Windows 11 vs. past/present vulnerabilities


 Share

Recommended Posts

Posted (edited)

This is a serious question because I really don't know. Not looking to OS bash. Wanting technical answers. 

 

What past/present vulnerabilities would've been stopped dead in their tracks by a TPM, Secureboot and the explicit cpu requirements for Win11?

Edited by JustGeorge
Link to comment
Share on other sites

I don't think anyone knows 100% so I'll through these out as speculation. TPM and secure boot would be a good block against rootkit based infection so requiring these could make a system more secure.  As for CPU generation, the common thought is it has something to do with spectre/meltdown remediations but who knows. 

Link to comment
Share on other sites

Well, not directly because of TPM, but if you have a TPM activated you are more likely than not to use Bitlocker drive encryption, which means no problem of data leaks if your laptop or PC gets stolen.

Link to comment
Share on other sites

8 minutes ago, Tantawi said:

Well, not directly because of TPM, but if you have a TPM activated you are more likely than not to use Bitlocker drive encryption, which means no problem of data leaks if your laptop or PC gets stolen.

In that case make TPM a requirement if you want to use that feature, instead of forcing everyone to have it.

  • Like 2
Link to comment
Share on other sites

Posted (edited)
12 minutes ago, warwagon said:

In that case make TPM a requirement if you want to use that feature, instead of forcing everyone to have it.

But it is available in all PCs/motherboards shipped since 2015... and what is the percentage of people caring to enable/use it? not much I'd say outside the business environments (heck, believe it or not, even some multi billion $$ companies' IT departments don't bother to encrypt their employees laptops) 

I think it is a step in the right direction, IMHO.

Link to comment
Share on other sites

5 hours ago, Tantawi said:

But it is available in all PCs/motherboards shipped since 2015... and what is the percentage of people caring to enable/use it? not much I'd say outside the business environments (heck, believe it or not, even some multi billion $$ companies' IT departments don't bother to encrypt their employees laptops) 

I think it is a step in the right direction, IMHO.

stuck with perfectly fine i7 5930/X99 motherboard with TPM 1.3 Connector :(

 

 

Link to comment
Share on other sites

18 minutes ago, Ci7 said:

stuck with perfectly fine i7 5930/X99 motherboard with TPM 1.3 Connector :(

 

 

1.2?

Link to comment
Share on other sites

Posted (edited)
36 minutes ago, JustGeorge said:

What about ransomware? Any additional defenses against that scourge?

Partially, see: https://www.microsoft.com/security/blog/2017/06/29/windows-10-platform-resilience-against-the-petya-ransomware-attack/?source=mmpc where Secure Boot can help stop the encryption process if the computer rebooted shortly after infection. Plus other measures.

And while such protection is totally possible to have with Windows 10, the keyword here is to "enforce it" with Windows 11.

  • Like 2
Link to comment
Share on other sites

1 hour ago, adrynalyne said:

1.2?

 

i think so

Link to comment
Share on other sites

Hello,

A couple of attack styles come to mind:

  • Some of the initial round of speculative execution attacks, i.e., first generation of Spectre and Meltdown.
  • malicious software that infects firmware, such as Mebromi and perhaps even Lojax.

Please keep in mind this is strictly off the top of my head.  I was thinking more about types of attacks that might be blocked a completely working set of TPM + SecureBoot + modern processors with fully-patched microcode.

 

Regards,

 

Aryeh Goretsky

 

Link to comment
Share on other sites

When it comes to the topic of TPM and Windows everyone talks about bitlocker, but I'm pretty sure that's not the only thing Windows uses/needs TPM for.   Maybe someone should make a detailed list, if MS doesn't have one already.  

Link to comment
Share on other sites

1 hour ago, George P said:

When it comes to the topic of TPM and Windows everyone talks about bitlocker, but I'm pretty sure that's not the only thing Windows uses/needs TPM for.   Maybe someone should make a detailed list, if MS doesn't have one already.  

https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/trusted-platform-module-overview#practical-applications

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.