Five security threats Windows 10 protects you against
Love it or hate it, Windows 10 is a pretty secure OS
Windows 10 has as many detractors as it does fans. However, there's one area where it does improve things without any doubt, and that's security.
Here are five security threats which Windows 10 protects your PC from...
Closing vulnerability exploit windows
Arguably, the single most important security feature in this, and any, version of Windows is nothing new. Windows Update first saw light of day back in Windows 95, and that was more than 20 years ago. It still does what it did then, deliver patches for the operating system, but now it does it better than it ever has before.
Both the Home and Pro editions bypass the WUAPP.exe application and instead gets the updates directly from the cloud-based catalog.update.microsoft.com servers. By allowing updates automatically and downloading them as soon as possible, the exploit window remains as short as possible between a vulnerability being disclosed and the system patched.
Bring Your Own Device dangers
Conditional Access, which replaced the old Network Access Protection (NAP) technology that limited network access until a computer was proven safe enough, brings a different focus. NAP checked system health by looking at such things as OS updates being installed, a firewall enabled and antivirus signatures being current.
Conditional Access is more concerned with Bring Your Own Device (BYOD) management. It still requires a health check, but it's a cloud-based thing working with mobile device management tools to ensure secure boot state and measured boot data are OK along with the system updates, etcetera. It does require UEFI firmware and a TPM chip in order to work, though.
Advanced Persistent Threats (APT)
The Device Guard feature of Windows 10 is actually a combination of hardware and software features that should make your PC more resilient when it comes to falling victim to an Advanced Persistent Threat (APT) attack.
Because it requires a mixture of hardware and software technologies along with the OS controls in order to work, watch out for PCs with the 'Device Guard Ready' label - these are the ones you want. The OS controls include UEFI firmware Secure Boot and Kernel Model Code Integrity (KMCI), User Mode Code Integrity (UMCI), and AppLocker. By using a locked down program execution model, only running programs from a trusted list, it makes the combination of social engineering and malware that APTs rely upon harder to pull off.
Code injection and Buffer overrun exploits
The way that Virtualisation Based Security (VBS) moves part of the OS kernel into a virtual machine under Windows 10, enforced through Hypervisor Code Integrity (HVCI), makes it much harder for operating system threats using buffer overruns or code injection to work successfully.
This is because controls that are often targeted by such things, including Kerberos tickets and NTLM hashes, will now exist outside the OS itself. Indeed, by isolating the Local Security Authority Subsystem Service (LSASS) and the kernel in this manner, code integrity can be determined outside of the OS, where it's much safer from the threat of kernel-level malware.
Internet Explorer exploits
Microsoft Edge isn't an update to Internet Explorer, it's a complete from-the-ground-up rewrite that doesn't use the old Win32 API. Instead it is a Universal Windows App (UWA) which means it can run inside the UWA container sandbox for added security.
This isn't to say it doesn't share some similarities with Internet Explorer (indeed, there are some, mainly on the design front, such as using a fork of the Trident layout engine, for example). But it does significantly reduce the attack surface of the browser. Edge does not provide backwards capability for existing extensions, nor does it support ActiveX controls or Browser Helper Objects; both much beloved by malware developers.