Microsoft has made a significant improvements in security and identity space with Windows 10. In Windows 10, Microsoft is trying to address modern security threats with advancements to strengthen identity protection and access control, information protection, and threat resistance. With Windows 10, Microsoft is creating user identities for accessing devices, apps and sites that improve resistance to breach, theft or phishing. It takes the concept of multi-factor solutions such as smartcards or token-based system and builds it right into the operating system, in turn also eliminating the need for extra security hardware peripherals.
Microsoft has also made a new way to protect enterprise data. While BitLocker helps protects data as it resides on a device, once the data leaves the device it’s no longer protected.
With Windows 10 we are able to provide an additional layer of protection using containers and data separation at the application and file level – enabling protection that follows the data wherever it goes. Whether the data moves from a tablet or PC to a USB drive, email or the cloud – it maintains the same level of protection. This solution will stand out because of its ease of use and ability to help protect data right at the file level. Users won’t need to change behavior, use special apps, or move to a separate, locked-down environment to keep corporate data secure.
Read this interview at TechRadar in which Chris Hallum, who manages the security features in Windows and Windows Phone spoke about the improvements they have made in Windows 10. He spoke about next generation credentials, how he expects OEMs to adopt and support it, and more.
He also spoke about the concept of Container in Windows. Windows 10 is made up of multiple containers and Windows is in one container, but the security token from Active Directory and the LSA authentication service that issues it are in another container, running on top of Hyper-V virtualisation in what Microsoft calls a Virtual Secure Mode.
Those tokens are what many attackers have been targeting when they break into companies using a technique known as Pass the Hash. “Once attackers have that token they have your identity, it’s as good as having your username and password. They gain admin privileges and run a tool to extract the token and take it, and then they can move around the network and access all these servers without ever being asked for a password,” explains Hallum.
“We’ve taken these tokens which were being protected by Windows in a software store which was susceptible to malware or to applications with a high level of privilege and we’re putting them inside a container. Even the kernel doesn’t have access to take information out of that container if it’s compromised.”
That container is the VSM. “The VSM is basically a mini OS. Think of it as a Windows core OS – it’s a very small OS that will require about 1GB of memory and has just enough capability to run the LSA service that’s used for all our authentication brokering.”
It won’t affect the performance of your PC, he says, but you will need to have Windows 10 on your PC, a CPU that supports hardware virtualisation and the next version of Windows Server on your Active Directory domain controller.
That means even if you are infected by a rootkit or bootkit that takes over the Windows kernel, your tokens would still be safe.
He feels that the new security features in Windows 10 alone will make Windows 10 a compelling upgrade for users.
Read his full interview here.