The Windows 10 core will power the largest range of devices imaginable, from the desktop to small dedicated IoT (Internet of Things) devices, so it’s no surprise that Microsoft is taking security to a whole new level.
During Monday’s Vision Keynote at the 2015 Worldwide Partner Conference, Microsoft talked about some of the new robust protections into the very core of Windows 10.
“With Windows 10, we’ve taken a three dimensional approach to security.” says Terry Myerson, who oversees the Windows and Devices group at Microsoft.
The first of these is called Virtual Secure Mode, which utilizes hardware virtualization extensions to isolate the credentials cache. Similar to running virtualized systems in a server or the cloud, Myerson notes that any hacker who would gain access to the system wouldn’t be able to exploit the credentials cache to further traverse the network unless they are able to crack the silicon.
The next security feature is called Enterprise Data Mode, which is very similar to a feature debuted with Windows Phone 8. In short, companies can easily separate user and company data on a machine, and encrypt any corporate data using BitLocker with encryption keys owned by the company. Companies can revoke the key at any time, should a company want to later lock a user out of that data.
Secure Boot and the new Device Guard work together to protect devices from numerous attack vectors a nefarious person could try to exploit to hack their way into a system. Microsoft Group Program Manager Roanne Sones took to the stage with a compelling demo highlighting the explosive growth of IoT and how Windows 10 hopes to prevent hackers from stealing sensitive data generated by things like ATMs, PoS terminals, garage door openers, airline kiosks, etc.
Roannes notes that most system infiltration doesn’t require Mission Impossible style antics, but in many cases just an exposed USB port. Using a Toshiba PoS system and a barcode scanner as an example, the new Device Guard in Windows 10 would prevent one from simply unplugging the scanner and plugging in a USB drive. Secure Boot, meanwhile, forbids one from modifying the boot media from any system after it has been removed.
Stay tuned to our hub for more from the 2015 WorldWide Partner Conference, and specific news coming out of Microsoft at the Worldwide Partner Conference Spotlight.