Microsoft promises Windows 10 will mean two-factor auth for all
Sneak peek at security features Redmond's baking into new OS
Windows doesn't have the best reputation for security, but Microsoft has been outlining a series of improvements in the new operating system that it believes will stymie hackers and leave corporate data more secure.
"We're no longer facing an evolution in security threats but a revolution," Chris Hallum, senior product manager for Windows told The Register. "The reality is that the systems currently in place don't offer the fundamental immunity we need to deal with such threats."
Hallum outlined three key technologies Microsoft will be building into Windows 10 that will be used to add protection. More will be added before the operating system ships next year but these are the teasers that Microsoft's sure will be included.
First, support for two-factor authentication is going to be built into the OS as standard and the preferred login setting. Full support for fingerprint recognition is being built into the stack, and there'll also be support for other biometrics, but Microsoft sees the phone as the primary tool for adding two-factor auth to the system.
Only launch users will be able to turn their iOS, Android or Windows Phone smartphone into an authentication token that clears access via Wi-Fi or Bluetooth. There are no plans for a BlackBerry version as yet but Hallum said Microsoft would be keeping an eye on BlackBerry's popularity (politely declining to add the obligatory "or lack of it").
Once users have logged in, Microsoft wants to safeguard the data they are using, and so is adding containerisation technology for each file, ensuring it is sandboxed and encrypted. The system is designed to work with the trusted platform module contained in many PCs these days, although it will manage without one too, just not in as seamless a fashion.
Hallum said that the data protection system is designed to minimise processor load and there should be "no appreciable" slowdown for users working with the system. It will also uphold the safety of VPN connections, he said, and IT managers would have full control over what can and cannot pass through the protected data tunnels.
Finally, Microsoft is hoping to block whole classes of malware by instituting a code-signing system for software. All apps in the Windows Store will be checked for malware and signed off as safe for use (including 32-bit apps) and the company is also instituting a self-signing system for accredited ISVs to clear their apps, and for corporate IT departments to get home-grown code signed.
The end result is that IT administrators can lock down the systems under their control to solely allow such signed apps to be run on Windows 10 systems, which should handle some malware problems. One presumes that the side effect for Microsoft is that more people actually use the Windows app store.
There will be more security announcements to come, and even these three systems will need some refinement. You can bet hackers are going to be honing their skills for the new challenge. ®