Windows 10提供了内置的安全功能,可以用来保护他们的计算机。有的功能默认开启,有的需要配置,有的需要根据使用情况开启。在这篇文章中,我们将分享 Windows 10 中可用的安全功能列表。(Security)
Windows 10 安全功能
其中一些安全功能在Windows 10中可用,但需要管理员或企业(Enterprise)访问权限才能配置它们。
- Windows 安全
- 智能屏幕
- 应用程序防护
- 漏洞利用卫士
- 用户帐户控制
- 微软比特锁
- 凭据保护
- (Microsoft Defender ATP)适用于企业的(Enterprise)Microsoft Defender ATP
1]Windows安全
它是Microsoft(Microsoft)的内置防病毒(Antivirus)和安全(Security)解决方案,预装在Windows 10中。您可以将其称为第一道防线,确保您不需要第三方防病毒软件、防火墙配置器和其他任何东西。您可以阅读有关Windows 安全应用程序(Windows Security App)提供的一些重要功能的更多信息。
- 篡改保护(Tamper Protection)
- 勒索软件保护(Ransomware Protection)
- 受控文件夹访问
2]智能屏幕
在下载文件时使用浏览器或应用程序时,SmartScreen 功能( SmartScreen feature)可以立即阻止它。当较早报告的文件被标记为恶意软件或来自网络钓鱼网站时,就会发生这种情况。已为Microsoft Edge、Microsoft Store启用(Microsoft Store)SmartScreen
3] Windows Defender 应用程序防护(Windows Defender Application Guard)
应用程序防护可确保使用Microsoft Edge的任何人都受到保护。使用 Microsoft 的Hyper-V(Hyper-V)虚拟化技术可以缓解Edge的任何线程设备。对实际内存、本地存储、其他已安装应用程序的访问(Access)对攻击者是隐藏的。它是Windows Defender Device Guard的一部分。
4] Windows Defender Exploit Guard
Exploit Guard是一种预启动安全功能,可保护设备和系统免受启动级恶意软件的侵害。如果攻击者试图附加一个不带数字证书的驱动程序,那么它将不会加载Windows或驱动程序。它只允许授权的文件、驱动程序和应用程序。
5]用户帐户控制
UAC已经存在一段时间了,我们都时不时地对此感到恼火。是否见过每当您计划安装软件时弹出的屏幕?这是因为该软件使用非管理员权限访问运行,但需要管理员权限才能完成该过程。这就是为什么您会收到提示以允许完成这些步骤的权限。因此,任何在后台运行的软件都将无法在未经许可的情况下安装任何东西。
6]微软Bitlocker
BitLocker是Microsoft的驱动器加密解决方案,可确保第三方软件在没有密钥的情况下无法访问任何未经授权的数据。它适用于Windows 10 专业版(Professional)和企业版(Enterprise)。
阅读(Read):如何在 Windows 10 中重置 Windows 安全应用(reset the Windows Security app in Windows 10)。
7] Windows Defender Credential Guard
Credential Guard在Windows 10 Enterprise和Server 2016中可用,它使用虚拟化安全性来确保不是所有人都可以访问凭据,尤其是软件和浏览器。它保护Kerberos 票证授予票证(Kerberos Ticket Granting Tickets)、NTLM密码哈希和域凭据。
8]适用于企业的(Enterprise)Microsoft Defender ATP
该解决方案是企业可以使用的综合服务。它包括以下功能
- 威胁和漏洞管理
- 攻击面减少
- 下一代保护
- 端点检测和响应
- 自动调查和修复
- 微软威胁专家
Windows 10 现在更安全,具有UEFI(统一可扩展固件接口(Unified Extensible Firmware Interface))和安全启动(Secure Boot)等安全功能,可保护您的系统免受恶意文件和代码的侵害。
统一可扩展固件接口(Firmware Interface)
统一可扩展固件接口(Unified Extensible Firmware Interface)是一种定义与固件和现有操作系统的软件接口的功能。它控制系统的启动过程,需要新的磁盘格式和设备固件更改。UEFI更快地初始化 PC 硬件并帮助操作系统正常启动。它可以在两种不同的模式下工作, UEFI模式和BIOS 兼容(BIOS-compatibility)模式。虽然在BIOS 兼容(BIOS-compatibility)模式下UEFI引导您的 PC 与在BIOS系统中相同,但在(BIOS)UEFI模式下则不同且更安全
当您在UEFI模式下启动 Windows 10 PC 时,它会检查并确保驱动程序经过数字签名和验证。此功能检查是否有任何低级软件由Microsoft签名,并阻止像 rootkit 之类的恶意软件干扰系统的启动过程。
随Windows 10/8.1/8提供的新计算机系统在UEFI模式下具有统一可扩展固件接口(Unified Extensible Firmware Interface),但随Windows 7提供的系统在BIOS 兼容(BIOS-compatibility)模式下配置了UEFI 。
需要 UEFI 的 Windows 10 功能
- 安全启动(Secure Boot )–安全启动(Secure Boot)是一项安全功能,可确保您的 PC 仅使用受信任的软件进行启动。UEFI检查每个软件的数字签名,包括操作系统引导加载程序和驱动程序。如果引导加载程序或驱动程序未经制造商数字签名,PC 将无法启动。
- Early Launch Anti-Malware –此功能控制启动驱动程序的加载,并确保没有感染或未知的启动驱动程序加载。它确保在您的 PC 的反恶意软件启动之前没有加载第三方启动驱动程序。
- Measured Boot –此功能提供在您的 PC 上的反恶意软件之前加载的所有启动组件的日志。日志被发送到远程服务器进行评估并检查组件是否值得信赖。
Windows 10 的虚拟安全模式
- Device Guard –此功能适用于基于签名的检测,并在检测到任何可疑应用程序时锁定设备。它使用数字签名来验证应用程序是否值得信赖。Device Guard是硬件和软件安全功能的组合。即使机器被黑客入侵并且黑客可以访问Windows 内核(Windows Kernel),他们也无法运行恶意可执行代码。
- Credential Guard –此功能使用基于虚拟化的安全性,并提供平台安全性、硬件(Hardware)安全性、针对高级持续性威胁的更好保护和(Better)可管理性(Manageability)。此功能阻止凭据盗窃攻击技术,从而保护您的凭据。这些秘密受到基于虚拟化的安全性保护,即使以管理权限运行的恶意软件也无法提取它们。
此表列出了有关某个功能是否需要UEFI和TPM的详细信息(TPM)
Windows 10 已经走过了漫长的道路,并且比以往任何时候都更加安全。消费者可以使用Windows 安全(Windows Security)应用,而企业可以使用Defender ATP进行保护。我希望这篇文章能够突出 Windows 10 最突出的安全功能(Security Features)。
List of Windows 10 Security features that help you stay safe
Windows 10 offers built-in security features that one can use to safeguard their computer. Some of the features are enabled by default, while others need to be configured, while others need to be enabled depending on the usage. In this post, we are sharing the list of Security features available in Windows 10.
Windows 10 Security Features
Some of these security features are available in Windows 10, while will need admin or Enterprise access to configure them.
- Windows Security
- Smart Screen
- Application Guard
- Exploit Guard
- User Account Control
- Microsoft Bitlocker
- Credential Guard
- Microsoft Defender ATP for Enterprise
1] Windows Security
It’s a built-in Antivirus and Security solution from Microsoft which comes pre-installed in Windows 10. You can call it the first line of defense that makes sure you don’t need a third-party anti-virus, a firewall configurator and anything else. You can read more about some of the important features offered by the Windows Security App.
2] SmartScreen
When using a browser or an app when you download a file, the SmartScreen feature can block it instantly. It happens when an earlier reported file has been marked as malware or coming from the phishing website. SmartScreen is enabled for Microsoft Edge, Microsoft Store
3] Windows Defender Application Guard
Application Guard makes sure anyone using Microsoft Edge stays protected. Any thread devices for Edge are mitigated using Microsoft’s Hyper-V virtualization technology. Access to actual memory, local storage, other installed applications, are hidden from the attacker. It is part of the Windows Defender Device Guard.
4] Windows Defender Exploit Guard
Exploit Guard is a pre-boot security feature that protects devices and systems from boot-level malware. If the attacker tries to attach a driver which doesn’t carry a digital certificate, then it will not load Windows or the driver. It only allows authorized files, drivers, and apps.
5] User Account Control
UAC has been there for some time, and we all have been annoyed by it now and then. Ever seen the screen which pops up whenever you plan to install software? Its because the software ran using non-admin privilege access but needs admin privileges to complete the process. That’s why you get the prompt to allow permission for those steps to complete. So any software running in the background will not be able to install anything without permission.
6] Microsoft Bitlocker
BitLocker is a drive encryption solution from Microsoft which makes sure any unauthorized data access is inaccessible by third party software without a key. It is available for Windows 10 Professional and Enterprise.
Read: How to reset the Windows Security app in Windows 10.
7] Windows Defender Credential Guard
Available in Windows 10 Enterprise and Server 2016, Credential Guard uses virtualization security to make sure credentials are not accessible by everyone, especially software and browsers. It safeguards Kerberos Ticket Granting Tickets, NTLM password hashes, and domain credentials.
8] Microsoft Defender ATP for Enterprise
The solution is an umbrella service that an Enterprise can use. It includes the following features
- Threat & Vulnerability Management
- Attack surface reduction
- Next-generation protection
- Endpoint detection and response
- Automated investigation and remediation
- Microsoft Threat Experts
Windows 10 is now safer with security features like UEFI (Unified Extensible Firmware Interface) and Secure Boot which protects your system from malicious files and codes.
Unified Extensible Firmware Interface
Unified Extensible Firmware Interface is a feature that defines software interface with the firmware and the existing operating system. It controls your system’s boot process and requires a new disk format and device firmware changes. UEFI initializes the PC hardware faster and helps the operating system to boot normally. It can work in two different modes, UEFI mode, and BIOS-compatibility mode. While in BIOS-compatibility mode UEFI boots your PC the same as in BIOS system, it is different and safer in UEFI mode.
When you boot your Windows 10 PC in UEFI mode, it checks and ensures that the drivers are digitally signed and verified. This feature checks if any low-grade software is signed by Microsoft and blocks the malware like rootkits from interfering with your system’s boot process.
The new computer systems shipped with Windows 10/8.1/8 have the Unified Extensible Firmware Interface in UEFI mode, but the systems shipped with Windows 7 have UEFI configured in BIOS-compatibility mode.
Windows 10 Features that require UEFI
- Secure Boot – Secure Boot is a security feature that makes sure that your PC uses only trusted software to boot. The UEFI checks the digital signature of each software which includes the operating system boot loader and the drivers. The PC will not boot if the boot loader or the drivers are not digitally signed by the manufacturer.
- Early Launch Anti-Malware – This feature controls the loading of boot drivers and ensures that no that there is no infected or unknown boot driver loading. It makes sure that no third-party boot drivers load before the anti-malware software of your PC starts.
- Measured Boot – This feature gives a log of all boot components loaded before the anti-malware software on your PC. The log is sent to a remote server for evaluation and to check if the components were trustworthy or not.
Virtual Secure Mode of Windows 10
- Device Guard – This feature works on signature-based detection and locks the device if any suspicious application is detected. It uses the digital signatures to verify if the application is trustworthy or not. Device Guard is a combination of both hardware and software security features. Even if the machine is hacked and the hackers get access to the Windows Kernel, they cannot run the malicious executable code.
- Credential Guard – This feature uses virtualization-based security and offers platform security, Hardware security, Better protection against advanced persistent threats, and Manageability. This feature blocks the credential theft attack techniques thereby protecting your credentials. The secrets are protected by virtualization-based security and even the malware running with administrative privileges cannot extract them.
This table lays down the details about whether a feature requires UEFI and TPM
Windows 10 has come a long way and is secure than ever. Consumers can use Windows Security app while Enterprise can use Defender ATP to safeguard. I hope the post was able to highlight the most prominent Windows 10 Security Features.