Home United States USA — software Windows 11 Is Ultra Secure—Here's How to Keep It That Way

Windows 11 Is Ultra Secure—Here's How to Keep It That Way

123
0
SHARE

You can’t run Windows 11 on a PC that lacks essential security hardware. That’s a good thing. Less promising is the fact that you can disable these requirements. Don’t do that!
You may have noticed there’s a lot more news about ransomware and other malware attacks on Windows than on macOS, and more on Android than on iOS. The reason is simple. Malware coders hit Windows and Android because that’s where the most security holes are found. As Windows 11 achieves wider usage, that may change. Microsoft has taken the bold step of requiring essential security hardware to run Windows 11, even though it means some older PCs will be stuck, unable to upgrade. With the boot process shielded and cryptographic routines running in protected memory, this Windows edition is thoroughly protected against a wide range of attacks.
Just how does this added security work? Microsoft will happily supply endless pages of detailed descriptions. For those who prefer a broader view, here’s a simple rundown of what I learned—and what I found when I installed the new OS. The TL;DR? Windows 11 may not look like a major update from Windows 10, but when it comes to security, it’s a sea change—unless you deliberately cripple it.Installing Windows 11 on a Virtual Machine
To get started, I needed to install Windows 11 on a VMWare virtual machine. I do almost all testing of security products using virtual machines. That way I can release real-world ransomware without worrying about real-world damage if the antivirus fails its defensive task. We’ve covered the basics of how to create a Windows 11 virtual machine, but I found I had to go beyond what our article suggested. The biggest tweaks I had to make involved security.
Initially, I tried updating an existing Windows 10 virtual machine to Windows 11. Unfortunately, the PC Health Check app quickly reported that “this PC doesn’t currently meet Windows 11 system requirements,” noting that it needs Secure Boot support and a Trusted Platform Module (TPM).
Virtual machines are flexible, though, and adding new components can be a virtual experience. Secure boot requires UEFI firmware, for starters. I tried to just change the firmware type to UEFI in Virtual Machine Settings, ignoring the warning that doing so “might cause the guest operating system to become unbootable.”
Surprise! When I made that change, it rendered the virtual machine unbootable. After some research, I concluded that changing the firmware type seems possible, but only for someone with skills far beyond my own. To be fair, changing the firmware in a physical computer would also be too tough for most users.
Starting fresh, I created a new virtual machine with custom settings. This let me choose UEFI firmware with Secure Boot, a good start. In the last step, customizing hardware, I tried to add a TPM. The VMware screen explained, “The virtual machine must be encrypted and using UEFI firmware.

Continue reading...