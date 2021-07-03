



Recall 2015 when Microsoft developer evangelist Jerry Nixon famously stated at the Microsoft Ignite Conference that year that “Windows 10 is the last version of Windows.” If not, remember that the company called it “the safest Windows ever” just before it went on sale the same year. guess what? The first statement isn’t old enough, and Windows 11 is likely to be released in October.

Microsoft is also defeating the security drum of Windows 11 and discussing and defeating it with the strongest protection against malware. However, Windows 11 claims to “raise the security baseline” to protect against the ransomware that many information security professionals are worried about.

Great Windows 11 TPM car faffle

Before we get to the Red Herring of Windows 11 ransomware, let’s deal with the security odor that has been wandering around social media and tech forums since the hardware requirements for running the next generation of Windows operating systems were revealed.

Yes, I’m talking about a great TPM car faffle. Upgrade your computer to upgrade your OS because the Trusted Platform Module (TPM) is a hardware requirement to run Windows 11, especially TPM 2.0, which replaced the previous TPM 1.2 standard in 2019. Online anger at what you need to do.

“TPM 2.0 has been built into almost every Intel and AMD processor for many years, so it’s now available for free on almost every piece of hardware,” said Chester Wisniewski, a senior researcher at Sophos.

In addition, if you are using the TPM 1.2 chip, you do not need to purchase and install a new hardware module, and you may be able to upgrade to TPM 2.0 for free with a firmware update from your computer vendor.

Microsoft has withdrawn something that is somewhat controversial, but due to the lack of detailed information provided to users, it is currently a Windows 11 compatibility checker and has the TPM 2.0 components needed to run Windows 11. You can easily check if it is. Open Device Manager,[セキュリティデバイス]Expand the options to see if there is a TPM entry.

What does the TPM do?

David Weston, Microsoft’s Director of Enterprise and OS Security, describes the TPM as follows: “The purpose is to protect encryption keys, user credentials and other sensitive data behind hardware barriers to protect malware and attackers. Accessing or tampering with that data is No. “Of course, this is already available to Windows 10 Professional users and requires TPM to use BitLocker for full disk encryption.

“It assumes that Windows 11 uses TPM to use full disk encryption by default. This is because Microsoft does not include BitLocker in Windows Home, so hardware that has been used, discarded, or stolen It’s important for security because it’s barely encrypted, “says Wisniewski. Wisniewski sees this as a big win. I also agree with Corey Nachreiner, Chief Security Officer of WatchGuard Technologies. “The use of the TPM benefits home users and improves overall device security,” he says. “By providing a secure enclave for a lot of personal information such as security keys and certificates, this should ensure that you start and verify the integrity of your operating system at load time.”

Secure boot and other security use cases provided by the TPM limit the types of attacks that can work, Nachreiner said, “making things difficult for cybercriminals.” But he also points out that it is not a panacea. “While the device is more secure, some attacks and malware will work well on TPM-protected systems.”

Windows 11 ransomware red herring

This is where the red ransomware herring enters the stage on the left. As Nachreiner says, secure boot makes it difficult for an attacker to change the operating system or tamper with certain system files. However, it does not prevent all malware and ransomware from breaking into your computer and functioning.

“It makes certain malicious persistence techniques more difficult. It prevents some, but I think it’s a mistake to say that the TPM prevents all malware and ransomware,” Nachreiner confirms.

Microsoft’s David Weston doesn’t argue so much, but “to protect future PCs from both common and advanced attacks such as ransomware, and more advanced attacks from the state, this latest We need a root of trust in our hardware. “

This, perhaps as expected, set up an information security cat among marketing pigeons. “Microsoft’s official justification for moving to TPM 2.0 is distracting,” says Mario Santana, a security fellow in threat investigations at Appgate. Santana claims that the TPM is a very poor fix to the ransomware threat.

“I can’t think of a single ransomware attack that would have been prevented by today’s common use cases for TPM,” said Santana. “Vendor-controlled desktop experiences can reduce some ransomware. There is some arguing that ransomware isn’t a big deal at the consumer level, where this kind of vendor management experience is more plausible. “

Martin Jartelius, Chief Security Officer at Outpost24, told me that Microsoft wouldn’t limit the potential installation base unless there was a good reason for the decision. “At this point, it’s more likely to be related to license bits than security bits,” Jartelius argued. “The existing PKI infrastructure with hardware-based trust roots and authentication has become a ransomware solution. It doesn’t have a big impact. “”

Indeed, it may be possible to mitigate some ransomware by detecting an inconsistent system and booting in a TPM-triggered quarantine. However, as Edgescan operations leader Michael Barragry says, this example illustrates how the TPM can help ransomware in boot scenarios, but it starts during a live scenario like this: It is unclear if there is a TPM-dependent defense process to be done. The user just accidentally downloaded the malware. “

Are you marketing more than a ransomware panacea?

Lookout Chief Strategy Officer Aaron Cockerill calls it a blue goldfish rather than a red herring. “The Hardware Root of Trust can guarantee operating system integrity and a secure boot process. This can prevent some, but not all, ways ransomware can attack your machine. This is a “necessary but not enough” measure. It removes some attack surface of the ransomware, but is not a complete guarantee against certain types of attacks, including ransomware. ”

Of course, what it does is to support Windows 11 marketing efforts. “A reference to ransomware protection in today’s climate will certainly be an important selling point for companies that draw the attention of users and are already afraid of the catastrophic threat of ransomware to their organizations,” said Talion’s threat. Intelligence analyst Natalie Page said.

When it comes to ransomware protection, the Windows 11 TPM debate requires a level of adoption that isn’t practical in my humble opinion. Illusive Director Robert Golladay agrees. “If the adoption rate of Windows 11 and TPM is the same as the adoption of Windows 10 from Windows 7, it will take years to get enough coverage to improve the security regime,” says Golladay. Meanwhile, he argues that security teams need to continue to improve security processes and controls to mitigate the effects of human-operated ransomware attacks.

John Bambenek, Netenrich’s threat intelligence advisor, concludes: However, this move does not stop the attacks that are most relevant to most consumers and businesses. TPM2.0 cannot prevent frequent abuse of PowerShell. Dirk Schrader, Global Vice President of Security Research at New Net Technologies (NNT), said, “Promoting this’security story’is, at least in part, from other security issues still lurking in Microsoft’s family. It states that it is a deviation from. The number of products and attempts to convince consumers to upgrade quickly. “

Windows 11 is gradually enhancing everyone’s security games

You see, I’m all in favor of stepping up security games, and Microsoft is doing it here. In addition, these security measures benefit not only businesses but also home users. That’s all very good. Will Windows 11 come to an end with malware, ransomware and more? No, but that’s another move in the right direction. Don’t expect “the safest Windows ever” to be a panacea for all security issues. The vulnerability will continue to occur as it did when the last “safest Windows ever” was released. As Sgt. Phil Erasmus said at Hill Street Blues (does he show his age here?) “Be careful”.

