Lately, millions of PCs all over the world have been regularly displaying a Microsoft notification reading, in essence: “Dear users, how about if you upgrade to Windows 10?” Sometimes, the message is not even that subtle: “Your operating system will be upgraded to Windows 10 on [date here].” Such messages pop up on all computers operating legitimate copies of Microsoft Windows 7 or Windows 8, leading many users to ask a rather sensible question: “Should I upgrade to the new operating system?”
Long story short: You should upgrade, at least because Windows 10 is much more secure than previous versions. At the same time, it’s still essential to install good third-party protection. Now, let us tell you why.
Why upgrade? In a nutshell, it is always a good idea to update software. Newer operating systems include patches to vulnerabilities discovered in the previous versions, as well as new security features. As for Windows 10, it has a handful of those. Let’s discuss the key ones.
New security features in Windows 10
Among its new features, Windows 10 includes two important technologies designed to simultaneously simplify user identification and boost security. For user identification, Windows Hello employs a camera and a fingerprint scanner. We have already explained why biometric authentication is not a cure-all, but those biometry-based technologies in Windows Hello can be combined with the usual password-based protection; when used together, both technologies offer a much higher level of security than if used separately.
Besides, Windows Hello supports a wider selection of biometric devices. For example, it can work with infrared (IR) cameras, which cannot be tricked by a picture of the legitimate user.
— Kaspersky Lab (@kaspersky) March 20, 2015
Another new technology, Microsoft Passport, can tie a certain device to a PIN code or Windows Hello. For example, a user can register a laptop or a Windows Phone–based smartphone in the system. Then, to unlock the laptop, a user can just position a preset smartphone and swipe the fingerprint scanner. Voilà, you are in, no password required!
Another important element in the protection system prevents attempts to brute-force the password or trick Windows Hello. A feature called BitLocker locks the device after a set number of unsuccessful attempts and then requires an uncrackable 48-symbol password, which BitLocker generates on setup.
By the way, BitLocker is sufficiently up to date in Windows 10. As before, it relies on Trusted Platform Module (TPM) — a purpose-built integrated chip used for encryption and as storage for the most critical data — which is used in the latest devices. Besides encrypting data on all drives, even external ones, BitLocker checks the data integrity.
In other words, even if someone managed to get access to the storage and modify it, the drive would not load. Also, a user may enable a PIN code, which will then be required to boot the system.
Windows 10 now has very sophisticated protection mechanisms. The protection is active even on the bottom layer: Unified Extensible Firmware Interface (UEFI), firmware that boots before the operating system, now has a digital signature. When the system starts, it checks the integrity of the firmware, so malefactors cannot modify it.
UEFI updates should also have a digital signature, whereas settings can be modified only by a user. The OS loader has a digital signature, as well as kernel components and drivers. Therefore, the system boots only if all components have valid digital signatures.
Some of those options can be disabled, but Microsoft is going to enable them by default over time. That approach is not novel: Third-party solutions such as Kaspersky Antivirus for UEFI also use such methods when working with critical data.
Moreover, Windows 10 uses Control Flow Guard (CFG) technology to place restrictions on where an application can execute code from. By doing so, it protects the system against certain memory corruption techniques, such as buffer overflow or code spoofing, as well as against attacks on zero-day vulnerabilities. Windows 10 modules use CFG, but it is also available to third-party developers via Microsoft Visual Studio 2015.
You still need specialized protection!
In general, Microsoft has made significant progress in making Windows more secure: In that respect, Windows 10 is much better that its forerunners. However, it’s not a reason to neglect third-party security solutions.
Why is that so? The answer is simple: Windows is still the most popular operating system in the world. With Microsoft very actively pushing users toward the Windows 10 upgrade, the latter has solid chances of becoming the most popular operating system ever. That’s why criminals will definitely seek out vulnerabilities in Windows 10 and use them to create new malware. And that’s where third-party products come into play.
To upgrade or not to upgrade?
…That’s not the question: We recommend upgrading to Windows 10. The new operating system is much more secure than older versions. However, we urge you to use a dedicated security solution as well.
To avoid software conflicts when upgrading to Windows 10, we recommend you download and install the latest versions of the Kaspersky Lab products you use.
Our latest software, as of late spring 2016, is fully compatible with Microsoft’s new system. Kaspersky Internet Security 2016, Kaspersky Total Security 2016, and other flagship offerings, and even free utilities such as the Kaspersky Virus Removal Tool, work smoothly on Windows 10. So, go for the upgrade, but don’t forget to update your security products as well.