Microsoft Posts Checklist for a Highly Secure PC

Security is important to everyone on Windows, but what if security is the most important thing? Microsoft has released a document detailing what you should do to create the most secure Windows 10 PC possible. It covers everything from what sort of hardware you should have to making sure your bootup process is locked down. Not all systems we think of as “secure” will be up to Microsoft’s standards, but you might be close as long as you’ve got newer hardware.

Right at the top of the list,Microsoft says the most secure PCs must run the latest generation Intel and AMD processors. That means the 7th generation Core chips from Intel and AMD’s 7th gen Athlon and Ryzen chips. That probably sounds a little weird, but the silicon does matter in terms of security. For example, 7th generation CPUs support Mode Based Execution Control (MBEC), which is important for VBS, or Virtualization-Based Security. Microsoft also demands 8GB of RAM, but the reason for that isn’t as clear.

Microsoft also says systems must have 64-bit instruction set support, but good luck buying a CPU that doesn’t have 64-bit support anymore. Again, this is necessary for VBS. Virtualization is an important part of Windows 10 security. Microsoft says systems should have virtualization enabled via Intel VT-d, AMD-Vi, or ARM64 SMMUs.

A secure system should also have a Trusted Platform Module (TPM) that conforms to the v2.0 standards. A TPM acts as a secure cryptoprocessor for handling encryption keys. Most systems have support for a TPM either via a motherboard plug or integrated with the circuit board. However, it’s not always enabled.

The drivers shipping on a secure computer should all be Hypervisor-based Code Integrity (HVCI) compliant, according to Microsoft. The document also says secure boot must be turned on. This is the default on virtually all systems that prevents a PC from booting unauthorized software like rootkits and other malware. This is a feature of UEFI, which has replaced traditional BIOS systems. Microsoft notes that a computer’s UEFI should be at least version 2.4 with support for Secure MOR revision 2.

The biggest piece of this is just having a newer system. Microsoft requires many of these firmware features to be supported before granting a Windows certification. Simply having the latest generation silicon from Intel or AMD also gets you most of the way to having the most secure Windows system possible.

Now read: Windows 10: The Best Hidden Features, Tips, and Tricks

Extremetech责编内容来自:Extremetech (源链) | 更多关于

本站遵循[CC BY-NC-SA 4.0]。如您有版权、意见投诉等问题,请通过eMail联系我们处理。
酷辣虫 » 手机数码 » Microsoft Posts Checklist for a Highly Secure PC

喜欢 (0)or分享给?

专业 x 专注 x 聚合 x 分享 CC BY-NC-SA 4.0

使用声明 | 英豪名录