Microsoft has fortified the latest version of Windows to make it more secure than previous editions, but the strongest protections will be available only to those willing to pay a steep price for them.
Windows 10 Anniversary Update has introduced many mitigation techniques in core Windows components and the Microsoft Edge browser, helping protect customers from entire classes of exploits for very recent and even undisclosed vulnerabilities, Matt Oh and Elia Florio of Microsoft's Windows Defender ATP Research Team wrote in an online post last week.
Countering unidentified vulnerabilities -- also known as "zero day" vulnerabilities -- is particularly important because they are a powerful tool used to penetrate systems and steal data by attackers, especially those working for nation-states.
Rather than focus on a single vulnerability, Microsoft is focusing on mitigation techniques that counter classes of exploits, Oh and Florio explained.
"As a result, these mitigation techniques are significantly reducing attack surfaces that would have been available to future Zero-Day exploits," they wrote.
Paying for Protection
For the most effective post-breach protection, customers should sign up for Windows Defender ATP, Oh and Florio suggested, a service that is available only to users of Windows Enterprise E5. That appears to be a departure from how Windows security was treated in the past, observed Michael Cherry, an analyst with Directions on Microsoft.
When Microsoft launched its Trustworthy Computing initiative in 2002, there was a commitment to making all versions of Windows equally secure, he recalled.
"Now, what Microsoft is saying in a subtle way," Cherry told TechNewsWorld, is that "to be the most secure on Windows, you should be using Windows Defender Advanced Threat Protection -- but we're saving that for our best customers, our customers willing to pay for the enterprise edition. That's a big change that's happening in Windows security."
What Users Get
Nevertheless, the security improvements in the new Windows 10 Anniversary Update are worthwhile for consumers. "This is great news for users," said Jerome Segura, a senior security researcher for Malwarebytes.
"Microsoft is addressing zero days and exploits in general by sandboxing a lot of the components in the operating system," he told TechNewsWorld.
Sandboxing is a technique used to isolate activity in a space where it can be observed without affecting its surroundings. If it behaves badly in the sandbox, then it won't be allowed to play with the other parts of a system. Sandbox techniques were used in Windows 10 to neutralize an exploit that used corrupt fonts to gain escalated privileges on a system, Microsoft's Oh and Florio explained. Escalated privileges allow an intruder greater freedom to roam and access data on a network.