15.6.16

Windows 10 security and privacy: An in-depth review and analysis


As Windows 10 approaches its one year anniversary, it is interesting to take a look at how far the operating system has come. Microsoft has promised greater security in Windows. During the past 12 months I have been kept very busy researching and documenting Windows 10’s security, as well as its privacy issues. I have now completed a white paper on the subject: Microsoft Windows 10 Security and Privacy: An ESET White Paper.
Windows 10 represents a sea change for Microsoft: the realization of its Windows as a Service (WaaS) strategy initiated by its predecessor, Windows 8. With WaaS, Microsoft is able to update its Windows operating system with additional features and functionality throughout its life, instead of only at service point releases or new versions. In the past, new features and functionality have had to wait for one of these events. With Windows 10, these will now appear at various operating system “point” releases, which will occur two to three times a year, according to Microsoft.
Lest anyone think that Microsoft’s commitment to making changes to Windows in order to improve its security and privacy is mere sophistry, allow me to share my own experience over the course of writing this white paper. Of the 35 pages originally turned in, 18 had to be rewritten completely due to changes made by Microsoft after Windows 10’s release less than 12 months ago.
Despite this, I have endeavored to provide a comprehensive analysis of Windows 10 from a security and privacy perspective, as you can see from this selection of top level section headings from the white paper. Bear in mind these are just the main sections:
Windows Adoption by the Numbers
Windows 8: The Security Story So Far
What's Improved in Windows 10
Windows Update
Windows Branches
Windows Defender
Defending Windows Defender
BitLocker
SmartScreen Filter
What's New in Windows 10
Conditional Access
Control Flow Guard
Device Guard
Virtualization-Based Security
Microsoft Edge
Microsoft Passport
Windows Hello
Windows 10 Mobile
Privacy
Cortana Search Agent
Government issues
Microsoft on Privacy
I trust this white paper will help organizations that are currently evaluating the role of Windows 10 in their operating system and security strategies. To the best of my ability I have referenced all of the information that is provided in the paper, hot-linked through the more than 120 footnotes it took to do that. However, if you think something is missing, or you have any questions about Windows 10’s security or privacy, be sure to let me know in the comments below.
Aryeh Goretsky, MVP, ZCSE
Distinguished Researcher, ESET

Have you installed Windows 10 yet? Will you upgrade before July 29th to take advantage of the free upgrade, or wait until afterwards? What concerns you about Windows 10 security? It’s privacy? Let us know your thoughts and opinions below!