The Windows Club

Upgrading to Windows 10 v1607 – Security implications

Customer’s security has always been the top priority for Microsoft and the company is all set to release its Windows 10 Anniversary Update with latest security innovations and implications. Windows 10 is now safer with security features like UEFI (Unified Extensible Firmware Interface) and Secure Boot which protects your system from malicious files and codes.

Unified Extensible Firmware Interface

Unified Extensible Firmware Interface is a feature which defines software interface with the firmware and the existing operating system. It controls your system’s boot process and requires a new disk format and device firmware changes. UEFI initialize the PC hardware faster and helps the operating system to boot normally. It can work in two different modes, UEFI mode, and BIOS-compatibility mode. While in BIOS-compatibility mode UEFI boots your PC same as in BIOS system, it is different and safer in UEFI mode.

When you boot your Windows 10 PC in UEFI mode, it checks and ensures that the drivers are digitally signed and verified. This feature checks if any low-grade software is signed by Microsoft and blocks the malware like rootkits from interfering with your system’s boot process.

The new computer systems shipped with Windows 10/8.1/8 have the Unified Extensible Firmware Interface in UEFI mode, but the systems shipped with Windows 7 have UEFI configured in BIOS-compatibility mode.

Windows 10 Features that require UEFI

Secure Boot – Secure Boot is a security feature which makes sure that your PC uses only trusted software to boot. The UEFI checks the digital signature of each software which includes the operating system boot loader and the drivers. The PC will not boot if the boot loader or the drivers are not digitally signed by the manufacturer.

Early Launch Anti-MalwareThis feature controls the loading of boot drivers and ensures that no that there is no infected or unknown boot driver loading. It makes sure that no third party boot drivers load before the anti-malware software of your PC starts.

Measured BootThis feature gives a log of all boot components loaded before the anti-malware software on your PC. The log is sent to a remote server for evaluation and to check if the components were trustworthy or not.

Virtual Secure Mode of Windows 10

Device Guard This feature works on signature-based detection and locks the device if any suspicious application is detected. It uses the digital signatures to verify if the application is trustworthy or not. Device Guard is a combination of both hardware and software security features. Even if the machine is hacked and the hackers get an access to the Windows Kernel, they cannot run the malicious executable code.

Credential GuardThis feature uses virtualization-based security and offers platform security, Hardware security, Better protection against advanced persistent threats and Manageability. This feature blocks the credential theft attack techniques thereby protecting your credentials. The secrets are protected by the virtualization-based security and even the malware running with administrative privileges cannot extract them.

This table lays down the details about whether a feature requires UEFI and TPM

You can read more about the security implications here on TechNet if you are interested.