Microsoft is making a lot of promises with Windows 10.
So far, a lot of those promises center around the idea that “It’s not Windows 8.” Earlier this week, Microsoft released a blog post explaining how Windows 10 will raise the security bar in an effort to combat cybercrime.
That blog post was titled “Windows 10: Continuing to Raise the Security Bar for Cybercriminals.”
In that blog post, Microsoft explained three key areas where Windows 10 was going to substantially improve its security game. Those three areas include:
1) “Identity protection and access control” might mean the end of all passwords
Microsoft knows that weak passwords are one of the primary ways in which systems get compromised. So Microsoft might get rid of passwords altogether.
Seriously! Microsoft plans to make two-factor authentication a critical element in Windows 10. Users who enable two step verification (“2SV”) will require possession of a specific physical device – like a PC or phone.
In Windows 10, a physical device will be the first of two factors required for authentication. The second factor “can be a PIN or biometric gesture.”
In other words, you’ll be able to gain access to your PC without ever entering a password. All you’ll need is your phone and a procedurally-activated PIN or “biometric gesture” – whatever that may be.
2) Automatic encryption of certain data
Windows will automatically encrypt certain sensitive data from the moment it arrives on the device. This is designed particularly for corporate users, as Windows 10 will automatically detect corporate data and encrypt that data from start to finish.
Windows 10 is calling this system “Data Loss Prevention” and it will be directly “integrated into the platform itself enabling protection without disruption.” It’s been a part of Microsoft Exchange since 2013, but will now be an integrated part of the main Windows 10 OS.
Once you get past all the corporate lingo, you get this: Windows 10 will automatically encrypt corporate apps, data, email, website content, and other sensitive information. Windows 10 knows this information is corporate because it comes from corporate network locations. This system will also protect data after it leaves your computer.
3) Only allow trusted apps and programs
Windows 10 will have one final major security feature: the ability to only allow trusted apps. Trusted apps will be individually signed by Microsoft to be run on specially configured devices.” In other words, you can lock down computers on a corporate network to only run apps like Chrome, Microsoft Word, and Excel.
Organizations will be able to choose which apps are trustworthy. Apps will be separated into different certification categories, including:
-Apps signed by themselves
-Specially signed apps from ISPs
-Windows Store apps
-All of the above
You can choose to only one, multiple, or all of the above app categories.
Will it really work?
Microsoft’s new security protocols all sound like good news. But will it really work in practice? Some early criticisms include:
-Microsoft is taking corporate data protection seriously, but what about personal data protection?
-What happens if users forget their PIN or lose their smartphone and suddenly can’t access their system?
-Microsoft’s certificate verification system has been infiltrated in the past, causing malware to appear like legitimate software programs. Is Microsoft taking further steps to avoid these problems?
We’ll have to wait to find out the answer to all those questions.