在本文中,我们将讨论Windows 11中包含的各种(Windows 11)新的安全功能(new security features)和措施。Windows 11即将在拐角处引起轰动,并将于2021 年下半年发布。它让每个人都在谈论并想知道这个新版本中有什么新功能。(set to release)虽然Windows 11 中引入了许多新功能(new features introduced in Windows 11),但有些features are deprecated/ removed。这一次,微软(Microsoft)主要专注于改进Windows 11中的安全功能,以保护用户免受各种新出现的威胁和攻击。新的Windows 11在设计和内置要求上都是安全的。
微软(Microsoft)在Windows 11发布活动中表示:
“We have worked closely with our manufacturer and silicon partners to raise security baselines to meet the needs of the evolving threat landscape and the new world of hybrid work and learning.”
还:
“The new set of hardware security requirements that comes with Windows 11 is designed to build a foundation that is even stronger and more resilient to attacks.”
Microsoft确保通过内置安全启动、硬件虚拟化安全功能、Hypervisor-Protected Code Integrity以及(Code Integrity)Windows 11中更多基于安全的实施来改进安全基线。
(David Weston)微软企业(Enterprise)和操作系统安全(OS Security)总监David (Director)Weston表示:
“This next generation of Windows will raise the security baseline by requiring more modern CPUs, with protections like virtualization-based security, hypervisor-protected code integrity and Secure Boot built-in and enabled by default to protect from both common malware, ransomware and more sophisticated attacks.”
现在,让我们看看与之前的版本相比,Windows 11 将如何拥有更强大的安全功能。
Windows 11 中的新安全功能
以下是Windows 11中包含的新安全功能:
- 可信平台模块 (TPM)
- 支持基于 Azure 的Microsoft Azure 证明(Microsoft Azure Attestation)
- (New Security Innovations)Microsoft Pluton安全处理器等新的安全创新
- 安全核心 PC
- 微软(Microsoft)希望你完全放弃密码。
让我们详细讨论这些!
1]可信平台模块(TPM)
可信平台模块(Platform Module)( TPM ) 是(TPM)Windows 11中最突出的安全功能之一。TPM是一种芯片,用于在硬件屏障的背面保护机密和敏感数据,如加密密钥、用户凭据等。随着攻击者变得越来越聪明并使用先进技术篡改您 PC 上的数据,这将有助于保护您的 PC 免受恶意软件、勒索软件和其他网络攻击。TPM芯片单独添加到CPU中或集成到计算机主板中。
Microsoft 已将 TPM设为运行 Windows 11 的最低要求(minimum requirement to run Windows 11)。因此,只有当您的 PC 具有内置TPM芯片时,您才能运行Windows 11 。虽然一些高端 PC 使用TPM芯片。但是,现在它已成为在您的 PC 上使用Windows 11的必需品。(Windows 11)否则,您将无法升级到Windows 11。
为了让用户更轻松,TPM 2.0芯片将集成到所有经过认证的Windows 11系统中,以便客户可以利用硬件信任根支持的安全性。
阅读(Read):如何在 Windows 11 中使用 Windows 安全性以获得最佳保护。
2]支持(Support)基于 Azure 的Microsoft Azure 证明(Microsoft Azure Attestation)
基于 Azure 的Microsoft Azure Attestation ( MAA ) 基本上会在您访问多个平台之前验证其可信度。Windows 11 对基于 Azure 的Microsoft Azure Attestation(Microsoft Azure Attestation)提供了开箱即用的支持。当客户访问云中的敏感资源时,MAA启用零信任(Zero Trust)策略以确保平台安全。Azure 证明支持的策略验证身份和平台,帮助组织保护组织资源。
阅读(Read):为什么我的电脑与 Windows 11 不兼容?(Why is my PC not compatible with Windows 11?)
3]新的安全创新(New Security Innovations),如Microsoft Pluton安全处理器
Windows 11 将带来各种新的安全创新。其中包括硬件强制堆栈保护( hardware-enforced stack protection)、Microsoft Pluton 安全处理器(Microsoft Pluton security processor)等。这将确保保护用户免受零日攻击并加强零信任(Zero Trust)安全性。零信任(Zero Trust)安全方法基本上确保验证想要访问专用网络上资源的每个人和一切。这是Windows 11中的另一个重要安全更新。
阅读(Read): Windows 11 系统要求(Windows 11 System Requirements)。
4]安全核心PC
安全核心PC(PCs)通过结合身份、基于虚拟化的安全性、操作系统以及硬件和固件保护,在操作系统下增加了一个额外的安全层。它们对恶意软件感染和固件攻击的抵抗力提高了两倍。而且,它们使用户能够安全启动、防止固件漏洞、阻止未经授权的访问等。
阅读(Read):Windows 11 产品生命周期和服务更新(Windows 11 Product Lifecycle and Servicing Update)。
5]微软(Microsoft)希望你放弃密码
默认情况下,新的Windows 11设备从第一天起就没有密码。您现在无需输入密码即可登录。借助Windows Hello,Windows 11 正在转向更强大的身份验证方法,包括面部(Face)锁定、指纹(Fingerprint)、虹膜(Iris)和其他生物识别技术。企业中的 IT 管理员可以部署涉及对身份验证方法进行精细控制的Windows Hello(Windows Hello)企业版。(Business)
Windows 11主要关注硬件安全要求,以缓解各种固件攻击、零日漏洞、恶意软件感染和其他网络攻击。所有这些新的硬件安全都与即将推出的使用 TPM 2.0 安全芯片的配备 Pluton 的系统和设备兼容,包括戴尔(Dell)、惠普、宏碁(Acer)、华硕(ASUS)等。上述设计和内置功能结合在一起为Windows 11增加了额外的安全层。微软(Microsoft)这次的主要目标是通过一组增强的内置安全功能提高生产力。
现在阅读:(Now read: )规划 Windows 11 部署?(Planning for Windows 11 Deployment?)
New Security Features in Windows 11
Іn this article, we will discuѕs various new security features and measures that are incorporated in Windows 11. Windows 11 is making buzz around the corner and is all set to release in the second half of 2021. It has got everyone talking and wondering what’s new in this new version. While there are a lot of new features introduced in Windows 11, some features are deprecated/ removed. This time, Microsoft has primarily focussed on improving the security features in Windows 11 to protect users from various emerging threats and attacks. The new Windows 11 is secure by design and built-in requirements.
Microsoft says in Windows 11 announcement event:
“We have worked closely with our manufacturer and silicon partners to raise security baselines to meet the needs of the evolving threat landscape and the new world of hybrid work and learning.”
Also:
“The new set of hardware security requirements that comes with Windows 11 is designed to build a foundation that is even stronger and more resilient to attacks.”
Microsoft is making sure to improve the security baseline through built-in secure boot, hardware virtualization security features, Hypervisor-Protected Code Integrity, and much more security-based implementations in Windows 11.
David Weston, Microsoft’s Director of Enterprise and OS Security, stated that:
“This next generation of Windows will raise the security baseline by requiring more modern CPUs, with protections like virtualization-based security, hypervisor-protected code integrity and Secure Boot built-in and enabled by default to protect from both common malware, ransomware and more sophisticated attacks.”
Now, let’s have a look at how Windows 11 will have greater security features as compared to previous releases.
New Security Features in Windows 11
Here are the new security features that are incorporated in Windows 11:
- Trusted Platform Module (TPM)
- Support for Azure-based Microsoft Azure Attestation
- New Security Innovations like Microsoft Pluton security processor
- Secured-core PCs
- Microsoft wants you to ditch passwords completely.
Let us discuss these in detail!
1] Trusted Platform Module (TPM)
Trusted Platform Module (TPM) is one of the most prominent security features in Windows 11. TPM is a chip that is used to secure confidential and sensitive data like encryption keys, user credentials, and more in the back of a hardware barrier. As attackers getting smarter and using advanced techniques to tamper data on your PC, this will help protect your PC against malware, ransomware, and other cyberattacks. TPM chip is added to the CPU individually or integrated into your computer’s motherboard.
Microsoft has made TPM a minimum requirement to run Windows 11. So, you can run Windows 11 only if your PC has built-in TPM chips. Although some high-end PCs use TPM chips. But, now it has become a necessity for using Windows 11 on your PC. Else, you won’t be able to upgrade to Windows 11.
To make it easier for users, TPM 2.0 chips will be integrated into all certified Windows 11 systems so that customers can take advantage of security backed by a hardware root of trust.
Read: How to use Windows Security in Windows 11 for the best protection.
2] Support for Azure-based Microsoft Azure Attestation
Azure-based Microsoft Azure Attestation (MAA) basically verifies the trustiness of multiple platforms before you access it. Windows 11 has out-of-the-box support for Azure-based Microsoft Azure Attestation. When customers access sensitive resources in the cloud, MAA enables Zero Trust policies to ensure that the platform is secure. Azure Attestation-backed policies verify both identity and platform helping organizations to safeguard organization resources.
Read: Why is my PC not compatible with Windows 11?
3] New Security Innovations like Microsoft Pluton security processor
Windows 11 will come with various new security innovations. These include hardware-enforced stack protection, Microsoft Pluton security processor, etc. This will ensure to protect users from zero-day exploits and also strengthen Zero Trust security. Zero Trust security approach basically ensures to verify everyone and everything that wants to access resources on a private network. This is another important security update in Windows 11.
Read: Windows 11 System Requirements.
4] Secured-core PCs
Secured-core PCs add an extra security layer beneath the OS by combining identity, virtualization-based security, operating system, and hardware and firmware protection. They are twice more resistant to malware infection and firmware attacks. And, they enable users to boot securely, be secure against firmware vulnerabilities, block unauthorized access, and more.
Read: Windows 11 Product Lifecycle and Servicing Update.
5] Microsoft wants you to ditch passwords
By default, the new Windows 11 devices will now be without passwords from day one. You won’t have to enter the password now to log in. With Windows Hello, Windows 11 is moving onto more strong authentication methods including Face lock, Fingerprint, Iris, and other biometrics. IT admins in enterprises can deploy Windows Hello for Business that involves granular control of authentication methods.
Windows 11 primarily focuses on hardware security requirements to mitigate various firmware attacks, zero-day exploits, malware infection, and other cyber attacks. All this new hardware security is compatible with forthcoming Pluton-equipped systems and devices using a TPM 2.0 security chip, including Dell, HP, Acer, ASUS, and many more. The above-discussed design and built-in features combined together add extra layers of security to Windows 11. The main aim of Microsoft this time is to improve productivity with an enhanced set of built-in security features.
Now read: Planning for Windows 11 Deployment?