Story image

Windows 10 security and privacy: An in-depth review and analysis

22 Jun 2016

As Windows 10 approaches its one year anniversary, it is interesting to take a look at how far the operating system has come. Microsoft has promised greater security in Windows. During the past 12 months I have been kept very busy researching and documenting Windows 10’s security, as well as its privacy issues. I have now completed a white paper on the subject: Microsoft Windows 10 Security and Privacy: An ESET White Paper.

Windows 10 represents a sea change for Microsoft: the realisation of its Windows as a Service (WaaS) strategy initiated by its predecessor, Windows 8. With WaaS, Microsoft is able to update its Windows operating system with additional features and functionality throughout its life, instead of only at service point releases or new versions.

In the past, new features and functionality have had to wait for one of these events. With Windows 10, these will now appear at various operating system “point” releases, which will occur two to three times a year, according to Microsoft.

Lest anyone think that Microsoft’s commitment to making changes to Windows in order to improve its security and privacy is mere sophistry, allow me to share my own experience over the course of writing this white paper. Of the 35 pages originally turned in, 18 had to be rewritten completely due to changes made by Microsoft after Windows 10’s release less than 12 months ago.

Despite this, I have endeavoured to provide a comprehensive analysis of Windows 10 from a security and privacy perspective, as you can see from this selection of top level section headings from the white paper. Bear in mind these are just the main sections:

  • Windows Adoption by the Numbers
  • Windows 8: The Security Story So Far
  • What's Improved in Windows 10
  • Windows Update
  • Windows Branches
  • Windows Defender
  • Defending Windows Defender
  • BitLocker
  • SmartScreen Filter
  • What's New in Windows 10
  • Conditional Access
  • Control Flow Guard
  • Device Guard
  • Virtualization-Based Security
  • Microsoft Edge
  • Microsoft Passport
  • Windows Hello
  • Windows 10 Mobile
  • Privacy
  • Cortana Search Agent
  • Government issues
  • Microsoft on Privacy

I trust this white paper will help organisations that are currently evaluating the role of Windows 10 in their operating system and security strategies. To the best of my ability I have referenced all of the information that is provided in the paper, hot-linked through the more than 120 footnotes it took to do that. 

Article by Aryeh Goretsky, distinguished researcher, ESET.

GitHub launches fund to sponsor open source developers
In addition to GitHub Sponsors, GitHub is launching the GitHub Sponsors, GitHub will match all contributions up to $5,000 during a developer’s first year in GitHub Sponsors.
Check Point announces integration with Microsoft Azure
The integration of Check Point’s advanced policy enforcement capabilities with Microsoft AIP’s file classification and protection features enables enterprises to keep their business data and IP secure, irrespective of how it is shared. 
Why AI will be procurement’s greatest ally
"AI can help identify emerging suppliers, technologies and products in specific categories."
Are AI assistants teaching girls to be servants?
Have you ever interacted with a virtual assistant that has a female-based voice or look, and wondered whether there are implicitly harmful gender biases built into its code?
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
Data#3 to exclusively provide MS licences to WA Government
The technology services provider has won two contracts with the Western Australia Government, becoming its sole Microsoft licence provider.
Why cash is no longer king in Australia
Australia is leading the way in APAC for granting credit on B2B transactions.