Today is the day that Windows 10 becomes available to users around the world.
The new (and some old-but-new again) features are already known to the public: the Start button is back, Microsoft’s virtual assistant Cortana is available to help users with their everyday needs, a new default browser (Edge) aims to supplant Internet Explorer (alas, it still doesn’t support extensions).
Other new features and changes are more known to security professionals:
- Non-stop updating and patching for home users (can be temporarily blocked by installing and using the “Show or hide updates” troubleshooter package
- Advanced Threat Analytics (ATA) that will help IT pros detect suspicious user and device activity within the enterprise network
- The Antimalware Scan Interface (AMSI) that will allow application and service developers to integrate their products with any antimalware product present on a machine
- Windows Hello – password-free authentication (logging in with your face and fingerprint)
- The on-by-default Wi-Fi sharing feature, whose security implication have been hotly debated since it has been revealed, and which can luckily be disabled
- Additional security features for the enterprise version.
“The release of Windows 10 brings a number of security upgrades that look good on paper, but as with all new products to market, it is advisable that organisations carefully plan any upgrades. Thorough testing of all applications and use cases will help mitigate compatibility issues and allow time for the inevitable bugs to be fixed, therefore reducing the risk to the organisation,” commented Matthew Aldridge, Solutions Architect at Webroot.
“The Identity Protection and Access Control feature is likely to make a big difference to all users as it brings two-factor authentication to the masses. This update means that attackers would need access to a user’s device as well as the user’s password or even fingerprint to achieve successful authentication.”
“Microsoft has clearly considered the rise in BYOD by introducing the Data Loss Prevention (DLP) feature. Through enabling the containerisation of applications and encryption of corporate data as soon as it arrives on the device, it is far harder for sensitive company information to fall into the wrong hands, whether this is by accident or through a targeted attack. Application-specific VPN connectivity is also a huge step forward in reducing risk exposure on compromised devices,” he added.
“Although the capability of whitelisting applications has existed in Windows for many years, Microsoft is finally embracing this and are giving IT administrators the tools they need to achieve a real-world corporate application whitelisting deployment. This single step could almost eradicate the risk of infection through standalone malware executables, leaving only highly advanced attack vectors remaining for exploitation.”
“As well as general fixes and improvements, Windows 10 has added better support for multifactor authentication such as biometrics, improved file level encryption to protect personal or corporate data, and improved trusted applications to control where users can install applications from. These are welcome improvements and, while corporate users stand to gain the most, home users will also benefit,” says Steven Allen, Senior Security Consultant at Capgemini.
“Perhaps the most significant security improvement is Microsoft replacing Internet Explorer with a new browser, Edge – this is good news for the user community as IE has unfortunately been quite buggy and a target for exploitation by for criminals to attack users as they shop or bank online.”
“Having a consistent operating system across multiple devices (PCs and mobiles) combined with the Microsoft’s change to patch updating, should make it easier to deploy and manage applications which is always good for security. Perhaps these less publicised changes will have the greatest long-term benefits; particularly for the enterprise. Of course, upgrading Windows in the enterprise as well as at home can be less than simple but maybe in this case there is such a thing as a free lunch?” he concluded.