Will Windows 10 mean the end of malware?

News
By published

More secure than ever before

Windows 10
You'll see new Windows 10 security features in a preview update next year

Think Windows 8 was a big step forward in security? So did Microsoft – at the time. Looking back though, Chris Hallum, who manages the security features in Windows and Windows Phone, now thinks it had incremental improvements tackling a subset of the problem.

That's not helped by the fact that PC makers didn't start putting the same kind of touch sensor fingerprint readers as seen on the iPhone on their devices the way he'd hoped they would.

He's still hoping to see fingerprint sensors become common, but he's also bullish about what's coming next. "In Windows 10," he says confidently, "you'll see we actually decisively address entire classifications of issues with solutions that maybe in some ways can eradicate the issue in its entirely."

Password crisis

The first issue to tackle is passwords. "We're no longer thinking about passwords as a problem," he admits freely. "Passwords are actually a real-time crisis. You have to move to something better."

And that would be the 'next-generation credential'. It's going to use two-factor authentication, with the second factor being either the Trusted Platform Module security chip which is in many modern PCs and will be in every single Windows device in 2015, or your phone (where the equivalent of the TPM is "pretty close to pervasive") – or, he suggests mysteriously, "devices we're not talking about yet".

When you first make your account, your PC will create a key that's stored in a secure container, protected by the TPM – you might have one key for your personal account, another for your online bank and another for your work account that has a longer PIN.

"The user unlocks their Windows container with an unlock gesture, which could be a PIN or a password or biometrics, and they get access to it," says Hallum. That PIN isn't the usual four digits – it can be up to 20 characters long and it can include numbers, symbols, spaces and upper and lower case letters.

Finger printing good

Or you could use a fingerprint. Hallum expects readers that can tell whether your finger is a real finger and whether it's still alive, looking not just at the pattern but "the 3D image with the peaks and valleys" which flatten out on dead fingers and fake fingerprints.

He'd like to see a 9mm sensor that doesn't have a big chrome border around it so you can just press your whole fingertip on it once instead of multiple times like the iPhone, but OEMs may pick smaller, cheaper sensors. "We're going to get the cost down to where it can go mainstream," he says with cautious optimism. "We have an OEM signalling – not committing but signalling – that they may put it across their entire consumer range. Although I hope I don't get burned again because I talked about this for Windows 8…"

With or without fingerprint readers, the new password-replacing credentials are coming – not just from Microsoft but from fellow FIDO Alliance members like Google. Google's similar secure key proposal has already been ratified and Hallum says Microsoft is committed to getting its own system ratified by FIDO too.

Flexibility first

Hallum believes the flexibility of the Windows 10 credential is an advantage. "The differentiator for us is you will be able to use existing devices to authenticate for this; you can use your PC or your phone.

"That means your phone – including Windows Phone, Android, an iPhone with its fingerprint reader and maybe one day a BlackBerry – could store your credentials and pair to your PC via Bluetooth to sign you in. That means two-factor authentication will become ubiquitous, without people needing multiple fobs and physical tokens."

He's confident the credentials will be adopted by a range of services, and says Microsoft is evangelising it to both business and consumer services. "This is going to succeed. You're going to see a lot of consumer services like Netflix. They see how important this is for banking, for content, for consumer services." Business apps that you log into with a Windows username and password today will just work with them too. "Every app should be able to take advantage of it, unless you've done something that is not best practice."

Mary Branscombe
Contributor

Mary (Twitter, Google+, website) started her career at Future Publishing, saw the AOL meltdown first hand the first time around when she ran the AOL UK computing channel, and she's been a freelance tech writer for over a decade. She's used every version of Windows and Office released, and every smartphone too, but she's still looking for the perfect tablet. Yes, she really does have USB earrings.

Latest in Security
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
Latest in News
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
More about security
Hacker silhouette working on a laptop with North Korean flag on the background

North Korea unveils new military unit targeting AI attacks

Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)

This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Compal Infinite Laptop

This laptop has a horizontal rollable display that extends to 18 inches, and I can't wait to try it
See more latest
Most Popular
Compal Infinite Laptop
This laptop has a horizontal rollable display that extends to 18 inches, and I can't wait to try it
Silicon Motion MonTian 128TB SSD
More 128TB SSDs on the way, but they won't be cheaper: Key maker of NAND flash controllers says 128TB SSDs are shipping
Toshiba HDD Innovation Lab
How to make hard drives faster? Simple, just bunch dozens of them together, Toshiba says
Asus Ascent GX10
Asus debuts its own mini AI supercomputer: Ascent GX10 costs $2999 and comes with Nvidia's GB10 Grace Blackwell Superchip
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Micron SOCAMM memory module
World's biggest RAM vendors develop superior memory form factor exclusively for Nvidia, sorry Intel and AMD