Microsoft has taken a step towards having a Windows 10 version which it has more control over. Traditionally, Windows has been in the hands of OEMs, unlike Apple’s closed platform system. Microsoft wants to have more hardware control with OEM devices. Secured-core PCs aim to give Microsoft that control.
According to Microsoft, the goal is to bring more security to protect laptops running Windows 10. The company says firmware issued by OEMs often has more privilege than the Windows kernel, allowing attacks to be perpetrated more easily.
With secured-core PCs, Windows 10 devices will come with a more secured platform out of the box. Integrated hardware, software, and firmware come in the package. Microsoft points out OEMs will have to meet certain security requirements to get a certification.
Secured-core PCs are for users who need data-sensitivity, such as workers in the government and financial services.
Microsoft will bring firmware protection from Windows Defender through a tool called System Guard. With this feature, Secured-core PCs will prevent attacks sooner and before exploits are found.
“If you get a piece of kernel-level malware on your standard operating system, the attacker can’t access critical features,” Dave Weston, the partner director of Windows security at Microsoft told ZDNet.
“It’s pretty similar to what other manufacturers might be doing with a specific security chip, but we are doing this across all different manners of CPU architectures and OEMs, so we can bring this to a much broader audience, and they can select the form factor or product that matches them but with the same security guarantees as if Microsoft created it.”
Weston, a security engineering executive for the Windows and Azure OS divisions, says Microsoft took the approach for Secure-core PCs from how it protects its Xbox consoles.
“Xbox has a very advanced threat model because we don’t trust the user even in physical possession of the device. We don’t want the user to be able to hack the console to run their own games,” said Weston.
“Also, when you take it out of the game domain and you put into the real-world physical domain, you want the same guarantee that an attacker cannot access your code and data. We took our own learnings and worked with silicon vendors to develop strategy to deal with advanced threats.”