AV-Comparatives looked at how Windows 11 affects the security of the average PC. A blog post by David Weston, Director of Enterprise and OS Security at Microsoft, provides details on the security-related hardware requirements in Windows 11.
One of the most controversial aspects of the new version of Windows is the hardware requirements. In addition to more memory (RAM) and hard disk space, the release version of Windows 11 requires certain hardware-based security functions that must be available on the PC. This includes a TPM (Trusted Platform Module) chip version 2.0 and a processor with VBS (virtualization-based security) and HVCI (hypervisor-protected code integrity). In addition, UEFI firmware with activated Secure Boot function is required to install Windows 11.
In the current preview versions of Windows 11, these requirements are not always necessary, so that the installation is possible on some systems on which the final version cannot be executed later. However, a TPM 2.0 chip already seems essential to install preview builds.
Why is Microsoft doing this?
A recent blog post by David Weston, Director of Enterprise and OS Security at Microsoft, details the security hardware requirements in Windows 11 and explains why these are necessary. Another Microsoft blog post aimed at Windows insiders states that the hardware-based security measures required by Windows 11 can prevent 60% of malware attacks, according to research by Microsoft. This hardware policy for the new operating system means the majority of PCs currently running Windows 10 cannot be upgraded to Windows 11, even with a full reinstall.
David Weston is right that the hardware security features required make a real difference to computer security. However, some have argued that many older processors that are not on Microsoft's current Windows 11 Hardware Compatibility List already have all of the necessary security features. Microsoft has now taken note of this and is considering adding some older CPUs to the compatibility list for Windows 11.
Does upgrading to Windows 11 make a PC safer?
The best answer to the question “Will Windows 11 be more secure than Windows 10?” Is “yes and no”. A PC with modern hardware security functions is more secure than a PC without, but you can use these functions with a newer version of Windows 10. The new security functions in Windows 11 are not limited to supporting the corresponding hardware. Another part of the new operating system will be, for example, "Windows Hello for Business", which enables password-free login in corporate environments. At least for business customers, this is a security function that is only available in Windows 11. But for many home users, upgrading from a current Windows 10 to Windows 11 won't make much of a difference in terms of security.
More at AV-Comparatives.org