I was doing some reading today, and it seems that the 8th generation processor requirement might not be so arbitrary. It looks, from the reading I did, that the 8th generation processor was the first to include hardware protection against Meltdown and Spectre v2.
You don’t have any family photos, you don’t want encrypted and held to ransom? You don’t do online banking on your PC?
There are lots of reasons why increased security is a good idea. The problem is, that is just conjecture, on my part, because Microsoft won’t make an explicit statement about why Gen 8 is the cutoff.
1 Like
That is what was originally said but when they released the insider preview they said they were relaxing the requirements to see what older gen processors and hardware it could run on. My guess is they will let gen 7 processors in maybe gen 6 though I wouldn’t hold my breath on the gen 6. So not really such a hard cut off atleast not yet.
1 Like
I don’t think anyone is against increased security, but give users the option to bypass extraneous security features if they wish. Especially arbitrary ones.
The problem is, if the security is optional, it is useless. If there is a way for the user to legitimately deactivate or workaround the security, that same route is open to bad actors.
We have to learn that good security has to be baked in and you can’t circumvent it.
At the moment, if you don’t want the added security of 11, stay with 10… If your machine doesn’t have the required minimum hardware level for good security, stay with 10, until you get a new PC.
I’m saying that as someone who will have to replace all of their PCs in order to “turn it up to 11”.
As I said above, if this really is about hardware features introduced in Gen 8, and that is the price for increased security, I am okay with that, even if I have to replace my PCs. On the other hand, if it is just a marketing gimmick to get us to buy newer hardware, I will seriously look at putting Linux on my PC again.
1 Like
I’m not sure if I subscribe to this, at least in terms of the general population. By this logic, we shouldn’t even let people use computers. The majority of security incidents are still attacks of opportunity rather than calculated APTs - things sitting on the WAN that were never meant to be, poor judgement, or simple coding oversight.
Regardless, the things that Microsoft are proposing here wouldn’t address any of that. Features provided utilizing TPM are entirely optional and will remain so in Win11. They’re just making it so the only part that’s not optional is needing an extraneous piece of hardware sitting on my mainboard for no reason. I can’t wait for the thing to crap out on me; had a TPM on a Surface Book die on me and had to replace the whole thing.
Security, in my mind, starts with hardening. Stripping out things that aren’t necessary in order to limit attack vectors (like the print spooler service!). Adding hardware doesn’t help with that.
This is the idea behind the principle of defense in depth. I have no problem with the OS offering additional layers of security, and I agree that it can’t really be optional while remaining effective. There are too many people who will read something BS on the Internet and then think they need to disable the “spying of the MS firewall” or some BS like that. As ever, it’s a tradeoff between effective security and user stupidity … oops I mean user friendliness… It seems you can’t have nice things because users are too willing to click the cute button to install that cyrpto-malware backdrop with kitties.
1 Like
It is always a trade-off. But designing secure means that the system is more secure and robust and less susceptible to user errors. If the security is built in as an afterthought or it can optionally be disabled, the malware can disable it. If that security is built in from the get-go, then there is no chance for the malware to get a foothold by simply turning off those security features.
That isn’t to say it will be 100% secure or that there can’t be errors that can be used. But the whole art of computer security is to reduce your attack surface to the minimum. If that means that the security has to be baked in on by default, as per iOS, Android and, more and more, macOS. Windows is still in the “we can add security, for those that want it,” and by doing that they are building in weaknesses that the users who use those features don’t expect.
The biggest weakness of Windows, though, is that they make the first user added duing installation the administrator! That is the stupidist thing you can do in security terms. Especially as that user is also a Microsoft Online user, at least for Home installations, these days. The first thing every user should do is add a real administration account, preferably a local account, and remove the administration abilities from their own account.
But only a fraction of users ever do that. It really needs Microsoft to step up their game and do security right, from the start. But they have done it wrong for over 3 decades and people are resistant to change, even if it is there to make their lives better and simpler, in the long run.
2 Likes
This may be of some interest about Windows 11 and the absolute need for some of the requirements communicated so far. It gives work-arounds to get it installed (as of right now) on machines that may not appear to be allowable.
Yeah that was an interesting video, they even showed running Windows 11 on a C2D Processor which is pretty significant.
Is anyone being forced to upgrade? Windows 10 is being supported for another 4+ years.
1 Like
Exactly - they’re just trying to drum up interest in 11
No one is being forced that I can see right now. Windows 10 looks to still be a viable option for the foreseeable future. I’m sure a time will come that they will be pushing Windows 11 a lot more but there isn’t much they can do at the moment as most people don’t have hardware new enough or at the very least dont have the TPM requirements as that was not normal for most consumer grade hardware.
Hopefully what they are doing has real implications of reducing security risks and will help to eliminate a lot of the security issues in the future and not just a push to sell newer hardware. I guess only time will tell.
2 Likes
It also seems that a lot of people seem to think this has to do with Microsoft’s push for Windows 365 (cloud based OS) a either upgrade all of your equipment or just subscribe to our service and don’t worry about upgrading equipment anymore type of approach.
Introducing a new era of hybrid personal computing: the Windows 365 Cloud PC | Microsoft 365 Blog
I am kind of curious what sort of File Explorer Issues Paul is having in Windows 11. He mentioned it off hand briefly.
I only wonder because File Explorer has been working like garbage in Windows 10 on almost all my machines for like a year or more. The recycle bin takes like 5 minutes to pop up the Yes/No when you empty it. Most of the time when I create a new folder, the file system doesn’t refresh to even show a new Folder, then I refresh manually, and name the folder, and it still just says “New Folder” unless I refresh again.
I have done several registry hacks suggested by searching online and disables or adjusted some services but the problem persists.
I’ve had this issue on my laptop, on my desktop, on my work PC, on various machines.
I have no idea how Microsoft managed to somehow break File Explorer so badly.