When the Windows 10 Anniversary Update arrives Aug 2, it will include several new security features that are designed to protect data belonging to both consumers and enterprises. Among them is an expansion of Windows Hello’s biometric user authentication capabilities.
“We have fully integrated Windows Hello into one seamless stack,” Rob Lefferts, director of program management at Microsoft Windows Enterprise and Security, said in a blog post. “The integrated code base in Windows Hello will support the full range of biometric authentication factors and manage user credentials used for authentication.”
New identity protection measures will now allow organizations to set up Windows Hello on PCs that lack the cameras or biometric sensors with companion devices and apps. Once enrolled, a worker can securely access a PC using a wearable, smartphone or other device with biometrics capabilities.
Also next month, the update will move Windows Hello’s biometrics components and user biometric data into SystemContainer, a hardened environment reserved for the most sensitive parts of the Windows operating system. SystemContainer employs Virtualization Based Security (VBS), creating a secure environment by using a processor’s virtualization extensions to isolate running processes.
SmartScreen, Microsoft’s early-warning system for the Web, will be powered by Security Graph, Lefferts said. SmartScreen alerts Internet Explorer or Edge users when they are attempting to reach a site known to spew malware or host phishing scams. Security Graph uses machine learning to spot emerging threats based on security and telemetry data gathered by Microsoft.
The company is also putting a tighter leash on Adobe Flash, which has long been plagued by security vulnerabilities. Post-update, Edge will isolate “Flash outside of the browser so that attacks that target Flash vulnerabilities can be contained and are less likely to impact the browser and the rest of the system,” said Lefferts. The company is also restricting Edge’s reach, limiting the browser’s access only to Windows 10’s non-critical subsystems, he added.
An improved Windows Defender is on deck, said Lefferts, along with Windows Defender Advanced Threat Protection.
The latter, detects advanced attacks using Microsoft’s threat intelligence system and security analytics based on a blend of anonymous information from Windows devices, trillions of indexed URLs and the software maker’s own daily experiments in safely triggering a million suspicious files. Launching alongside the Anniversary update, Windows Defender Advanced Threat Protection will combine security technologies built into the Windows 10 client with a cloud service to alert administrators of possible breaches to their environments and offer recommendations on how to respond.
Upon release, Microsoft plans to kick off the Common Criteria (CC) and the Federal Information Processing Standards (FIPS) for the United States certification processes, crossing off some critical items on the checklists of IT departments operating regulated and security-conscious enterprises and a step in hastening the regional certifications abroad. Lefferts noted that the pre-update versions of Windows 10 had already been CC- and FIPS-certified.