MICROSOFT_PRESS_EBOOK_INTRODUCING_WINDOWS_10
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
More Info For more details about these and other Group Policy settings, see Chapter 15,<br />
“Group Policy in Windows <strong>10</strong>.”<br />
Security enhancements<br />
The cat-and-mouse game between online criminals and computer security experts affects every popular<br />
software product. Microsoft’s commitment to securing Windows is substantial, and it includes some<br />
groundbreaking advanced features. As part of the ongoing effort to make computing safer, Windows 8<br />
introduced major new security features, Windows 8.1 added still more improvements, and Windows <strong>10</strong><br />
ups the ante yet again.<br />
The most significant new Windows <strong>10</strong> security feature involves a major improvement in authentication,<br />
based on biometric factors.<br />
On Windows <strong>10</strong> devices that include the appropriate hardware, two new features will significantly<br />
ease the process of authenticating to the device and to online services:<br />
■■<br />
Windows Hello This feature uses biometric authentication—facial recognition, an iris scan,<br />
or a fingerprint—to unlock devices. The technology is significantly more advanced than existing<br />
biometric methods that are supported for basic authentication in Windows 8.1. For example,<br />
Windows Hello requires an infrared-equipped camera to prevent spoofing identification using<br />
a photograph.<br />
Enabling Windows Hello requires enrolling a Windows <strong>10</strong> device (PC, tablet, or phone) as<br />
trusted for the purposes of authentication. In that scenario, the enrolled device itself works as<br />
an additional proof of identity, supporting multifactor authentication.<br />
■■<br />
Microsoft Passport The second feature is based on a new API that works in conjunction<br />
with biometric authentication on an enrolled device to sign in to any supported mobile service.<br />
The Passport framework allows enterprise IT managers, developers, and website administrators<br />
to provide a more secure alternative to passwords. During the authentication process, no<br />
password is sent over the wire or stored on remote servers, cutting off the two most common<br />
avenues for security breaches.<br />
Windows <strong>10</strong> also leverages security features found in modern hardware (and originally enabled<br />
in Windows 8 and Windows 8.1) to ensure that the boot process isn’t compromised by rootkits and<br />
other aggressive types of malware. On devices equipped with the Unified Extensible Firmware Interface<br />
(UEFI), the Secure Boot process validates and ensures that startup files, including the OS loader,<br />
are trusted and properly signed, preventing the system from starting with an untrusted operating<br />
system. After the OS loader hands over control to Windows <strong>10</strong>, two additional security features are<br />
available:<br />
■ ■ Trusted boot This feature protects the integrity of the remainder of the boot process, including<br />
the kernel, system files, boot-critical drivers, and even the antimalware software itself. Early<br />
Launch Antimalware (ELAM) drivers are initialized before other third-party applications and<br />
12 CHAPTER 1 An overview of Windows <strong>10</strong>