The innovations are several and many of them have to do with the security of the operating system itself and user data. As often happens with security issues, these are not very easy to understand (and even notice) innovations for the common user: on the one hand the enhancement of the Sandbox, on the other that of “System Guard Secure Lauch“, The management of security keys and the expansion of compatibility with Microsoft Secured-Core PC technology. The latter will actually affect one tiny part of Windows 10 users but it must be included in a long-term path that is extremely important for ensuring computer security in view of the Internet of Things (IoT) boom. Here’s what changes for Windows 10 PC security, even if users don’t see it.
Windows 10 May Update: security first
Let’s start with the Sandbox, which is not an absolute novelty: it was introduced with the 1903 update, the first half-yearly update of last year. The Sandbox is a virtual machine to safely run one reduced version and Windows 10 and test unknown and potentially dangerous apps. With the May 2020 update, this component of Windows 10 has been improved and enhanced, with the introduction of new configuration files that give the possibility to use shared folders inside it, GPU virtualization and much more. System Guard Secure Launchon the other hand, it is a useful feature to check the integrity of the firmware of the PC devices, thus ensuring that they have not been infected by a virus. With the May Update, the control becomes more thorough and rigorous. With Windows 10 2004then comes the support of FIDO2 security hardware keys “hybrid“, Based on Azure Active Directory (Azure AD).
Windows 10 May Update: the path of Secured-core PC continues
Windows 10 20H1 brings compatibility of Secured-core technology also on AMD’s Ryzen Pro 4000 processors. This technology is essentially an evolution of the previously described System Guard Secure Launch: the integrity of the firmware is checked, using a cryptographic key, but only after checking the key inserted directly into the CPU (factory). The two technologies, therefore, work in tandem: using the new hardware features of the processors of AMD, Intel and Qualcomm, Windows 10 implements System Guard Secure Launch as a requirement to protect the boot process from firmware attacks.
System Guard, after making sure that the CPU is not infected thanks to Secured-core, allows the system to access the firmware of the various devices to start the hardware, immediately after, the operating system. In an Internet of Things perspective, where more and more devices with firmware are connected to the network, all this adds a large layer of security.