Windows 10 launches four major security improvements today
Microsoft released Windows 10 today. It has previously made an appointment to upgrade the user's computer for automatic upgrade. Many people already know that Windows 10 will be the last Windows version released by Microsoft, and the next generation of Windows will appear in the form of Update. In addition to improvements in operation and performance, Windows 10, which has been publicly declared by Microsoft as "the most secure Windows System in History", has its security been "extraordinary? Security Niu interviewed Zheng Wenbin, Chief Engineer of 360, on this issue.
Zheng Wenbin, an anti-Trojan expert, once discovered the Windows DirectShow video Development Kit vulnerability and was publicly thanked by Microsoft. He has a deep understanding and practical experience in the operating system kernel.
Windows 10 provides security improvements in the system kernel, application components, and applications. It also provides some new security functions. After analysis by the Security Technology Research Team, 360 proposed four highlights of Windows 10 in terms of security:
I. Hardware virtualization-based security isolation
Windows 10 introduces the Credential Guard and Device Guard security functions, and uses hardware virtualization technology to achieve security isolation.
These two features mainly exist in Windows 10 Enterprise Edition. Credential Guard uses the hardware virtualization function (VSM) to isolate the storage and management of Certificates/tokens from the real operating system, this prevents malicious programs from obtaining user certificates even if they have system kernel permissions. Attackers can use tools such as Mimikatz to implement Pass-to-Hash attacks and prevent further penetration of enterprise networks.
Device Guard allows enterprises to manage and lock devices and prohibit unauthorized software installation on devices.
2. Support for multi-factor authentication
Supports multi-factor authentication protection for mobile devices, biometric identification, and PIN codes to replace traditional Windows passwords.
3. Edge Browser
Edge browsers shield extensions of traditional ActiveX \ BHO \ Toolbars and outdated components such as VBScript, reducing the attack surface, especially those introduced by third-party controls.
Edge browser enables the full 64-bit process and enhanced protection mode sandbox protection (IE11 uses only 32-bit process and protection mode sandbox by default). Vulnerability attacks and sandbox protection are more difficult.
The core of the Edge browser rendering engine also enhances the protection or mitigation capabilities against vulnerabilities that affect ie in the past, making it more difficult for attackers to exploit the vulnerabilities to attack the browser.
Iv. Core security improvement
Windows 10 has enabled Control Flow Guard for the entire system. This function was subsequently added to the Windows 8.1 Update3 patch, which can effectively improve the difficulty of vulnerability attacks against Windows platform applications.
Windows 10 separates the kernel-mode font engine and runs it in an isolated user-mode environment. This effectively prevents Duqu attacks that directly intrude into the Windows Kernel through the Font Vulnerability, in addition, the Group Policy can be used to disable or audit loading of non-system fonts.
In addition, Windows 10 has more vulnerability defense and mitigation measures. For example, Windows 10 Kernel Object Manager adds cookies in the kernel object header to prevent kernel pool overflow attacks in the DKOM mode.
Security Protection suggestions
In addition to timely patch updates, operating system vendors, security vendors, and application vendors must work together to ensure security. Users should try their best to select software from professional security vendors with sufficient strength in the security defense field, such as security enterprises that closely cooperate with Microsoft in terms of security products.
Finally, Zheng Wenbin believes that Windows 10 is moving closer to more new security technologies and directions, such as hardware-based security protection, more isolation and security mitigation. Microsoft's security strategy is still designed to mitigate security issues layer by layer. At the same time, it works with security vendors and the industry to protect user security and jointly maintain the Windows ecosystem.