Saturday, November 11, 2017

Microsoft's Guide on How To Create A Highly Secure Windows 10 PC

Microsoft Windows is always seen as the most vulnerable and easily attacked Operating System. Over the years, there have been many reports of Windows users being stuck with several sorts of malware like .Cerber3, nRamsomeware that locks up your PC and demands nude images as payment, Wanacry and so on. So in response to all these challenges, Microsoft has issues out a security patch that will fix these vulnerabilities and also, a detailed hardware and firmware requirements to improve the security of Windows 10 devices including laptops, desktops, convertibles, etc. So we shall take them one after the other.
Microsoft's Guide on How To Create A Highly Secure Windows 10 PC

1.   Which Type of Processor You Should Get


Before getting a PC, the first and foremost thing you should ask yourself is which processor should you get? According to Microsoft, a “highly secure” Windows 10 device standard applies to devices running Windows 10 Fall Creators Update with 7th Gen Intel (Core i3, i5, i7, i9-7x, M3-7xxx, and XeonE3-xxx) or AMD (A Series Ax-9xxx, E-Series Ex-9xxx, FX-9xxx) and 8GB as minimum system memory.

2.   What About the Processor Bit?


Microsoft recommends a 64bit processor over a 32bit. Although 32-bit CPUs for computers are almost nowhere to be seen in the market. But I am sure that there are still a good number of Windows OS users who still run on 32bit machine. Well, Microsoft explicitly mandates that the processor must support 64-bit instructions.

The Windows hyper-visor only works with 64-bit chips. It’s needed to run VBS (Virtualization-based security) which powers various security features in Windows 10 such as Device Guard and Credential Guard.

3.   Trusted Platform Module 2.0 Shouldn't be Left-out


If you intend on creating a highly secured Windows 10 PC, then TPM 2.0 must not be absent on your device. And also, our PC must meet Microsoft specifications for the Trustworthy Computing Group (TCG) specification.

Your PC should also have a cryptographically signed platform boot which can be easily enabled via Intel Boot Guard in Verified Mode, AMD Hardware Verified Boot or an OEM equivalent to the same.

4.   What about the virtualization?


Virtualization requirements include that the system should have Intel VT-d, AND-Vi, or ARM64 SMMUs to support input-output memory management unit (IOMMU) device virtualization. And to enable support for VM extensions with SLAT (Second-Level Translation), the system should have Intel Vt-x with Extended Page Tables (EPT) or AMD-v with Rapid Virtualization Indexing (RVI).

5.   The device should run UEFI 2.4


As a part of the firmware requirements for a highly secure Windows 10 device, Microsoft says the system should implement UEFI (Unified Extension Firmware Interface) 2.4 or above, the drivers must be HVCI (Hypervisor-based Code Integrity) compliant and support UEFI Firmware Capsule Update specification.

I understand that for an average PC user to meet all or most of these requirements set by Microsoft will be difficult, but actually, it isn’t as costly as one might assume. You can find Windows 10 PCs running 7th Gen Intel chips and 8 gigs of RAM for as low as $500. 

You shouldn’t worry about the geekier stuff such as the virtualization specs, TPM version, UEFI version, as it would be the PC makers who would have to make sure the devices stick to all the requirements.

Source;  Microsoft OEM Security Page





If You Enjoyed this Post, Kindly take 5 Seconds and Share it With Your Friends on

No comments:

Post a Comment

***We ❤ to hear from you, Tell us Your views and opinion. Please note that comments are always moderated, Abusive comments won't be approved, and spammy comments are deleted automatically