Windows 10 - Privacy and Security Features at a Glance (Part 1)

by [Published on 3 Dec. 2014 / Last Updated on 3 Dec. 2014]

This first article of our two part article series will look at the expected security features of Windows 10

If you would like to read the next part in this article series please go to Windows 10 - Privacy and Security Features at a Glance (Part 2).

The leap from window 8 or to be more precise Windows 8.1 to Windows 10 has had many puzzled as to why Windows 9, the expected progression, was bypassed. Windows 8 has left a bad taste in many mouths and has brought about great controversy; maybe the jump to Windows 10 will achieve the much-needed dissociation from this, Windows 8.

We can expect the release of Windows 10 later next year, 2015, but many have taken the opportunity to test the new version. This article will cover some of the expected features of Windows 10 with emphasis on how security and privacy are likely to be affected.

In this article we look at the security features. Look out for part two that will conclude everything that we think will be part of the Windows 10 family. Article two will also include the explanation of the features discussed in this article.

Introduction

Later next year (2015) we’re anticipating a brand new shiny Windows OS that surpasses the present, Windows 8.x. Microsoft foresee Windows 10 to be released nearing the end of 2015 and with substantial testing, preview and tweaking time available between now and then we’re hoping the new OS solves qualms that many are experiencing at present with Windows 8/8.1.

Amongst the Windows 8 annoyances are the UI designed with mobile devices in mind and seemingly useless for desktop and laptop application. Even shutting down the OS proved challenging at best for some. The attempt to encourage mobile and ‘touch’ computing and improve functionality backfired, and this was noted by senior Microsoft officials, a touch interface on a device without touch capabilities is not destined to be compatible but rather unclear and frustrating. So everyone agrees it’s time for change.

Microsoft set forth to rectify some of these discrepancies and Windows 8.1 was born. The start button was back, even if it did not work in the same way users are accustomed to, it was brought back nonetheless. Windows 8.1 proved to be that much easier to navigate and more user-friendly on desktops and laptops. With the release of Windows 8.1 users were no longer near drowning and merely treading water but were beginning to swim, even though with haphazard stroke- users were getting somewhere albeit slowly. Windows 8.1 proving to be an amalgamation of touch/mobile and desktop capabilities.

According to Microsoft Windows 8 flaunted great security enhancements, however many holes were still left open. Windows 8 primarily established security on signature-based technologies whereas more than mere perimeter defence is now required and complementing technologies are required to improve the security of that offered by Windows 8. Also much vulnerability present in Windows 7 had not been addressed in Windows 8 either.

Some of the security enhancements of Windows 8 included, improved malware detection and ELAM, secure boot, default anti-malware scanning, sandboxing for applications and Windows To Go (Portable Security). This is in no way suitable for enterprise and as quoted by many a Microsoft exec, it’s called essentials for a reason. If you are serious about security you can’t just have essentials installed you will need a third party anti-malware and AV technology.

Windows 8.1 was not close to resolving all flaws with the OS and for those users that moved from previous versions to 8 and 8.1 inevitably this required a great deal of compromise on their part. Those users that stayed with previous versions, i.e. Windows 7 perhaps escaped the interim ‘tablet destined’ version and frustrations of it all and may find the passage to Windows 10 to be more beneficial- only time will tell.

How will Windows 10 compare, and will it be an improvement on Windows 8 particularly with regard to security and privacy. Have Microsoft better accommodated their user’s requirements this time round rather than attempting to force users to learn the approach they believe best?

What we might expect to see in Windows 10

Although Windows 10 previews are well underway, we need to keep in mind that that is exactly what they are- a preview, it is not yet set in stone and hence any features or experiences taken from the preview may change before the official release date expected in 2015. Every couple of weeks Microsoft is releasing a set of revised features as and when various additions and changes are found to be necessary.

Below are some of the technical features that Microsoft has highlighted will be present in the Windows 10. The features will prove beneficial for both consumers and organisations. Please note these might change at any time and also might not make it into the gold code that is released. At the time of this writing this is what Microsoft and our researchers have found to be potentially in Windows 10.

User Interface/OS Features

Security Features

Features Especially Beneficial to Enterprise

Latest Start menu

Secure Remote Access

Enterprise data protection

Latest Windows Store (desktop apps, modern apps and digital content), with varied payment options

Single unlock gesture with multiple credential access

Enterprise Credential Protection

Improved desktop applications compatibility

Next Generation Credentials based on two factor authentication

Enterprise Lockdown

Universal applications platform for devices (phones, tablets and PCs)

NTLM isolation and random keys (integrated Windows authentication)

Enterprise Store

Applications present in Window

Identity provider based authentication for multiple identities

Full management support (MDM). The Mobile Device Management (MDM) will communicate with the volume Purchase portal.

New SWIPE features, three finger swipe up or down initiating various actions

Hyper-V Secure Execution Environment (securing credentials)

Enterprise Explorer Enterprise Investments

New manifest supported OS ID

Integrated Automated Data Protection

Learning Platform enhancements

New WinRT APIs (modern object-orientated APIs for improved interoperability for coding languages)

Phone authentication

Volume Purchase Portal (supporting bulk purchase and deployment and license management)

Multiple Desktops

Remote device credential storage and improved stronger authentication

Easier credential provisioning

Universal applications- usage throughout all form factors of devices

New biometrics support

New Deployment Options

Windows Store applications are compatible

Trusted Platform Model technology (TPM) or software KSP verification based authentication (hardware-based security)

Automated Data Protection Capabilities

 

Breach, theft and phish resistant   credentials

 

 

Application Signing Improvements to chosen trusted apps

 

 

Azure AD Integration

 

 

Faster Updates and patching

 

 

Per-Application VPN (deter malware   infections)

 

 

New device based on two factor   authentication

 

 

LSASS Isolation and Secret Isolation

 

Table 1

The above list, if realised, is fairly significant and a big jump forward in security, although it does not close all of the gaps that might be apparent in the Windows OS, it is a great improvement on Windows 8.x and below. It must be known that these feature enhance security and in no way replace third part security technologies. At best they alleviate the issues that are inherent in a modern OS. We feel that if 90% of these feature make it to Windows 10 we have a great operating system that is near ready for the cloud era.

In the next article part two in this series we will explore some of the explanations of the features listed in this article.

Conclusion

This is by no means a consolidation of what can be expected from Windows 10 when released next year, merely a glance into a work in progress.

Some may argue that some of the mentioned features are ‘reworked’ or already exist as Microsoft Azure services. So perhaps the features are not necessarily new but rather seen as ‘new’ with regards to their application, as it is inferred that many of them will be built into the Windows 10 OS as default.

Microsoft claims that the features will be user friendly and easily scalable across multiple form factors. However only after implementation will the challenges be known and the true effectiveness of their features be realised.

In theory management of devices seems promising with Windows 10 however organisations who support multiple form factors will still be faced with the responsibility of supporting and managing varied operating systems and we do not know the practicalities involved regarding workability of existing applications on these devices and how they will work in conjunction with Windows 10 features.

Keep abreast of the frequent updating to the features over the next couple of months and who knows we may be pleasantly surprised with the new Windows 10 OS or…maybe not (a lot can happen in the months ahead).

If you would like to read the next part in this article series please go to Windows 10 - Privacy and Security Features at a Glance (Part 2).

See Also


The Author — Ricky M. & Monique L. Magalhaes

Ricky M. & Monique L. Magalhaes avatar

Ricky M Magalhaes is an International Information Security architect, working with a myriad of high profile organizations. Monique is an international security researcher, she holds a BSc Degree (Cum Laude). Previously she has focussed on research and development at leading enterprises in the Southern hemisphere.