Windows 11 vs. past/present vulnerabilities

By JustGeorge
in Microsoft (Windows)

 Share

Recommended Posts

Grand Master

JustGeorge

Posted
Posted (edited)

This is a serious question because I really don't know. Not looking to OS bash. Wanting technical answers. 

 

What past/present vulnerabilities would've been stopped dead in their tracks by a TPM, Secureboot and the explicit cpu requirements for Win11?

Edited by JustGeorge
Veteran

+Biscuits Brown MVC

Posted
  • MVC
Posted

I don't think anyone knows 100% so I'll through these out as speculation. TPM and secure boot would be a good block against rootkit based infection so requiring these could make a system more secure.  As for CPU generation, the common thought is it has something to do with spectre/meltdown remediations but who knows. 

Grand Master

+Tantawi Subscriber²

Posted
  • Subscriber²
Posted

Well, not directly because of TPM, but if you have a TPM activated you are more likely than not to use Bitlocker drive encryption, which means no problem of data leaks if your laptop or PC gets stolen.

Grand Master

+Warwagon MVC

Posted
  • MVC
Posted
8 minutes ago, Tantawi said:

Well, not directly because of TPM, but if you have a TPM activated you are more likely than not to use Bitlocker drive encryption, which means no problem of data leaks if your laptop or PC gets stolen.

In that case make TPM a requirement if you want to use that feature, instead of forcing everyone to have it.

  • JustGeorge and Arceles
  • Like 2
Grand Master

+Tantawi Subscriber²

Posted
  • Subscriber²
Posted (edited)
12 minutes ago, warwagon said:

In that case make TPM a requirement if you want to use that feature, instead of forcing everyone to have it.

But it is available in all PCs/motherboards shipped since 2015... and what is the percentage of people caring to enable/use it? not much I'd say outside the business environments (heck, believe it or not, even some multi billion $$ companies' IT departments don't bother to encrypt their employees laptops) 

I think it is a step in the right direction, IMHO.

Grand Master

Ci7

Posted
Posted
5 hours ago, Tantawi said:

But it is available in all PCs/motherboards shipped since 2015... and what is the percentage of people caring to enable/use it? not much I'd say outside the business environments (heck, believe it or not, even some multi billion $$ companies' IT departments don't bother to encrypt their employees laptops) 

I think it is a step in the right direction, IMHO.

stuck with perfectly fine i7 5930/X99 motherboard with TPM 1.3 Connector :(

 

 

Grand Master

+Tantawi Subscriber²

Posted
  • Subscriber²
Posted (edited)
36 minutes ago, JustGeorge said:

What about ransomware? Any additional defenses against that scourge?

Partially, see: https://www.microsoft.com/security/blog/2017/06/29/windows-10-platform-resilience-against-the-petya-ransomware-attack/?source=mmpc where Secure Boot can help stop the encryption process if the computer rebooted shortly after infection. Plus other measures.

And while such protection is totally possible to have with Windows 10, the keyword here is to "enforce it" with Windows 11.

  • Ci7 and JustGeorge
  • Like 2
Grand Master

goretsky Supervisor

Posted
  • Supervisor
Posted

Hello,

A couple of attack styles come to mind:

  • Some of the initial round of speculative execution attacks, i.e., first generation of Spectre and Meltdown.
  • malicious software that infects firmware, such as Mebromi and perhaps even Lojax.

Please keep in mind this is strictly off the top of my head.  I was thinking more about types of attacks that might be blocked a completely working set of TPM + SecureBoot + modern processors with fully-patched microcode.

 

Regards,

 

Aryeh Goretsky

 

Grand Master

George P Global Moderator

Posted
  • Global Moderator
Posted

When it comes to the topic of TPM and Windows everyone talks about bitlocker, but I'm pretty sure that's not the only thing Windows uses/needs TPM for.   Maybe someone should make a detailed list, if MS doesn't have one already.  

Grand Master

+Tantawi Subscriber²

Posted
  • Subscriber²
Posted
1 hour ago, George P said:

When it comes to the topic of TPM and Windows everyone talks about bitlocker, but I'm pretty sure that's not the only thing Windows uses/needs TPM for.   Maybe someone should make a detailed list, if MS doesn't have one already.  

https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/trusted-platform-module-overview#practical-applications

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • An actual cosmic "Eye of Sauron" had been looking straight at us all along

      By hellowalkman · Posted

      yep, thanks!
    • WebChangeMonitor 26.06

      By Copernic · Posted

      WebChangeMonitor 26.06 by Razvan Serea Monitors allows you to quickly check a number of web pages and tracks changes based on the content of the web pages. Allows to monitor several protocols, including HTTP and HTTPS. Allows to view and record differences. Available for Win7/10, Linux and others. WebChangeMonitor features: Allows monitoring of web pages and informs about content changes Indication of states of currently monitored items in the tool and taskbar Reporting as sound and/or email as well as log file or HTML log Several configuration / filter options Support all protocols, e.g. http, https Multi-threaded, running in the background Bulk-import and bulk-export of items (from/to CSV) to monitor Export of results to CSV file for further processing Allows running command on items states and/or showing diff (changes) of content with preferred diff-tool ...and many more! Open Source (C++, wxWidgets) Cross platform for Windows (7/10), Linux, RPi and Mac (if self-compiled) WebChangeMonitor 26.06 release notes: Release 26.06 brings mostly s but updates the underlying core infrastructure. A major compiler is used for both x86/x64 and WoA64 architectures. This also means that all core libraries are re-compiled accordingly which required some changes in the build scripts. One of the core libraries (cURL) has been updated to address vulnerabilities and a nasty linker error that was causing the need for a dedicated patch which could now be eliminated. Download: WebChangeMonitor 64-bit | Setup 64-bit | ~10.0 MB (Open Source) Download: WebChangeMonitor 32-bit | Setup 32-bit View: WebChangeMonitor Website | Other Operating Systems | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • BATorrent 3.0.4

      By Copernic · Posted

      BATorrent 3.0.4 is out.
    • Microsoft resumes forced Copilot app installation on some Windows PCs

      By contevo · Posted

      yea they change their app to high-system app so you can't disable with adb or within android, you gotta get root be able to do disable this high-system app now if you have locked down boot loader you screwed. samsung started locking down their store and their account app extremely annoying, account constantly nagging you to sign in... i disable all ai core apps and especially gemini since you can't uninstall anymore. i hope some day someone will present a bill force this companies quit locking down this damn phone especially the apps...
    • Ladybird Browser is no longer accepting outside contributions thanks to AI

      By fishnet37222 · Posted

      It's basically the only web browser project not controlled by a major corporation.

  • Recent Achievements

    • Dedicated
      Mark Spruce earned a badge
      Dedicated
    • Collaborator
      conkir earned a badge
      Collaborator
    • Rising Star
      olavinto went up a rank
      Rising Star
    • One Month Later
      lamborghiniv10 earned a badge
      One Month Later
    • Week One Done
      lamborghiniv10 earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      482
    2. 2
      PsYcHoKiLLa
      257
    3. 3
      Steven P.
      74
    4. 4
      Skyfrog
      69
    5. 5
      +Edouard
      69
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!