On Tuesday, April 5, Microsoft unveiled new Windows 11 security features that are due to arrive this year. Most of them will be installed by default to reduce the burden on security professionals.

Phishing Protection

Microsoft Defender SmartScreen will offer improved phishing detection that will alert users when they enter their Microsoft credentials into a malicious app or site. While anti-phishing protection was previously offered only for browsers, now Microsoft is bringing it to the operating system level for the first time. This means that every single application will now be protected.

This feature will also allow Microsoft to notify a user's security team when they are the victim of a successful phishing attack.

Stopping Malware

Microsoft plans to introduce Smart App Control, a new feature in Windows 11 that will prevent malicious apps from being installed. Only applications with a cryptographic signature will be allowed to run.

It uses a concept that Microsoft rolled out back in Windows 10S. But there, it did not allow you to run any applications that are not in the Microsoft Store. However, many users wanted to be able to run third-party applications. Smart App Control solves this problem. Now it will be possible to run any applications that have a cryptographic signature. If the developer is unknown, such an application will not be launched.

As a result, 99% of the applications that users want to run will work. What will be blocked is most likely malware.

Starting with the Windows 11 Annual Update 2022, Smart App Control will be automatically enabled on new devices. To use this feature on other devices, you will need to perform a fresh install of Windows 11.

Virtualization-Based Security

Other security enhancements include the increased availability of Virtualization-Based Security (VBS), enabled by default with the Windows 11 Annual Update 2022.

In the initial version of Windows 11, only the latest processors could support VBS by default, but in the next version, virtualization-based security will be enabled for every compatible processor.

Virtualization-based security includes several key features. This includes Hypervisor Protected Code Integrity (HVCI), which prevents dynamic code injection into the Windows kernel, as has happened in past attacks, including WannaCry.

VBS will also allow two new security features to run automatically. Credential Guard is a feature that uses VBS to protect against credential theft, such as hash sharing, and malware access to system secrets. The second new feature provides additional security for the Local Security Authority (LSA) process by ensuring that the process only downloads signed code.

New Encryption Feature

Windows 11's additional security feature, Identity Encryption, will serve as a second layer of encryption after BitLocker. This second level is file specific and will be tied to Windows Hello user credentials. If an attacker somehow manages to bypass BitLocker, these files will still remain encrypted.

Microsoft also reminded about a security feature that was not previously discussed by the company, but was actually available in Windows 11 from the very beginning. This is a configuration lock feature that automatically restores the system to the desired security settings if they have been changed by the user or administrator.

Configuration Lock provides another layer of protection in the event of an unexpected device state change and, most importantly, helps relieve some of the burden on security and IT professionals.

Security Chip

Microsoft is also announcing the commercial launch of its Pluton security processor next month. It has a number of advantages which include automatic firmware updates. Pluton will be available in select devices from vendors, including Lenovo, for PCs with AMD or Qualcomm processors.

For devices with the Pluton security chip, firmware updates will be delivered via Windows Update and will not require manual intervention.

bbabo.Net