We are excited to bring back Transform 2022 in person on July 19 and virtually from July 20 to August 3. Join AI and data leaders for insightful talks and exciting networking opportunities. Learn more about Transform 2022
Microsoft on Tuesday unveiled new and updated Windows 11 security features coming later in 2022, including enhanced phishing and malware protections that aim to dramatically reduce the workload of security teams, a Microsoft security executive said. to VentureBeat.
Cybersecurity teams are continually faced with a “giant funnel” of issues that need to be fixed, but with upcoming security capabilities coming to Windows 11, “that funnel is going to be much, much smaller,” said David Weston, vice president of OS and enterprise security at Microsoft, in an interview. “That is our goal. We want to reduce the number of things that security teams have to review and make life easier for them. And that allows them to dig deeper into the things that matter.”
When Microsoft released Windows 11 starting last October, the company said a key factor for the new operating system was allowing more security features to be turned on by default than in Windows 10.
For the annual feature update coming in the second half of 2022, Microsoft intends to go much further with a host of new Windows 11 security capabilities, including many that will be turned on by default, aimed at reducing the problem funnel for security teams. to a trickle,” Weston said.
Transition to Windows 11
While the new features won’t arrive for months, Microsoft is revealing details now in part to help generate more interest among businesses in migrating to Windows 11. Figures from AdDuplex show that Windows 10 PCs still outnumber devices running Windows 11 at a ratio of four to four. -a margin, and the margin is likely to be even higher among businesses, which often take longer than consumers to move to new OS versions.
Among the new features Microsoft has announced are capabilities that have the potential to make a “big dent” in targeted phishing and malware attacks, ultimately reducing the proliferation of ransomware, Weston said.
The Microsoft Defender SmartScreen solution will deliver enhanced phishing detection beginning with the upcoming Windows 11 annual release, by alerting users when they enter Microsoft credentials into a malicious website or application.
Weston said that while phishing prevention has been offered for browsers in the past, Microsoft is now moving it to the operating system layer for the first time. “That means every app now has the ability to have phishing prevention available,” she said.
The feature will also allow Microsoft to alert a user’s security operations team when that user has been the victim of a successful phishing attack, according to Weston.
In terms of stopping malware, Microsoft plans to introduce Smart App Control, a new feature in Windows 11 that will thwart malicious apps by running only cryptographically signed apps.
This takes advantage of a concept that Microsoft had implemented in its edition of Windows 10S, which locked down devices so they could only run apps from the Microsoft Store. “It was great for security. We had no malware,” Weston said.
However, many users wanted the option to run apps that weren’t in the Microsoft Store. With Smart App Control, “this solves that problem. It allows you to say that anyone who can sign an application can now run it,” said Weston. On the other hand, “if we don’t know who wrote this and we don’t know [if] that person is known for writing good apps, we’re not going to let it work.”
The result, according to Weston, is that “99% of the apps you’ll ever want to use will work just fine. And, above all, what will be blocked is malware.”
“It’s reversing the ‘whack a mole’ model into ‘prove to me you’re good,'” he said. “It really is zero trust for applications.”
Starting with the 2022 Windows 11 Annual Feature Update, Smart App Control will automatically be included with newly shipped devices. Other devices will need to reboot and undergo a clean install of Windows 11 to use the feature, according to Microsoft. “We need to start with a clean slate, so that we can fully assess if there is [are] any incompatibility with the system,” Weston said.
Ultimately, when it comes to these new features to reduce phishing and malware, “our strategy is to cut to the heart of the techniques that are being used to abuse our users today, and stop that,” he said.
Other security improvements Microsoft is announcing include increased availability of Virtualization-Based Security (VBS), turned on by default, with the arrival of the Windows 11 2022 Annual Feature Update.
With the initial version of Windows 11, only the latest CPUs were capable of supporting VBS by default, but with the next version, virtualization-based security will now be turned on by default for every supported processor, Weston said.
Virtualization-based security enables several key security features, which will be turned on by default in Windows 11 with the next release of the operating system. Those features include Hypervisor Protected Code Integrity (HVCI), which prevents dynamic code from being injected into the Windows kernel, as has happened in previous attacks, including WannaCry.
VBS on by default will also enable two new security features to automatically run in the next Windows 11 update. Credential Guard is a feature that leverages VBS to protect against credential theft tactics, such as hashing, as well as preventing malware to access system secrets. A second new feature enabled by default will give the process more protection from the local security authority (LSA), ensuring that the process only loads signed code.
“The traditional way to target that process was through malicious drivers, but we’re blocking a lot of them” with this upcoming feature, Weston said.
New encryption feature
An upcoming additional security feature in Windows 11, Personal Data Encryption, will serve as a second layer of encryption beyond BitLocker. This second layer will be file-specific and tied to the users’ Windows Hello credentials. Thus, if an attacker was “somehow [able] to get past BitLocker, these files would still remain encrypted,” Weston said.
Microsoft is also using this announcement to draw attention to a security feature that the company hadn’t previously discussed, but has, in fact, been available in Windows 11 from the start. That feature, configuration lockdown, automatically restores systems to the organization’s desired security settings if a user or administrator changes them.
Configuration lockdown provides another layer of protection in the event of an unexpected device state change, according to Weston, and in particular helps ease some of the burden on IT and security teams.
In the same vein, Microsoft is also promoting the commercial launch of its Pluton security processor, scheduled for next month, which will bring benefits including automatic firmware updates, Weston said. Pluto will be available on select devices from vendors like Lenovo, for PCs with AMD or Qualcomm processors (no Intel for now), he said.
For devices with the Pluton security chip, firmware updates will be delivered via Windows Update and will require no manual effort, Weston said.
Overall, with the Windows 11 security features revealed by Microsoft today, “we’re going to make everyone’s life easier by acting as the global security team,” he said.
“We’re not going to push for them to set up, we’ll do it ourselves,” Weston said. “We’re going to turn things on by default. Let’s make that funnel smaller. And therefore security teams will have less to deal with and it will be a better quality of security overall.”
The VentureBeat Mission is to be a digital public square for technical decision makers to learn about transformative business technology and transact. Learn more about membership.