Data Structure
Networking
RDBMS
Operating System
Java
MS Excel
iOS
HTML
CSS
Android
Python
C Programming
C++
C#
MongoDB
MySQL
Javascript
PHP
Physics
Chemistry
Biology
Mathematics
English
Economics
Psychology
Social Studies
Fashion Studies
Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
Top In-built Security Features in Windows 11
Over the past, Microsoft has been providing users with one of the best-operating systems with Windows. Windows 11 is the latest version of their series, and it is one the best ones so far, especially when it comes to security. Although there were many controversies behind the minimum requirement aspects, it was viable for almost all computers.
But the reason for these hardware requirements is acceptable since they claim to provide high security with built-in features allowing users to have a safe and secure time with their computers. Let us now take a look at some of the new built-in security features of Windows11.
Security Features in Windows 11
Let's take a look at the top in-built security features available in Windows 11 −
Trusted Platform Module 2.0 (TPM 2.0)
TMP is a tamper-resistant technology that conducts cryptographic tasks, including producing and storing cryptographic keys securely. It's most famous for its part in Secure Boot, which ensures that computers only load trustworthy boot loaders, and BitLocker disk encryption. It serves as the safe foundation for several security features in Windows 11, including Measured Boot, Secure Boot's big brother, BitLocker (Device Encryption on Windows Home), Windows Defender System Guard; Device Health Attestation; Windows Hello; and more.
Unified Extensible Firmware Interface (UEFI)
UEFI is a publicly available specification for connecting a computer's firmware to its operating system. It's a BIOS firmware replacement for older computers. UEFI allows for computer maintenance and remote diagnostics. UEFI supports secure Boot. Most devices with UEFI firmware have this security feature built-in. This can provide a safe environment for Windows to run in and prevent viruses from infiltrating the machine during the boot process.
Pluton
Pluton Windows 11 is pre-configured to work with the Pluton TPM architecture, which has a catchy name. It's been a part of the Xbox One gaming system since 2013, but it's not yet available on PCs.
Pluton detects a security chip embedded in the CPU, preventing physical attacks on the communication path between the CPU and the TPM. Pluton is backward compatible with existing TPMs, but it can do more if you let it. Pluton also offers Secure Hardware Cryptography Key (SHACK) technology, ensuring that keys are never exposed outside the secured hardware, including the Pluton firmware.
Microsoft Defender Application Guard (MDAG)
MDAG is used in conjunction with your environment's Network Isolation settings to define your private network borders, as determined by your enterprise's Group Policy.
MDAG may be used with Microsoft 365 and Office to restrict Word, PowerPoint, and Excel files from accessing trusted resources such as enterprise credentials and data, in addition to securing your browser sessions. This feature was provided for Microsoft 365 E5 clients as part of a Public Preview in August of 2020.
MDAG can be enabled using the Windows Features menu or a simple PowerShell command in Windows 10 Professional, Enterprise, and Educational SKUs.
Microsoft Azure Attestation (MAA)
MAA, which may remotely check the integrity of a system's hardware and software, is supported out of the box in Windows 11. According to Microsoft, this will enable businesses to implement Zero Trust requirements when accessing critical cloud resources.
Virtualization-Based Security (VBS) and Hypervisor-Protected Code Integrity (HVCI)
Microsoft's Hyper-V is used to construct and isolate a secure memory zone from the OS in virtualization-based security. This protected region is used to execute several security solutions that can protect the operating system from old vulnerabilities (such as unmodernized application code) and stop exploits that try to circumvent those safeguards.
HVCI employs VBS to improve code integrity policy enforcement by verifying all kernel-mode drivers and binaries before starting them and preventing unsigned drivers and system files from being loaded into system memory.
Because the hypervisor can prohibit malware from executing code or obtaining secrets, even if malware has access to the kernel, the scope of an exploit can be constrained and contained.
VBS does the same thing for application code: it examines programs before they're loaded and only begins them if allowed code signers sign them, and it does it by granting rights to every page of system memory. This is done in secure memory space, ensuring kernel viruses and malware are protected more effectively.
104 Views
