Telemetry in Windows 10 has access to extensive system and usage data of the operating system. To monitor the telemetry component, the Federal Office for Information Security (BSI) developed a technical solution as part of the "Study on system structure, logging, hardening and security functions in Windows 10" (SiSyPHuS Win10).
The developed "System Activity Monitor" (SAM) enables detailed recordings of the system and application behavior of the Windows telemetry for research purposes. The publication is part of an extensive security analysis in which the BSI examines security-critical functions of the operating system. The aim is to be able to assess the security and residual risks for using Windows 10, to identify framework conditions for safe use of the operating system and to create practical recommendations for hardening and safe use of Windows 10.
SiSyPHuS Win10: Study on security features in Windows 10
With the SiSyPHuS Win10 project (study on system integrity, logging, hardening and security functions in Windows 10), the BSI has security analyzes of the security-critical functions in Windows 10 carried out and, based on this, suitable hardening recommendations created.
Execution of code greatly affects the security of the overall system. As the operating system most widely used on PC systems, the Windows operating system from Microsoft has a particular influence on the security of a large number of IT systems in Germany. In addition, with the political-strategic decision to use Windows 10 as the operating system for the federal administration, there is a need for the BSI to make reliable statements about the framework conditions and requirements for the secure use of Windows 10.
The project aims to create a basis for
- to be able to assess the overall security and residual risks for using Windows 10,
- Identify framework conditions for safe use of the operating system and
- to be able to give practical recommendations for the safe use of Windows 10.
More Information
- The subject of the investigation is Windows 10 in versions 1607 and 1809, 64-bit, German language from the Long Term Servicing Channel (LTSC)
- The analysis results are written in English with German summaries
- The logging recommendations and hardening recommendations created in the project are written in German
- Scripts and tools that were created as part of the project are available for download on the subpages of the respective project chapters (GPLv2).
- All statements in the published documents refer to the examined version (see above) of Windows 10 during the respective examination period. As a result, there is always the possibility that the current versions of the operating system may deviate from this.
The following table of contents serves as an overview of the analyzes that have already been completed and are still planned in the project. After completion of the respective work packages, the corresponding entries are stored with the result documents. In principle, all project results are published after completion. The numbering of the work packages is used for project organization. This means that not every “work package” has a result document for publication. For example, work package 1 only stands for the project start meeting that took place.
More at BSI.Bund.de
About the Federal Office for Information Security (BSI) The Federal Office for Information Security (BSI) is the federal cyber security authority and the creator of secure digitization in Germany. The guiding principle: As the federal cyber security authority, the BSI designs information security in digitization through prevention, detection and reaction for the state, economy and society.