Windows 10 Security Enhancements
As part of the ongoing effort to make computing safer, Windows 8 introduced major new security features, Windows 8.1 added still more improvements, and Windows 10 ups the ante yet again. The most significant new Windows 10 security feature involves a major improvement in authentication, based on biometric factors.
On Windows 10 devices that include the appropriate hardware, two new features will significantly ease the process of authenticating to the device and to online services:
Windows 10 also leverages security features found in Unified Extensible Firmware Interface (UEFI), (and originally enabled in Windows 8 and Windows 8.1) to ensure that the boot process isn’t compromised by rootkits and other aggressive types of malware. On devices equipped with the Unified Extensible Firmware Interface (UEFI), the Secure Boot process validates and ensures that startup files, including the OS loader, are trusted and properly signed, preventing the system from starting with an untrusted operating system. The signatures on all Boot Critical Drivers are checked as part of Secure Boot verification in WinLoad and by the Early Launch Anti-Malware driver. Any non-trusted components will not be loaded and will trigger remediation.
In the event that the UEFI firmware that Boot Manager does not match its signing information, it replaces Boot Manager with a backup copy. In the event that this also fails, the UEFI firmware will display some kind of remediation information, giving you a way to return to a trusted state. This remediation experience is implemented by each OEM, so the specifics differ.
After the OS loader hands over control to Windows 10, two additional security features are available:
There are a lot more specific details here, if anyone wants to go deeper:
https://msdn.microsoft.com/en-us/library/windows/hardware/dn653311(v=vs.85).aspx
On Windows 10 devices that include the appropriate hardware, two new features will significantly ease the process of authenticating to the device and to online services:
- Windows Hello This feature uses biometric authentication facial recognition, an iris scan, or a fingerprint to unlock devices. The technology is significantly more advanced than Windows 8.1 supported basic biometric authentications. Windows Hello requires an infrared-equipped camera (using the same technology found in the Xbox Kinect sensor) to prevent spoofing identification using a photograph.
- Microsoft Passport The second feature is based on a new API that works in conjunction with biometric authentication on an enrolled device to sign in to any supported mobile service. During the authentication process, no password is sent over the wire or stored on remote servers, cutting off the two most common avenues for security breaches.
Windows 10 also leverages security features found in Unified Extensible Firmware Interface (UEFI), (and originally enabled in Windows 8 and Windows 8.1) to ensure that the boot process isn’t compromised by rootkits and other aggressive types of malware. On devices equipped with the Unified Extensible Firmware Interface (UEFI), the Secure Boot process validates and ensures that startup files, including the OS loader, are trusted and properly signed, preventing the system from starting with an untrusted operating system. The signatures on all Boot Critical Drivers are checked as part of Secure Boot verification in WinLoad and by the Early Launch Anti-Malware driver. Any non-trusted components will not be loaded and will trigger remediation.
In the event that the UEFI firmware that Boot Manager does not match its signing information, it replaces Boot Manager with a backup copy. In the event that this also fails, the UEFI firmware will display some kind of remediation information, giving you a way to return to a trusted state. This remediation experience is implemented by each OEM, so the specifics differ.
After the OS loader hands over control to Windows 10, two additional security features are available:
- Trusted boot This feature protects the integrity of the remainder of the boot process, including the kernel, system files, boot-critical drivers, and even the antimalware software itself. Early Launch Antimalware (ELAM) drivers are initialized before other third-party applications and kernel-mode drivers are allowed to start. This configuration prevents antimalware software from being tampered with and allows the operating system to identify and block attempts to tamper with the boot process. UEFI that analyzes the boot loader to ensure it is both the right one and is signed by Microsoft. If you were to encounter a rootkit , the UEFI wouldn’t allow it to boot. Windows 8, 8.1 and Windows 10 detects if any of the OS elements have been tampered with and automatically restores the unmodified versions.
- Measured boot On devices that include a Trusted Platform Module (TPM), Windows 10 can perform comprehensive chain-of-integrity measurements during the boot process and store those results securely in the TPM. On subsequent startups, the system measures the operating system kernel components and all boot drivers, including third-party drivers. This information can be evaluated by a remote service to confirm that those key components have not been improperly modified and to further validate a computer’s integrity before granting it access to resources, a process called remote attestation.
There are a lot more specific details here, if anyone wants to go deeper:
https://msdn.microsoft.com/en-us/library/windows/hardware/dn653311(v=vs.85).aspx
Last edited by FreeBooter on 7th February 2017, 10:44 pm; edited 1 time in total
FreeBooter
Co-Administrator
