Microsoft has been falling behind in adding strong security features to its browsers and operating systems for all of its users -- for consumers, only Windows 7 Ultimate and Windows 8.1 Pro even support Bitlocker disk encryption, for example. Things may change a little with Windows 10, which promises to add three new security technologies: two-factor authentication, file containerization and app signing.
These are all features that have existed in other operating systems such as Android, iOS, Mac OS X and Linux for years, but it's good to see Microsoft working to bring them to Windows 10, too. Microsoft's Windows operating system is still highly popular on PCs, so adopting better security is going to benefit hundreds of millions of users in the future.
The adoption of two-factor authentication seems to have sped up lately. Some sites have supported it for a while, but it probably didn't attract mainstream attention until the recent hacking of many celebrities' iCloud accounts. Two-factor authentication would have protected most, if not all, of those celebrities from the hacks.
Google has had two-factor authentication for a long time, and not just through SMS, but also through its Google Authenticator app (which actually provides better security than SMS-based systems). The company further improved on this yesterday with the announcement of support for FIDO's U2F open standard and adoption of USB Security Keys for two-factor authentication.
In fact, Microsoft's two-factor authentication solution is also likely to be based on FIDO's interoperable open standards, which include support for biometrics such as fingerprint scanning, voice recognition and possibly face recognition. It seems Microsoft will likely choose the default to be two-factor authentication based on your phone.
It's unclear right now whether that means SMS-based two-factor authentication or authentication through Bluetooth/NFC. Authenticating through NFC is likely to be a more secure option, as the pairing happens locally (at a much shorter range than Bluetooth) instead of sending you a code through a not-so-secure medium (ie., a cell network). SMS-based systems are also likely to fall prey to phishing-like attacks by tricking users into installing malware through SMS and then getting their SMS codes to log into apps or services.
Microsoft also wants to add file containerization for each file. This sounds similar to what Linux, Android and iOS have had for quite a while. This should greatly reduce the type of damage malware can do to a system, but it will depend on Microsoft how strict those containers will be for each file by default, and how much control a user will have to further restrict their permissions. Microsoft also said this system will better protect VPN connections.
Another feature that has existed for years on iOS, Android (since version 4.1) and Mac OS X (since Apple introduced the Mac App Store), is app signing. This should also greatly reduce the number of malware-infected applications that can be installed on Windows. However, this system will only apply to apps from the Windows store.
Microsoft seems to mention files being encrypted and working with the TPM module (which will likely help keep the keys safe from being stolen by a virus or hacker), but it's not clear whether the company also intends to add the same kind of out-of-the-box encryption that iOS 8 and Android 5 adopted recently, or if it's only referring to optional encryption.
Windows, Android and iOS are the three most popular computing platforms in the world right now. Those last two have already adopted encryption by default, so Microsoft is the only one left without it. There is still at least half a year before Windows 10 will be ready to ship, so hopefully, Microsoft is planning to adopt default encryption by then.
Follow us @tomshardware, on Facebook and on Google+.
It'd be cool if Microsoft could add the option to press F8 to get to safe mode on boot ike in Windows 7 because they removed that in Windows 8 & it can be a pain in the butt to e.g. uninstall graphics drivers.
I'd also be interested in comparing the amount of vulnerabilities in Chrome/Android and IE/Windows 8.1. This article stinks of hipster hate for MS.
In addition, by default, NO .exe or .dll or other binary program should be executable in the context of any limited-privilege account, meaning that all binary software MUST first be installed from a superuser account for the system to use as a whole. It will also most likely be necessary to prevent even non-binary programs from running in the user-context without explicitly granting them permission.
That would solve about 99.999% of the malware problems and until that is done everything else is just adding additional ineffective security band-aids on top of a whole pile of other, older, ineffective security band-aids.
Furthermore, my experience with those piles of security band-aids is that malware finds a way around them every time, and then those "security" band-aids turn into major impediments for removing the malware. In other words, the security measures don't block the malware, but does block the sys admin efforts.
In addition, by default, NO .exe or .dll or other binary program should be executable in the context of any limited-privilege account, meaning that all binary software MUST first be installed from a superuser account for the system to use as a whole. It will also most likely be necessary to prevent even non-binary programs from running in the user-context without explicitly granting them permission.
That would solve about 99.999% of the malware problems and until that is done everything else is just adding additional ineffective security band-aids on top of a whole pile of other, older, ineffective security band-aids."
LMAO ever heard of a domain?
The OP said "by default". The average computer user has no clue what a domain is, why they should be using one on a single user home computer, and wouldn't even if they understood it. It's not convenient.
That's why he says "by default". In other words, the way a more secure operating system should have been to begin with! Microsoft is particularly bad about circumventing their own security layers with their APIs and programs and marketing them as 'convenience features'.
They took VMS concepts and dumbed them down to the point where they became essentially meaningless. That's not entirely the developer's fault as Microsoft's marketing group called the shots for years instead of good coding practice. Now their code fiefdoms no longer work together for fear of stepping on egos and Windows, along with other Microsoft software, are lagging behind in what could otherwise have been a well performing well designed system. That's from the mouth of a Microsoft Windows developer.
@az_fred-win 10 is win 8.2 only under a different name. True is more appealing than 8.1 but it still shows lack for card reader support. I agree with the quickness of the system but the mail and skype interfaces could use some improvement.