The new Windows 11 is just around the corner. Bitdefender examined how the new standard operating system fares in terms of cybersecurity.
Windows 10 from Microsoft was the market-leading operating system on most personal computers in the world for a proud seven years – only its popular predecessor Windows XP lasted longer. Well, in 2021, the time has come: Microsoft have announced the successor to the top dog. Windows 11 will land on digital sales shelves towards the end of 2021 and should replace variant 10 by its “End of Support”, ie the point in time in 2025 when further update support will be switched off. The feedback from the early beta testers has so far been generally positive, even if Microsoft’s communication policy has been criticized with regard to the minimal PC requirements.
However, one of the most important questions is: How secure is Windows 11? Will it bring better, more stable and more intelligent cybersecurity features than its predecessor and make life even more difficult for online crooks? We researched and summarized the facts.
Security through exclusion
First of all, it must be noted that Windows 11 is the first Microsoft operating system that no longer supports pure 32-bit architectures. Many very old machines are already falling out. In addition, the manufacturer stated that at least an eighth generation Intel processor or an AMD counterpart of the Zen 2 series is required. While the former were introduced in 2017, the latter came on the market in 2019. Windows 11 also wants at least 4 GB of RAM and 64 GB of hard disk space – so version 11 will not run at all on some old-fashioned PCs, which, purely because of this, have security leaks. It is not uncommon for old devices to be excluded from updates, and unfortunately it is often necessary to actually guarantee a certain minimum level of protection. We’ll come back to the point with the minimum CPUs later.
According to some media releases, Microsoft is running a so-called “zero trust policy” with Windows 11. This is a big step towards tighter user control. Under this policy, no single user can log on in a simplified manner or move within the operating system or network without regularly validating his access. What sounds strict is unfortunately necessary in times of secretly contaminated USB sticks and ingeniously hidden malware and may mean a loss of time in large-scale applications such as business or factory installations, but also a massive gain in security.
It’s all in the mix
According to Microsoft, existing protection mechanisms are also pushed on Windows 11 and the requirements for compatible hardware are increased. “Secure Boot” against malware that is already active before Windows is started and therefore cannot be recognized by the operating system is now becoming the standard. In connection with other features such as “virtualization-based security”, up to 60 percent more malware could be blocked in manufacturer tests.
No more refilling
The so-called “side-channel attacks” are particularly perfidious. These are cyber attacks that are carried out based on secondary information about the targeted system. So this is not, as usual, the type of operating system or the installed protection, but much more in-depth data such as memory leaks or the power consumption of the system. Such attacks are particularly widespread in large computer networks at international companies. This is where experts see the reason for the minimum requirements for processors mentioned above: Older variants would have massively simplified such “side-channel attacks”.
Protection for everyone: Bitdefender Total Security.