In-depth

Five security threats Windows 10 protects you against

Love it or hate it, Windows 10 is a pretty secure OS

Windows 10 has as many detractors as it does fans. However, there's one area where it does improve things without any doubt, and that's security.

Here are five security threats which Windows 10 protects your PC from...

Closing vulnerability exploit windows

Arguably, the single most important security feature in this, and any, version of Windows is nothing new. Windows Update first saw light of day back in Windows 95, and that was more than 20 years ago. It still does what it did then, deliver patches for the operating system, but now it does it better than it ever has before.

Both the Home and Pro editions bypass the WUAPP.exe application and instead gets the updates directly from the cloud-based catalog.update.microsoft.com servers. By allowing updates automatically and downloading them as soon as possible, the exploit window remains as short as possible between a vulnerability being disclosed and the system patched.

Bring Your Own Device dangers

Conditional Access, which replaced the old Network Access Protection (NAP) technology that limited network access until a computer was proven safe enough, brings a different focus. NAP checked system health by looking at such things as OS updates being installed, a firewall enabled and antivirus signatures being current.

Conditional Access is more concerned with Bring Your Own Device (BYOD) management. It still requires a health check, but it's a cloud-based thing working with mobile device management tools to ensure secure boot state and measured boot data are OK along with the system updates, etcetera. It does require UEFI firmware and a TPM chip in order to work, though.

Advanced Persistent Threats (APT)

The Device Guard feature of Windows 10 is actually a combination of hardware and software features that should make your PC more resilient when it comes to falling victim to an Advanced Persistent Threat (APT) attack.

Because it requires a mixture of hardware and software technologies along with the OS controls in order to work, watch out for PCs with the 'Device Guard Ready' label - these are the ones you want. The OS controls include UEFI firmware Secure Boot and Kernel Model Code Integrity (KMCI), User Mode Code Integrity (UMCI), and AppLocker. By using a locked down program execution model, only running programs from a trusted list, it makes the combination of social engineering and malware that APTs rely upon harder to pull off.

Code injection and Buffer overrun exploits

The way that Virtualisation Based Security (VBS) moves part of the OS kernel into a virtual machine under Windows 10, enforced through Hypervisor Code Integrity (HVCI), makes it much harder for operating system threats using buffer overruns or code injection to work successfully.

This is because controls that are often targeted by such things, including Kerberos tickets and NTLM hashes, will now exist outside the OS itself. Indeed, by isolating the Local Security Authority Subsystem Service (LSASS) and the kernel in this manner, code integrity can be determined outside of the OS, where it's much safer from the threat of kernel-level malware.

Internet Explorer exploits

Microsoft Edge isn't an update to Internet Explorer, it's a complete from-the-ground-up rewrite that doesn't use the old Win32 API. Instead it is a Universal Windows App (UWA) which means it can run inside the UWA container sandbox for added security.

This isn't to say it doesn't share some similarities with Internet Explorer (indeed, there are some, mainly on the design front, such as using a fork of the Trident layout engine, for example). But it does significantly reduce the attack surface of the browser. Edge does not provide backwards capability for existing extensions, nor does it support ActiveX controls or Browser Helper Objects; both much beloved by malware developers.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

Microsoft tells IT admins to turn off legacy group policies to improve Windows performance
Microsoft Windows

Microsoft tells IT admins to turn off legacy group policies to improve Windows performance

21 Jan 2022
Best laptops 2022: Acer, Asus, Dell and more
Laptops

Best laptops 2022: Acer, Asus, Dell and more

18 Jan 2022
How to turn on Windows Defender
Software

How to turn on Windows Defender

14 Dec 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

8 Dec 2021

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022