The other day, my dad – while passing my bellows for technology – mentioned that he had read online that Windows 11 should not be used and that the operating system was not being adopted.
Dad had a word. He is now an Apple user – I put him on my phone plan to support his technical needs, he uses an iPhone and has an iPad. As its needs have changed, so has its reliance on Windows devices. In fact, his current Windows needs include applications that are not on the Apple platform. (And since he is a standalone user, not a domain user, much of Windows 11’s progress will not be available to him with authentication.)
“ComputerWorld” recently noted that Windows 11’s UpTech is running slowly, running at only 1.44% of all systems. This is similar to what I see at home and in my office. At home I have a single computer, a Surface Pro 7 that can run Windows 11 In the office, I only have two computers that support Windows 11
In fact many users Can’t Run Windows 11. If you are, and are interested in why you can’t run Windows 11, you can download the ByteJins tool to find out exactly why. For example, the laptop I use has a trusted platform module that will support Windows 11. But its processor does not support Virtualization based security (VBS)
Windows 11 confirms that VBS is enabled by default to support hypervisor-enforced code integrity. While you may argue that this protection may not be required on a standalone workstation, the enterprise will want to make sure that it is enabled. (This is not a new technology, but the order is new.)
Windows Defender Credential Guard requires VBS, which protects domain certificates over a network. As mentioned: “Credential Guard is a virtualization-based isolation technology for LSASS that prevents attackers from stealing credentials that can be used to pass a hash attack. আপ After compromising with a system, attackers often try to extract any stored credentials for further lateral movement through the network. A major goal is the LSASS process, which stores NTLM and Kerberos certificates. Credential Guard prevents attackers from dumping certificates stored in LSASS by running LSASS in a virtualized container that even a user with system privileges cannot access. The system then creates a proxy mechanism called LSAIso (LSA Isolated) to communicate with the virtualized LSASS process.
Although it already works on Windows 10, Windows 11 builds on this protection. Sounds great for business, doesn’t it? But there is a problem: many users are not properly licensed to improve the security of Windows 11. The key is Windows Defender Credential Guard – you need an enterprise license to use it. So while it provides a lot of protection for your user or login privacy, it is not available to many users. In future versions of Windows 11, Credential Guard will be enabled by default, but again, only for enterprise customers.
Another new technology I’m excited about is smart application control, although I have some concerns about it. Smart app control, as Microsoft explains, “prevents users from running malicious applications on Windows devices that block the default, unsigned or unsigned applications. In addition to using code signing, our new Smart App Controls allow only processes that are predicted to be secure based on an AI model for either a code certificate or an application trust in Microsoft Cloud.
“Model estimates 24 hours latest threat occurs on intelligence which provides trillion signals. When running a new application in Windows 11, only known secure applications are allowed to run. Check its signature and key features against this model. This means that Windows 11 users can be confident that they are using only secure and reliable applications on their new Windows device. Smart app control will be sent to the new device with Windows 11 installed on it. You need to have a clean installation of Windows 11 to get it. “
I still regularly install software that is unsigned. So I already know that smart application control won’t work for me in the office or at home because I can’t run the software using a “whitelist” method. I’m not even sure what licensing will be required. Will it be available to everyone? Will it be an enterprise-only feature?
Bottom line: Windows 11 will be great for enterprises if you have the right license to take advantage of these features. But I’m not sure it gives you a great advantage at home. If you’re worried that your old hardware won’t run Windows 11, don’t do it. Windows 11 is the next version of Windows and doesn’t really bring much security to the average user. That’s why my dad will continue to use Windows 10 for now and don’t worry about Windows 11.
Copyright © 2022 IDG Communications, Inc.