Microsoft: Windows 10 Version 1607 is the Most Secure Windows Ever

Posted on November 11, 2016 by Paul Thurrott in Windows 10 with 18 Comments

Microsoft: Windows 10 Version 1607 is the Most Secure Windows Ever

In tandem with the release of a new security white paper, Microsoft is claiming that Windows 10 version 1607 is the most secure version of Windows yet.

“Every day cybercriminals test new ways to attack and gain control of your PC,” a Microsoft representative told me. “In the last 12 months alone, the number of ransomware variants in the wild have more than doubled. Because Microsoft understands how destructive ransomware can be, the company has developed and incorporated multiple solutions into its technologies to help protect your PC. The Windows 10 Anniversary Update comes with enhanced security features that make this OS the most secure and more ransomware-resilient than ever.”

Microsoft has published a new white paper called Ransomware Protection in Windows 10 Anniversary Update that details how the latest Windows 10 version helps to protect all of its customers, from consumers to businesses. But in a separate blog post, it also makes its case for why Windows 10 version 1607—that is, Windows 10 with the Anniversary Update installed—is the most secure Windows version yet. Improvements in this release include:

Browser hardening. Microsoft Edge runs Adobe Flash Player in an isolated container, and Edge exploits cannot execute other applications. “These improvements block malware from silently downloading and executing additional payloads on customers’ systems,” Microsoft says.

Windows Defender improvements. The Windows Defender signature delivery channel works faster than before so that the in-box anti-virus and antimalware solution can help block ransomware, both in the cloud and on the client. Additionally, Windows Defender responds to new threats faster using improved cloud protection and automatic sample submission features, plus improved behavioral heuristics aimed at detecting ransomware-related activities.

Windows Defender Advanced Threat Protection. This new service helps business customers respond to attacks by alerting the security team, identify any damage caused, and understand where it might be moving next. It can also work with Office 365 Advanced Threat Protection to provide a more holistic view of what is attacking the enterprise.

To help prevent ransomeware specifically, Microsoft recommends that customers install the Windows 10 Anniversary Update and accept the default security settings, keep machines up to date with the very latest updates, and create and follow a comprehensive backup strategy.

 

Join the discussion!

BECOME A THURROTT MEMBER:

Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Register
Comments (20)

20 responses to “Microsoft: Windows 10 Version 1607 is the Most Secure Windows Ever”

  1. Avatar

    5530

    People: Windows 10 Version 1607 is something I don't care about, my computer just installs it

    And really, the flash player in chrome and firefox are isolated too. And in the former, it has been part of the security model since day 1. It's good that the browser in the OS has caught up but it should have happened sooner.

  2. Avatar

    5486

    I love the way whatever spin MS put out, there's always an underlying push for customers to use it's apps and services (Edge, Defender etc). Defender especially (or Security Essentials v1.0a if you want to call it that), has consistently been very poor in detecting threats in numerous independent tests, and Edge, well, MS are resorting to offer to PAY people to use it. Enough said.

    I used to say just keep your PC updated with the latest SECURITY updates and forget features, be sensible, and you should be ok, but MS don't even allow you to do that anymore - it's all or nothing, and MS themselves use these updates to push out their own 'malware' (eg GWX).

    The pot is looking at the kettle, and about to speak....

  3. Avatar

    6525

    @danmac:
    Conceptually, privacy is part of security because private data and usage deserve protection from third persons, states, companies and criminals. Currently, Windows telemetry might be used by Microsoft with good intention. This does not prevent accidental or intentional tampering of private data or meta-data by Microsoft or others gaining access to the data.

     

  4. Avatar

    5554

    Oh the irony, when factoring Windows 10 *is* malware/ransomware

  5. Avatar

    6525

    Security involves several aspects, such as used Windows version, used Windows edition, kernel, GUI, configuration of Windows by the user, user behaviour, Windows handling of software installation.

    Windows edition: Server is more secure than Enterprise than Pro than Home. If Microsoft really wanted to make Windows more secure, they should provide Server's security to all Windows editions.

    Kernel: There are conceptual security improvements and bug fixes but still the central problem is the essentially unlimited rights of software or driver installers. Grant administrative right to the installer once and it may install malware and modify other programs or system components.

    GUI: The default of no privacy violation is missing. The 1-click option to opt-in to privacy violation is missing. Instead the default is privacy violation and it requires very much research to prevent Windows 10 (especially Home or Pro) from violating privacy, such as deactivating telemetry while still allowing Windows updates.

    Configuration of Windows by the user: user accounts, access rights, software restriction policies, integrity levels, hardening etc.

    User behaviour: no accidental software execution, verifying trust of downloaded software, no accidental formatting or deletion etc.

    All talk about "most secure Windows ever" is moot as long as different Windows editions have different security standards, software installers have too many rights, the Windows GUI violates the security the kernel pretends to maintain, the user does not configure Windows well and Windows does not configure its default as well as the user should configure Windows, and the user is irresponsibly careless with accidental security violations.

  6. Avatar

    1377

    Sorry to intrude some statistical skepticism, but if the main vectors for ransomware encounters are social engineering or tainted ads in websites, wouldn't the average Windows 10 user be a more sophisticated Windows PC user, so less susceptible to the former and more likely to use ad blockers which handle much of the latter? IOW, that chart may be misleading and show mostly underlying subpopulation differences. At the very least, it'd be useful to see both Windows 10 and Windows 7 groups broken down into using and not using ad blocking subgroups.

    FTHOI, I wonder what the ransomware encounter rate is for macOS, Linux, BSD, etc. Perhaps running Linux in a Hyper-V VM and browsing in that VM is even safer.

    Also, backups are ALWAYS GOOD, not just as fallback against ransomware. Perhaps the value can only be discerned by those who've actually fried a hard disk.

    • Avatar

      2181

      In reply to hrlngrv:

      I don't know why you are down voted. 

      The possibility of selection bias is real right here.

      I agree with you, that we need more data both in the width and depth to have a clear sense of how efficient are the new ransomware protection in Win10 works.

       

      And you can only be 100% secure from ransomware if you have cold backup with versions, which can be expensive, especially when you use an SaaS.

      • Avatar

        1377

        In reply to Nonmoi:

        I'm down voted because fanboys dislike skepticism or any criticism, well-meaning or otherwise, of their adored OS and tech company.

        Re backups, I mean data backups and configuration backups, though in my experience the most effective configuration backups for Windows are a whole lotta .REG files.

  7. Avatar

    966

    Paul,

     When I see a headline like you wrote, my first question is always, BUT what edition of W 10 ??? are they comparing to. In your article, what edition did MS use. Believe me there is very little comparison between W 10 Pro AND W 10 Enterprise/Education when it comes to security.

     From all that I have heard and read, so far I see very little difference between W 10 Pro OS and Security AND W 8.1 Pro that is fully PATCHED. Most of the changes are not in the OS wise, but are in the Store and GUI so it isn't really impacting most whom are just using the OS and wanting its STABILITY. Yes I am an insider and up to date with that on both Fast and Review Rings.

    Best Regards,

    Crysta

  8. Avatar

    342

    This is akin to Apple claiming, this is the best iPhone we've ever made... Well, I HOPE so, since this whole event is about launching it. Accepting the default security settings isn't exactly the most secure either, sending all kinds of data to MS.

     

  9. Avatar

    5234

    Ransomware is only 1 form of malware.  Defender fails to prevent the installation of LOTS of malware that MalwareBytes prevents.  My own computer store is proof of this: I get customer computers every day with malware infections that are "up-to-date" with Windows 10.  In a lot of ways, Windows 10 is no more safe for users than Windows XP is.

    • Avatar

      342

      In reply to Waethorn:

      Windows XP came with zero security software, and didn't have a firewall until later SPs. If people weren't running their PCs with admin rights, and clicking yes on everything, they would be far better off. However, XP didn't tend to introduce it's own denial of service with patches put out with nearly zero QA, so there's that.

    • Avatar

      5027

      In reply to Waethorn:

      And what antivirus program are they running,  are they using Edge .. or some other browser?

      What I find it that most people getting infected are actively clicking and installing malware because they don't read, and approve and click away anything that pop up on the screen, and often they use a third party crap antivirus like AVG (that used to be good but now more or less is malware it self) or Symantec's bloated crap that just slows down computers and find almost nothing. or worse of all Panda Anti-virus or McAfee.  Really popular right now are e-mails from "fedex" or "DHL" with a .zip file as an attachment .. a .zip file that contains javascript that starts the attack .. an people of course click to open the .zip file, even if they know they expect nothing from Fedex,  and the name is wrong, and the text is completely illogical in the mail ...nevermind the source of the mail clearly show that it is from someone else..  get that even through gmail at times..

      Windows 10 is the most secure version of Windows ever .. and if you use Edge it's safer still .  

Leave a Reply