Microsoft shows why Windows 11 needs TPM – even if some PCs are left out

The security of Windows 11 is a hot topic, as the revamped operating system has much stricter defenses than Windows 10, but with the side effect of creating controversy and confusion on the system requirements front (and in made for gamers – more on that later).

However, Microsoft recently produced a video to show how Windows 11’s new safeguards – which include Trusted Platform Module (TPM), Secure Boot, and Virtualization-Based Security (VBS) – help make systems more secure against hackers. . In addition, it reminds us that these moves are an extension of what was already happening with Windows 10 (but most importantly, not at a mandatory level).

The clip stars Microsoft security expert Dave Weston as he explains why this higher level of security, which involves the aforementioned high hardware requirements – including support for TPM 2.0, which excludes quite a few PCs not so old as that – is necessary to defend against some potentially nasty security breaches.

Weston shows how this nastiness could occur in real-world situations, first demonstrating a remote attack using an open Remote Desktop Protocol (RDP) port, brutally forcing the password, and then infecting the machine with a ransomware. This was on a PC without TPM 2.0 and Secure Boot, and naturally, that wouldn’t be possible on a Windows 11 system.

The second attack used for demonstration purposes is a face-to-face attack that uses a Leech PCI device to access system memory and bypass fingerprint recognition to log in. VBS prevents this type of attack from being exploited against a Windows 11 system, and the old remote attack is prevented by UEFI, Secure Boot, and Trusted Boot (in conjunction with TPM).

YouTube video

Analysis: Land of Confusion

This is an interesting look at how these security countermeasures work against real attacks. Obviously, in some scenarios, there are good reasons to mandate TPM and the other security technologies mentioned to help protect a PC from a possible attack, be it a remote or local intrusion. .

No one will argue with better protection, but the problem with making these pieces of security technology a mandatory part of the system requirements is confusion over whether or not a PC has these capabilities.

In some cases, newer machines do indeed have the TPM built in, but it just isn’t enabled, leading to a frustrating situation where the owner of a modern device might be told that it isn’t. not compatible with Windows 11. And while this could simply be a case of enabling TPM, which is not difficult for a reasonably tech-savvy person, it could be very intimidating for a novice user (involving a trip to BIOS, a frightening place for the untrained eye).

VBS or Virtualization-Based Security has also been the subject of additional controversy, given that while it is not an issue for upgrades from Windows 10, it will be enabled by default on newer PCs that come bundled. with Windows 11 – and this causes a slowdown with game frame rate. By all accounts, VBS can also be a pretty serious obstacle for frame rates; and again, this adds to the confusion around what happens with Windows 11 machines in general.

Having a more secure PC is fine, no doubt, but there are costs here that potentially negatively impact the experience of some users adopting (or trying to adopt) Windows 11.

Via Neowin

Leave a Comment

Trending this Week