Tech

Learn how to use Windows 11 protections right now in Windows 10

Published

3 years ago

on

Windows 11, slated for release in late 2021, promises to provide several security solutions that will make it an attractive option for both casual users and businesses, especially those working from home offices. However, there is no need to wait to check the protection measures taken Microsoft if you have Windows 10 – many of them are already installed on the system, but are not enabled by default.

While more specific settings, such as TPM 2.0, may depend on the age of your hardware, in general, the default security measures can be used by everyone. To do this, you need to first make sure you have a security update for October 2020 Windows 10 (20H2) installed.

Otherwise, many of the available functions will be unavailable. The update can be done either through Windows Update or using the Media Creation Tool – click here to access – with the latter option, the last major Windows 10 update from May 2021 is already installed.

After making sure that you have the correct version of the operating system installed, it’s time to activate the features. Note that you don’t have to use all of them, but enabling them provides an additional layer of security for your user experience that can save you a lot of headaches.

RPM 2.0

Trusted Platform Module (TPM) is a process cryptography integrated into motherboards. The main purpose of the device is to provide more security when starting the operating system, ensuring its integrity. Although sold separately, it is usually built into more modern equipment.

See also  NASA's Hubble Space Telescope Reaches New Milestone in Unraveling the Mystery of the Universe's Expansion Rate

To see if you have a module installed, press Windows Key + R, run the tpm.msc code and click OK. If the result is negative, this does not mean that TPM 2.0 does not exist: it may simply not be enabled, which requires access to BIOS from the motherboard – there, too, it can be identified by a different name.

Image: Screenshot / Felipe Gugelmin / Canaltech

On machines with a processor Intel, the solution may be called Intel Platform Trust Technology (PTT), and on processors AMD Ryzen is called fTPM (firmware TPM) and is software based. If none of these solutions work, you may need to purchase the TPM 2.0 component separately from manufacturers such as AsusClick here to read the full article on the topic.

Secure Boot

Another feature of Windows 11 is that Secure Boot is required by default. This option is relatively easy to activate via BIOS, but before accessing it, you can check compatibility by pressing Windows + R keys and executing msinfo32.

Image: Screenshot / Felipe Gugelmin / Canaltech

In the pop-up window, go to System Summary and look for BIOS Mode and Secure Boot Status. If secure boot is disabled, you can change this in your motherboard settings if BIOS mode is set to UEFA – what can also be changed in the component settings. Click here to find out how to properly access them on your computer.

VBS and HVCI

After TPM 2.0 is enabled, you can enable Virtualization Based Security (VBS) and Hypervisor Protected Code Integrity (HVCI) in Windows 10. To do this, go to Settings and search for Windows Security. In the window that opens, select “Device Security”.

See also  Epic Games States Struggle Towards Apple, Google A Force For 'Fair Competition'

In the main window, find the “Core Isolation” field and click on “Core Isolation Details”. Here you can enable Memory Integrity, a feature that prevents malicious code from being inserted into high-security processes. Thus, the system may be unavailable for some time while all Windows memory pages are analyzed.

Image: Screenshot / Felipe Gugelmin / Canaltech

Please note that this feature is not available for all hardware as it depends on processors that have native virtualization capabilities such as Intel VT-X or AMD-V. While virtualization has traditionally been used to improve data center performance, it can isolate areas of memory on your computer, preventing it from being exploited, for example, by old vulnerabilities.

VBS also provides code verification for all installed applications before booting, ensuring that they only run if they have valid signatures. All of these defenses occur without the need to actively act, simply by worrying about performing their actions normally.

Microsoft Defender Application Defender

Another Windows 11 security feature that is more limited in Windows 10 is Microsoft Defender Application Guard (MDAG). The feature also relies on virtualization to protect web browsing, whether it’s running on Microsoft Edge or browsers like Chrome and Firefox (which depend on an extension to use it).

To enable MDAG, open Control Panel> Programs> Turn Windows features on or off. In the window that opens, select the Microsoft Defender Application Guard option and click OK. After the process is complete, you need to restart your computer to make sure the feature is properly enabled.

Image: Screenshot / Felipe Gugelmin / Canaltech

This technology creates a kind of protective cocoon for your browser, which, if it falls victim to malware, is kept separate from your sensitive data and main processes. While it does not rely on TPM 2.0 or Secure Boot, it is currently limited as it is limited to Windows 10 Professional, Enterprise, and Education.

See also  Onedrive prepares to crash on Windows 7, 8 and 8.1

Source: Canaltech

Canaltech is not in trend:

Related Topics:
Click to comment

Trending

Exit mobile version