The release of a new operating system is an usual scenario for IT pros. The release of Windows 10 is no exception to that, but the way of distribution experimented by Microsoft has certainly changed.
For the first time in the history of the OS from Redmond, users of the previous of Windows (7, 8 and 8.1) can download and install for free the upgrade to Windows 10, naturally maintaining an equivalent version to the one previously installed (ie. 7 Professional becomes 10 Pro) and related license. However the insistent distribution method has beared a certain dissatisfaction amongst users and professionals. This feeling is also emphasized by the integration of the Windows 10 update straight into Windows Update (which results in an automated installation in most cases) and by the pounding notification campaigns for non-updated computers.
But things are about to change, and starting from July, 29th, the update will no longer be available for free, favouring the traditional purchase of the complete OS available in different versions. As it often happens with new releases, Windows 10 in this months has been subject to several important updates, required in order to increase stability and, in some cases, to integrate features: one of the next important updates, which will be release on August, 2nd, will be the Anniversary Update.
Key features include the Windows Hello expansion (a fingerprint authentication service) for Windows apps and Microsoft Edge, the introduction of Cortana (the infamous vocal assistant) and Universal Windows Platform (the Microsoft platform for unified app development for the mobile and desktop world, introduced with Windows 8).
News about security
Microsoft has taken a particular care about security in the development of the new operating system, as it shows the integration of the Windows Defender Advanced Threat Protection service, conceived to help businesses and companies to identify attacks on their networks. It is not commercially available yet, but it has been widely tested with groups of selected users that have access to the preview channel.
The updates are copious, some have introduced brand new features, some other regard features available since a long time.
Let’s shortly check them.
Device Guard
Device Guard is a system for the control of application on a certain machine, with which Windows 10 allows the execution only for trusted applications. It’s aimed to Enterprise-tier clients and it works with two distinct Code Integrity Services: one on a user level controlling signed applications based on policies (which can be managed), and another one on a kernel level in a container separated from Windows 10 and managed by a dedicated hypervisor. Given the deeply integrated nature of the operating system, Device Guard works only with specific requirements, like Windows Enterprise version, UEFI 2.3.1 versions or higher and Secure Boot enabled.
Credential Guard
Credential Guard is a brand new technology in Windows environments which has been conceived to protect the access to credentials on machines used for administration purposes. Credential Guard creates a dedicated and protected virtualized space to store categorized information about credentials.
Enterprise Data Protection
EDP allows to secure business data stored on devices, as well as users data (in a BYOD scenario), by means of ciphering. Enterprise Data Protection can be used whether to grant or not applications access to data, ie to prevent printing or forwarding emails from the company address or copy-and-paste between applications. Remote access to business data is allowed, moreover without impacting the user’s.
BitLocker
BitLocker is a security technology that has been already available on previous versions of Windows which allows a total or partial ciphering of hard disks and mass storage devices. The only requirement for the native functioning is the presence of a TPM (Trusted Platform Module) chip, nowadays present on most computers. Starting from July 2016, machines sold with Windows 10 on-board will have the presence of a TPM 2.0 chip as main requisite.
Ciphering a disk is a crucial feature in case of device loss or theft, a scenario which makes the presence of an account password completely unuseful in terms of protection of stored data.
Windows Defender
This is a feature that has been available for a long time in Windows, which also deal with malware protection. In a business scenario, the adoption of centralized and manages solutions (eg Intune Endpoint Protection and System Center Endpoint Protection, both from Microsoft, useful in terms of BYOD and common desktop-based infrastructures contexts) is to be favoured. The integrated reporting features grant the IT staff a complete vision of the situation and a quick intervention in case of identified threats.
Windows Firewall
A module historically available with Microsoft operating systems, Windows Firewall offers a basic level of protection and control on the network traffic. With the Advanced Security version (for business use), it allows the configuration of Connection Security Rules, which are IP-based policies for the control and ciphering of network connections between hosts.
Cumulative Updates
One of the main differences with the past is the new approach by Microsoft in terms of security and system updates. Until Windows 8.1, by using Windows Update, each user could choose which updates to install, which to postpone and which to exclude, and each month the update package was different.
That flexibility, beloved to experts and professionals as they could avoid compatibility problems with third-party software because of updates, unfortunately led to non-updated machines in domestic and consumer scenarios. The new approach of Windows 10 offer the so-called cumulative packages, where each monthly package includes previous updates that aren’t installed yet.
As a consequence, the classic singularly-selectable updates disappear in terms of complete cumulative packages (we might call them mini-service packs) that bring Windows 10 to the most recent version. Big companies that prefer not to use this method and frequency of update, a dedicated option offered by Microsoft exists.