What's Microsoft been up to? A quick tour of Windows 11 22H2's security features As it rolled out a laundry list of features in the latest version of Windows 11, namely version 22H2, this month, Microsoft has also detailed some of the added security mechanisms. These changes touch on a range of areas, including hardware, drivers, and printers as well as protections against credential theft and account …
Hardware for security? As in the immutable bits that when a flaw is discovered has to either get crippled or replaced with new shinier kit?
And how much of this kit will only work correctly when using Windows 11? Do we get any compensation with any hardware flaw?
It's a poor show whichever side of the OS fence you sit.
Why don't Microsoft just make windows a front end 'window manager' which can run on either their kernel (DOS etc) or Linux?
Then their 'whale song & mind altered'* UI designers don't have to worry about kernel security...
Would make running the whole mess a lot simpler as a VM
* this is the only rational explanation for them; otherwise they must be deliberately breaking it.......
My employer uses Microsoft Authenticator for MFA access to network resources. It's an app on your Android or Apple phone. I suppose the idea is that someone might steal your laptop but unless they have your phone too then they can't get in.
In the spirit of scientific enquiry I installed the app on an Android table. One without any kind of cellular connectivity. Works just fine.
So I put Android-86 in a VirtualBox VM on my laptop and installed the app there too. That works also. Very convenient. Totally insecure.
-A.
It's interesting how 'Microsoft's own malware tools' within Windows itself, added since Windows 10 started rolling out, are now being used more and more to create third party malware, that can bypass antivirus software by being lean.
Instead of containing vast amounts of encrypted code, the malware just use what's available, uses the tools Microsoft just leave lying around to generate its own telemetry and spyware, to extract user data.
The problem being, in many cases, none of these tools are locked down and are there for the picking.
The day they started building in screenshot generators into web browsers, for instance and why it should have always remained a tool that was an add-in.
That you choose to make great efforts to bypass the security options that are available to you, doesn't make them inherently bad. Two factor authentication is pretty much always collapsable to a single factor if the user is enough of an informed idiot to do so.
Making security measures idiot-proof is really a lost cause. You can make it such that the user in question has to go to greater lengths to circumvent their own protection (or that of their employer) but, in the end, there will pretty much always be a way to make your own systems less secure if you choose to,
I hate taking MS's side, but...
1. normal people don't have a clue what a VM is, and wouldn't know where to get hold of Virtual Box.
2. doing things that way is a deliberate attempt to bypass security.
3. Apple's 'security' sends a signal to every 'trusted' device available. If you're signing in on a Mac or iDevice, this _includes the Mac or iDevice that you're signing in on_. You don't have to set up a VM, you get the MFA message on the very device you're signing in on. Yes, really. (Assuming that you have the correct password, that is, and that the device is connected to the Internet) Apple's security is actually worse than Microsoft's, difficult though that may be to be believed. If you're signing into a Windows machine, you need an Apple device _which is on the list of trusted devices_ somewhere near. Windows machines are not on the list of trusted devices. (Imagine that!) If you don't have at least one Apple device which is trusted, you're screwed. Seriously, you get a dialog stating that someone currently at location X is trying to sign in. You you want to let them? If you click 'yes', you get a dialog with a six-digit number which you must input on the device that you want to log in on. There is a deadline after which you need a new number. Each 'trusted' device gets a different number.
I don't know enough about Android 'security' to comment. As Apple, Google, and Microsoft all use the same 'security' standard, I suspect that it isn't much better.
First line of defense: have a good password. Mine is 12-15 characters, depending on device, with lowercase, uppercase, numbers, and symbols. Do not use biometrics. Do not use PINs. Do not use funny figures or shapes or other MS nonsense. If the opposition doesn't have your password, they don't get as far as the MFA. A 12-15 character password is hard to break. Someone serious can still do it, but they'd have to really want in. John Q. Hacker would just go looking for easier targets. I hope.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
