Story image

Windows 10 security and privacy: An in-depth review and analysis

22 Jun 16

As Windows 10 approaches its one year anniversary, it is interesting to take a look at how far the operating system has come. Microsoft has promised greater security in Windows. During the past 12 months I have been kept very busy researching and documenting Windows 10’s security, as well as its privacy issues. I have now completed a white paper on the subject: Microsoft Windows 10 Security and Privacy: An ESET White Paper.

Windows 10 represents a sea change for Microsoft: the realisation of its Windows as a Service (WaaS) strategy initiated by its predecessor, Windows 8. With WaaS, Microsoft is able to update its Windows operating system with additional features and functionality throughout its life, instead of only at service point releases or new versions.

In the past, new features and functionality have had to wait for one of these events. With Windows 10, these will now appear at various operating system “point” releases, which will occur two to three times a year, according to Microsoft.

Lest anyone think that Microsoft’s commitment to making changes to Windows in order to improve its security and privacy is mere sophistry, allow me to share my own experience over the course of writing this white paper. Of the 35 pages originally turned in, 18 had to be rewritten completely due to changes made by Microsoft after Windows 10’s release less than 12 months ago.

Despite this, I have endeavoured to provide a comprehensive analysis of Windows 10 from a security and privacy perspective, as you can see from this selection of top level section headings from the white paper. Bear in mind these are just the main sections:

  • Windows Adoption by the Numbers
  • Windows 8: The Security Story So Far
  • What's Improved in Windows 10
  • Windows Update
  • Windows Branches
  • Windows Defender
  • Defending Windows Defender
  • BitLocker
  • SmartScreen Filter
  • What's New in Windows 10
  • Conditional Access
  • Control Flow Guard
  • Device Guard
  • Virtualization-Based Security
  • Microsoft Edge
  • Microsoft Passport
  • Windows Hello
  • Windows 10 Mobile
  • Privacy
  • Cortana Search Agent
  • Government issues
  • Microsoft on Privacy

I trust this white paper will help organisations that are currently evaluating the role of Windows 10 in their operating system and security strategies. To the best of my ability I have referenced all of the information that is provided in the paper, hot-linked through the more than 120 footnotes it took to do that. 

Article by Aryeh Goretsky, distinguished researcher, ESET.

Veeam expands cloud data management capabilities for IBM, AWS and Azure
The new capabilities supposedly deliver cost-effective data retention, easy cloud migration and data mobility.
Schneider Electric edge technology implemented at Tuggeranong Office Park
“The new system at Tuggeranong Office Park provides market-leading solutions to the entire facility."
Silver Peak hits big four with Google Cloud agreement
Silver Peak is the only SD-WAN vendor to partner with all four leading public cloud providers – Amazon, Google, Microsoft and Oracle.
Comms providers hit by most DDoS attacks in Q3 2018
New data indicates attackers preyed on the large attack surface of ASN-level communications service providers with a ‘bit-and-piece’ approach.
MNF Enterprise brings calling to MS Teams
Businesses can now use Microsoft Teams for local and international phone calling from their computer or device.
Survey reveals CX disconnect is risky business
Too much conversation and too little action could lead companies to neglect, lose, and repel their very lifeblood, according to Dimension Data.
Should AI technology determine the necessity for cyber attack responses?
Fujitsu has developed an AI that supposedly automatically determines whether action needs to be taken in response to a cyber attack.
Microsoft Azure ExpressRoute launches in Perth
This new ExpressRoute location will offer Perth organisations a direct and private connection to their Microsoft cloud services.