Microsoft's move to Windows 10 continues with a release of a new build of the operating system and announcements of what the company has planned to make Windows more secure and easier to administer. In addition, Microsoft has released a new build of its Windows 10 Technical Preview, making good on its promise to keep users updated on its plans.
The new security plans were announced in a blog entry by Microsoft's Jim Alkove, who heads the Windows enterprise program management team. Alkove stated that Microsoft is concerned about the growing number of security breaches enterprise users are experiencing and wants to make Windows 10 much more able to resist such breaches.
"We're seeing network breaches resulting from techniques as simple as username and password theft. In a couple of recent cases, hackers infiltrated Fortune 500 companies using stolen usernames and passwords, which gave them access to point-of-sale systems and the credit card data being processed with them," he said.
But Alkove noted that the security breaches aren't just the province of cyber-criminals. "Even well-intended employees represent a substantial risk that requires mitigation," he said, pointing to studies in which even senior managers admit to uploading sensitive information to personal email or cloud accounts.
To combat these problems, Alkove said that Windows 10 will include a number of built-in security protections he thinks will help reduce the problem of such breaches. These include multi-factor authentication, which will be part of Windows, rather than done as an add-on application. While Alkove wasn't specific in exactly how this might work, he did say that Windows will be able to use the device itself as a security authentication factor.
Presumably using the device as one of the factors would mean that Windows is able to take a fingerprint of the device, and would be able to enroll new devices as needed. These factors would generate security tokens within Windows, and those tokens would exist in a secure container that would run on top of Hyper-V technology.
The idea of using security that runs outside the virtualized environment is somewhat akin to a feature in the physical universe that exists in a fifth spatial dimension, and thus can see what goes on inside, but can never be reached by anything not existing in the same dimensions. This same idea is one of the latest ideas in security because it prevents the common approach by malware writers of first disabling the security before taking over the machine.
But, of course, the device as authentication factor isn't enough on its own because the loss or theft of such a device would render the authentication useless, so a second factor would then be a PIN or perhaps a biometric factor, such as what Apple uses as part of its authentication process in Apple Pay. Either of those would be useful, and it's entirely possible to incorporate both methods as necessary.
Microsoft is also working on security that attaches to information. This means that you could protect specific items, perhaps a document or a data file, so that it can only be accessed after providing the correct security profile, regardless of whether the information resides on the computer where it was created, or whether it is in transit or is located on another device. This feature includes automatic encryption provided by Windows 10.