Matte) | Eve Spectrum ES07DC9 4K Gaming Monitor (Glossy)
    Screen Resolution
    3x 3840 x 2160
    Hard Drives
    3x Samsung 980 Pro NVMe PCIe 4 M.2 2 TB SSD (MZ-V8P2T0B/AM) } 3x Sabrent Rocket NVMe 4.0 1 TB SSD (USB)
    PSU
    PC Power & Cooling’s Silencer Series 1050 Watt, 80 Plus Platinum
    Case
    Fractal Design Define 7 XL Dark ATX Full Tower Case
    Cooling
    NZXT KRAKEN Z73 73.11 CFM Liquid CPU Cooler (3x 120 mm push top) + Air 3x 140mm case fans (pull front) + 1x 120 mm (push back) and 1 x 120 mm (pull bottom)
    Keyboard
    SteelSeries Apex Pro Wired Gaming Keyboard
    Mouse
    Logitech MX Master 3S | MX Master 3 for Business
    Internet Speed
    AT&T LightSpeed Gigabit Duplex Ftth
    Browser
    Nightly (default) + Firefox (stable), Chrome, Edge
    Antivirus
    Defender + MB 5 Beta
  • Operating System
    ChromeOS Flex Dev Channel (current)
    Computer type
    Laptop
    Manufacturer/Model
    Dell Latitude E5470
    CPU
    Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz, 2501 Mhz, 2 Core(s), 4 Logical Processor(s)
    Motherboard
    Dell
    Memory
    16 GB
    Graphics card(s)
    Intel(R) HD Graphics 520
    Sound Card
    Intel(R) HD Graphics 520 + RealTek Audio
    Monitor(s) Displays
    Dell laptop display 15"
    Screen Resolution
    1920 * 1080
    Hard Drives
    Toshiba 128GB M.2 22300 drive
    INTEL Cherryville 520 Series SSDSC2CW180A 180 GB SATA III SSD
    PSU
    Dell
    Case
    Dell
    Cooling
    Dell
    Mouse
    Logitech MX Master 3S (shared w. Sys 1) | Dell TouchPad
    Keyboard
    Dell
    Internet Speed
    AT&T LightSpeed Gigabit Duplex Ftth
It is the thin end of the wedge when MS start insisting on hardware specs that are not actually essential.

All this bs about hardware security is nonsense when the biggest security risk is PEBCAK.

Making a big thing about something that probably has minimal impact on overal security just lulls people into a false sense of security.

I bet the majors did not protest much to MS as they hope to boost sagging sales.
 

My Computer

System One

  • OS
    Windows 10 Pro + others in VHDs
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Vivobook 14
    CPU
    I7
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    N/A
    Screen Resolution
    1920x1080
    Hard Drives
    1 TB Optane NVME SSD, 1 TB NVME SSD
    PSU
    Yep, got one
    Case
    Yep, got one
    Cooling
    Stella Artois
    Keyboard
    Built in
    Mouse
    Bluetooth , wired
    Internet Speed
    72 Mb/s :-(
    Browser
    Edge mostly
    Antivirus
    Defender
    Other Info
    TPM 2.0
It's precisely because of PEBKAC that they are doing this, IMO.
 

My Computers

System One System Two

  • OS
    Windows 11 23H2 Current build
    Computer type
    PC/Desktop
    Manufacturer/Model
    HomeBrew
    CPU
    AMD Ryzen 9 3950X
    Motherboard
    MSI MEG X570 GODLIKE
    Memory
    4 * 32 GB - Corsair Vengeance 3600 MHz
    Graphics Card(s)
    EVGA GeForce RTX 3080 Ti XC3 ULTRA GAMING (12G-P5-3955-KR)
    Sound Card
    Realtek® ALC1220 Codec
    Monitor(s) Displays
    2x Eve Spectrum ES07D03 4K Gaming Monitor (Matte) | Eve Spectrum ES07DC9 4K Gaming Monitor (Glossy)
    Screen Resolution
    3x 3840 x 2160
    Hard Drives
    3x Samsung 980 Pro NVMe PCIe 4 M.2 2 TB SSD (MZ-V8P2T0B/AM) } 3x Sabrent Rocket NVMe 4.0 1 TB SSD (USB)
    PSU
    PC Power & Cooling’s Silencer Series 1050 Watt, 80 Plus Platinum
    Case
    Fractal Design Define 7 XL Dark ATX Full Tower Case
    Cooling
    NZXT KRAKEN Z73 73.11 CFM Liquid CPU Cooler (3x 120 mm push top) + Air 3x 140mm case fans (pull front) + 1x 120 mm (push back) and 1 x 120 mm (pull bottom)
    Keyboard
    SteelSeries Apex Pro Wired Gaming Keyboard
    Mouse
    Logitech MX Master 3S | MX Master 3 for Business
    Internet Speed
    AT&T LightSpeed Gigabit Duplex Ftth
    Browser
    Nightly (default) + Firefox (stable), Chrome, Edge
    Antivirus
    Defender + MB 5 Beta
  • Operating System
    ChromeOS Flex Dev Channel (current)
    Computer type
    Laptop
    Manufacturer/Model
    Dell Latitude E5470
    CPU
    Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz, 2501 Mhz, 2 Core(s), 4 Logical Processor(s)
    Motherboard
    Dell
    Memory
    16 GB
    Graphics card(s)
    Intel(R) HD Graphics 520
    Sound Card
    Intel(R) HD Graphics 520 + RealTek Audio
    Monitor(s) Displays
    Dell laptop display 15"
    Screen Resolution
    1920 * 1080
    Hard Drives
    Toshiba 128GB M.2 22300 drive
    INTEL Cherryville 520 Series SSDSC2CW180A 180 GB SATA III SSD
    PSU
    Dell
    Case
    Dell
    Cooling
    Dell
    Mouse
    Logitech MX Master 3S (shared w. Sys 1) | Dell TouchPad
    Keyboard
    Dell
    Internet Speed
    AT&T LightSpeed Gigabit Duplex Ftth

My Computer

System One

  • OS
    Windows 10 Pro + others in VHDs
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Vivobook 14
    CPU
    I7
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    N/A
    Screen Resolution
    1920x1080
    Hard Drives
    1 TB Optane NVME SSD, 1 TB NVME SSD
    PSU
    Yep, got one
    Case
    Yep, got one
    Cooling
    Stella Artois
    Keyboard
    Built in
    Mouse
    Bluetooth , wired
    Internet Speed
    72 Mb/s :-(
    Browser
    Edge mostly
    Antivirus
    Defender
    Other Info
    TPM 2.0
How does it get used by the Windows 11 kernel, is probably a better question to ask.

Here's a much more detailed look at what they want - with a little bit of why they want it.


In addition, there is this post from Z3r010 Windows 11 enables security by design from the chip to the cloud also available from this blog Windows 11 enables security by design from the chip to the cloud | Microsoft Security Blog
 

My Computers

System One System Two

  • OS
    Windows 11 23H2 Current build
    Computer type
    PC/Desktop
    Manufacturer/Model
    HomeBrew
    CPU
    AMD Ryzen 9 3950X
    Motherboard
    MSI MEG X570 GODLIKE
    Memory
    4 * 32 GB - Corsair Vengeance 3600 MHz
    Graphics Card(s)
    EVGA GeForce RTX 3080 Ti XC3 ULTRA GAMING (12G-P5-3955-KR)
    Sound Card
    Realtek® ALC1220 Codec
    Monitor(s) Displays
    2x Eve Spectrum ES07D03 4K Gaming Monitor (Matte) | Eve Spectrum ES07DC9 4K Gaming Monitor (Glossy)
    Screen Resolution
    3x 3840 x 2160
    Hard Drives
    3x Samsung 980 Pro NVMe PCIe 4 M.2 2 TB SSD (MZ-V8P2T0B/AM) } 3x Sabrent Rocket NVMe 4.0 1 TB SSD (USB)
    PSU
    PC Power & Cooling’s Silencer Series 1050 Watt, 80 Plus Platinum
    Case
    Fractal Design Define 7 XL Dark ATX Full Tower Case
    Cooling
    NZXT KRAKEN Z73 73.11 CFM Liquid CPU Cooler (3x 120 mm push top) + Air 3x 140mm case fans (pull front) + 1x 120 mm (push back) and 1 x 120 mm (pull bottom)
    Keyboard
    SteelSeries Apex Pro Wired Gaming Keyboard
    Mouse
    Logitech MX Master 3S | MX Master 3 for Business
    Internet Speed
    AT&T LightSpeed Gigabit Duplex Ftth
    Browser
    Nightly (default) + Firefox (stable), Chrome, Edge
    Antivirus
    Defender + MB 5 Beta
  • Operating System
    ChromeOS Flex Dev Channel (current)
    Computer type
    Laptop
    Manufacturer/Model
    Dell Latitude E5470
    CPU
    Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz, 2501 Mhz, 2 Core(s), 4 Logical Processor(s)
    Motherboard
    Dell
    Memory
    16 GB
    Graphics card(s)
    Intel(R) HD Graphics 520
    Sound Card
    Intel(R) HD Graphics 520 + RealTek Audio
    Monitor(s) Displays
    Dell laptop display 15"
    Screen Resolution
    1920 * 1080
    Hard Drives
    Toshiba 128GB M.2 22300 drive
    INTEL Cherryville 520 Series SSDSC2CW180A 180 GB SATA III SSD
    PSU
    Dell
    Case
    Dell
    Cooling
    Dell
    Mouse
    Logitech MX Master 3S (shared w. Sys 1) | Dell TouchPad
    Keyboard
    Dell
    Internet Speed
    AT&T LightSpeed Gigabit Duplex Ftth
I have mixed feelings about this. I believe that the best cloud security is simply no cloud. Don't get me wrong, I do use Dropbox from time to time, especially when I need to share some files with colleagues at work, but I absolutely refuse to engage in any kind of cloud integration that is turned on 24/7. Similarly, I do use Teams when required, but they are off when I'm not using them.

Next step in security - I turn my computer off when it's not in use. Barring someone actually breaks into my house and removes the hard drive - which no software can prevent - this is fully secure.

Given that the machine is at home, there is no point in using a password other than to prevent kids from messing things up. What would really be useful, is some sort of a lock on settings, desktop setup, icons, shortcuts, etc. - all those things that kids can damage beyond repair by pressing a few buttons while running a car across the desk. Consequently, I'm not going to use Hello or any biometrics - it's too complicated and serves no purpose.

The best way to protect your identity is not to feed the machine with sensitive data. Yes, some of that is unavoidable, after all you need to store all of those receipts, statements, and bills somewhere. However, these are typically pdf files. I don't know if any search program can search within pdfs, especially those that are not OCRed. If you are really worried, you can put them all on a separate drive which you can keep turned off unless you are actively using this data (by turned off I mean physically turned off with a button, something that no software can reverse). However, apart from that, I don't see why would I even enter my name into Windows, let alone credit card numbers and what not. Of course, sometimes you need to enter your name - say to identify yourself in Zoom or Teams. What would be very useful, security-wise, if that data would be limited to that one program, perhaps similarly to how Android deals with that.

I do realize that the way I use my PC may not be very common. But for me personally, none of these fancy solutions will be a gamechanger. The issues they are addressing are not very important to me. I'm using a rather recent motherboard and processor, so I'm not worried about compatibility. I'm also not worried about being the first one to try Windows 11. Once the timeline for Windows 11 will be announced, I will build another SSD into my machine and play with Windows 11 on it, but I won't make a jump to it on my "production machine" until later.
 

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop
    CPU
    i5-10600K
    Motherboard
    Asus Rog Strix Z490-A Gaming
    Memory
    16 GB
    Graphics Card(s)
    GeForce GTX 1650
    Monitor(s) Displays
    Samsung U32J59x 32" 4K
    Screen Resolution
    3840x2160
Wonder if there will still be Home and Pro ? It makes more sense to divide between business and private use.
 

My Computer

System One

  • OS
    W10 and Insider Dev.+ Linux Mint
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home brewed
    CPU
    AMD Ryzen 9 7900x
    Motherboard
    ASROCK b650 PRO RS
    Memory
    2x8GB Kingston 6000MHz, Cl 32 @ 6200MHz Cl30
    Graphics Card(s)
    Gigabyte Rx 6600XT Gaming OC 8G Pro
    Sound Card
    MB, Realtek Ac1220p
    Monitor(s) Displays
    3 x 27"
    Screen Resolution
    1080p
    Hard Drives
    Kingston KC3000. 1TBSamsung 970 evo Plus 500GB, Crucial P1 NVMe 1TB, Lexar NVMe 2 TB, Silicon Power M.2 SATA 500GB
    PSU
    Seasonic 750W
    Case
    Custom Raidmax
    Cooling
    Arctic Liquid Freezer III 360mm
    Internet Speed
    20/19 mbps

My Computers

System One System Two

  • OS
    Windows 11 Workstation
    Computer type
    PC/Desktop
    Manufacturer/Model
    doofenshmirtz evil incorporated
    CPU
    Ryzen 9 5950X
    Motherboard
    Asus ROG Crosshair VIII Formula
    Memory
    Corsair Vengeance RGB PRO Black 64GB (4x16GB) 3600MHz AMD Ryzen Tuned DDR4
    Graphics Card(s)
    ASUS AMD Radeon RX 6900 XT 16GB ROG Strix LC OC
    Sound Card
    Sound BlasterX Katana
    Monitor(s) Displays
    3 x27" Dell U2724D & 1 x 34" Dell U3415W
    Hard Drives
    Samsung 980 Pro 1TB M.2 2280 PCI-e 4.0 x4 NVMe Solid State
    Drive
    PSU
    ASUS ROG THOR 850W 80 Plus Platinum
    Case
    ASUS ROG Strix Helios Midi-Tower ARGB Gaming Case
    Cooling
    ASUS ROG Strix LC Performance RGB AIO CPU Liquid Cooler - 360mm
    Keyboard
    Logi Ergo
    Mouse
    Logitech MX Master 3
    Internet Speed
    900/100 Mbps
    Browser
    Chrome
    Antivirus
    Windows Defender, Malwarebytes Pro
    Other Info
    HP M281 Printer
    Logitech Brio Stream webcam
    Yeti X mic
  • Operating System
    Windows 10
    Computer type
    Laptop
    Manufacturer/Model
    Surface Laptop
    CPU
    i7
Wonder if there will still be Home and Pro ? It makes more sense to divide between business and private use.
Personally, I don't do that. I prefer to have tools that I might not use than no tools at all. I never used Home versions and I see no reason to do that in the future.
 

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop
    CPU
    i5-10600K
    Motherboard
    Asus Rog Strix Z490-A Gaming
    Memory
    16 GB
    Graphics Card(s)
    GeForce GTX 1650
    Monitor(s) Displays
    Samsung U32J59x 32" 4K
    Screen Resolution
    3840x2160
I have mixed feelings about this. I believe that the best cloud security is simply no cloud. Don't get me wrong, I do use Dropbox from time to time, especially when I need to share some files with colleagues at work, but I absolutely refuse to engage in any kind of cloud integration that is turned on 24/7. Similarly, I do use Teams when required, but they are off when I'm not using them.

Next step in security - I turn my computer off when it's not in use. Barring someone actually breaks into my house and removes the hard drive - which no software can prevent - this is fully secure.

Given that the machine is at home, there is no point in using a password other than to prevent kids from messing things up. What would really be useful, is some sort of a lock on settings, desktop setup, icons, shortcuts, etc. - all those things that kids can damage beyond repair by pressing a few buttons while running a car across the desk. Consequently, I'm not going to use Hello or any biometrics - it's too complicated and serves no purpose.

The best way to protect your identity is not to feed the machine with sensitive data. Yes, some of that is unavoidable, after all you need to store all of those receipts, statements, and bills somewhere. However, these are typically pdf files. I don't know if any search program can search within pdfs, especially those that are not OCRed. If you are really worried, you can put them all on a separate drive which you can keep turned off unless you are actively using this data (by turned off I mean physically turned off with a button, something that no software can reverse). However, apart from that, I don't see why would I even enter my name into Windows, let alone credit card numbers and what not. Of course, sometimes you need to enter your name - say to identify yourself in Zoom or Teams. What would be very useful, security-wise, if that data would be limited to that one program, perhaps similarly to how Android deals with that.

I do realize that the way I use my PC may not be very common. But for me personally, none of these fancy solutions will be a gamechanger. The issues they are addressing are not very important to me. I'm using a rather recent motherboard and processor, so I'm not worried about compatibility. I'm also not worried about being the first one to try Windows 11. Once the timeline for Windows 11 will be announced, I will build another SSD into my machine and play with Windows 11 on it, but I won't make a jump to it on my "production machine" until later.

Make sure you have WoL turned off too. Or else it is disconnected from power.
 

My Computers

System One System Two

  • OS
    Windows 11 23H2 Current build
    Computer type
    PC/Desktop
    Manufacturer/Model
    HomeBrew
    CPU
    AMD Ryzen 9 3950X
    Motherboard
    MSI MEG X570 GODLIKE
    Memory
    4 * 32 GB - Corsair Vengeance 3600 MHz
    Graphics Card(s)
    EVGA GeForce RTX 3080 Ti XC3 ULTRA GAMING (12G-P5-3955-KR)
    Sound Card
    Realtek® ALC1220 Codec
    Monitor(s) Displays
    2x Eve Spectrum ES07D03 4K Gaming Monitor (Matte) | Eve Spectrum ES07DC9 4K Gaming Monitor (Glossy)
    Screen Resolution
    3x 3840 x 2160
    Hard Drives
    3x Samsung 980 Pro NVMe PCIe 4 M.2 2 TB SSD (MZ-V8P2T0B/AM) } 3x Sabrent Rocket NVMe 4.0 1 TB SSD (USB)
    PSU
    PC Power & Cooling’s Silencer Series 1050 Watt, 80 Plus Platinum
    Case
    Fractal Design Define 7 XL Dark ATX Full Tower Case
    Cooling
    NZXT KRAKEN Z73 73.11 CFM Liquid CPU Cooler (3x 120 mm push top) + Air 3x 140mm case fans (pull front) + 1x 120 mm (push back) and 1 x 120 mm (pull bottom)
    Keyboard
    SteelSeries Apex Pro Wired Gaming Keyboard
    Mouse
    Logitech MX Master 3S | MX Master 3 for Business
    Internet Speed
    AT&T LightSpeed Gigabit Duplex Ftth
    Browser
    Nightly (default) + Firefox (stable), Chrome, Edge
    Antivirus
    Defender + MB 5 Beta
  • Operating System
    ChromeOS Flex Dev Channel (current)
    Computer type
    Laptop
    Manufacturer/Model
    Dell Latitude E5470
    CPU
    Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz, 2501 Mhz, 2 Core(s), 4 Logical Processor(s)
    Motherboard
    Dell
    Memory
    16 GB
    Graphics card(s)
    Intel(R) HD Graphics 520
    Sound Card
    Intel(R) HD Graphics 520 + RealTek Audio
    Monitor(s) Displays
    Dell laptop display 15"
    Screen Resolution
    1920 * 1080
    Hard Drives
    Toshiba 128GB M.2 22300 drive
    INTEL Cherryville 520 Series SSDSC2CW180A 180 GB SATA III SSD
    PSU
    Dell
    Case
    Dell
    Cooling
    Dell
    Mouse
    Logitech MX Master 3S (shared w. Sys 1) | Dell TouchPad
    Keyboard
    Dell
    Internet Speed
    AT&T LightSpeed Gigabit Duplex Ftth
What's WoL? And yes, when I say the PC is turned off I do mean unplugged (why waste electricity, even if it's not much?).
 

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop
    CPU
    i5-10600K
    Motherboard
    Asus Rog Strix Z490-A Gaming
    Memory
    16 GB
    Graphics Card(s)
    GeForce GTX 1650
    Monitor(s) Displays
    Samsung U32J59x 32" 4K
    Screen Resolution
    3840x2160
Quote.
The Trusted Platform Module (TPM) is a chip that is either integrated into your PC’s motherboard or added separately into the CPU. Its purpose is to help protect encryption keys, user credentials, and other sensitive data behind a hardware barrier so that malware and attackers can’t access or tamper with that data.

I think the above statement is the usual Microsoft bullshit....they are in cahoots with hardware and computer manufacturers in order to sell more installations of Windows 11 .

My Surface Pro 4 cannot Update to W11 even with TPM 2.0 and Secure Boot so why the need for a later version CPU.?

Most of the Insider flights during the last few months has been done developing W11 on existing hardware by our members.
 

My Computers

System One System Two

  • OS
    W11 Pro 22H2 Insider Preview
    Computer type
    Laptop
    Manufacturer/Model
    Microsoft Surface Go
    CPU
    Intel core i5 - 12400
    Memory
    7GB
  • Operating System
    W11 PRO 22H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Vostro
    CPU
    Intel i5 - 12400
I don't buy those "cahoots" theories, at least not for now. HW manufacturers are hard pressed to produce enough quality products, all kinds of chips are in state of short supply and that's manufacturers' favorite way to keep prices up without as much of investments.
 

My Computer

System One

  • OS
    W10 and Insider Dev.+ Linux Mint
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home brewed
    CPU
    AMD Ryzen 9 7900x
    Motherboard
    ASROCK b650 PRO RS
    Memory
    2x8GB Kingston 6000MHz, Cl 32 @ 6200MHz Cl30
    Graphics Card(s)
    Gigabyte Rx 6600XT Gaming OC 8G Pro
    Sound Card
    MB, Realtek Ac1220p
    Monitor(s) Displays
    3 x 27"
    Screen Resolution
    1080p
    Hard Drives
    Kingston KC3000. 1TBSamsung 970 evo Plus 500GB, Crucial P1 NVMe 1TB, Lexar NVMe 2 TB, Silicon Power M.2 SATA 500GB
    PSU
    Seasonic 750W
    Case
    Custom Raidmax
    Cooling
    Arctic Liquid Freezer III 360mm
    Internet Speed
    20/19 mbps
Well, they do exist to make profit, which would seem to require growing sales. I doubt they are in business of providing free services to owners of old hardware (no idea about Surface Pro, but basically, once you bought a piece of hardware in a store, it's automatically old).
 

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop
    CPU
    i5-10600K
    Motherboard
    Asus Rog Strix Z490-A Gaming
    Memory
    16 GB
    Graphics Card(s)
    GeForce GTX 1650
    Monitor(s) Displays
    Samsung U32J59x 32" 4K
    Screen Resolution
    3840x2160
I don't buy those "cahoots" theories, at least not for now. HW manufacturers are hard pressed to produce enough quality products, all kinds of chips are in state of short supply and that's manufacturers' favorite way to keep prices up without as much of investments.

What theory do you buy then? That somehow Windows 11 will need some certain CPU instruction that only exists in 8xxx series and up to function? No, this CPU limitation is artificial, it serves no real purpose other than a push to upgrade. Apple had been doing such things for years, we know the drill.
 

My Computer

System One

  • OS
    Windows 10 Pro
Since when was Windows free to the larger community before?

They did that with Win 10 as 10 is not the holy grail and they wanted to get people using it and off Win m7/8/8.1 (none I liked) and pirated copies and even skipped Win 9 to try get people to forget.

They could still charge you to upgrade even on same hardware if they choose but they make most of their money or did from Office but now Cloud etc.
 

My Computer

System One

  • OS
    Windows 10
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self Built
    CPU
    Intel i7-4790k @ 5GHZ
    Motherboard
    Asus Maximus VI Extreme
    Memory
    32GB Corsair Dominator Platinum 2400Mhz @ 10-12-11-27-1T
    Graphics Card(s)
    Nvidia RTX 3090FE @ Core 2200 MHZ / Memory 21 GHZ
    Sound Card
    Creative SoundBlaster ZxR
    Monitor(s) Displays
    LG 32GN600 (G-Sync Comp)
    Screen Resolution
    1440p
    Hard Drives
    C: Primary SSD > Samsung 860 PRO 512GB
    G: Gaming SSD > Samsung 860 PRO 1TB
    S: Storage SSD > Samsung 860 EVO 4TB x2 (Windows Storage Spaces = 8TB)
    X: Ext Backup > IcyBox+WD Red 4TB x4 (Raid 10)
    PSU
    Corsair AX1600i
    Case
    NZXT Phantom 630 (Black)
    Cooling
    Noctua NH-D15S Chromax Black
    Keyboard
    Logitech G613
    Mouse
    Logitech G903 LS (Hero)+PowerPlay Wireless Charge Pad
    Internet Speed
    VM 1Gb/s
    Browser
    Edge
    Antivirus
    Eset
Well, they do exist to make profit, which would seem to require growing sales. I doubt they are in business of providing free services to owners of old hardware (no idea about Surface Pro, but basically, once you bought a piece of hardware in a store, it's automatically old).
That's the case with all high tech. Planned obsolescence in conjunction with time needed for new product development. Plus there was always some flood, fire, earthquake or pandemic to use as an excuse.
 

My Computer

System One

  • OS
    W10 and Insider Dev.+ Linux Mint
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home brewed
    CPU
    AMD Ryzen 9 7900x
    Motherboard
    ASROCK b650 PRO RS
    Memory
    2x8GB Kingston 6000MHz, Cl 32 @ 6200MHz Cl30
    Graphics Card(s)
    Gigabyte Rx 6600XT Gaming OC 8G Pro
    Sound Card
    MB, Realtek Ac1220p
    Monitor(s) Displays
    3 x 27"
    Screen Resolution
    1080p
    Hard Drives
    Kingston KC3000. 1TBSamsung 970 evo Plus 500GB, Crucial P1 NVMe 1TB, Lexar NVMe 2 TB, Silicon Power M.2 SATA 500GB
    PSU
    Seasonic 750W
    Case
    Custom Raidmax
    Cooling
    Arctic Liquid Freezer III 360mm
    Internet Speed
    20/19 mbps

Latest Support Threads

Back
Top Bottom