Windows 11

AgentCooper

At Least I Have Chicken
Moderator
The times, they are a-changing!

69611E88-87A2-4725-B749-DE694E9311F6.jpeg


Rather shamefully, the surgery I spend most of my time at only stopped using this about three and a years ago.

And a certain high street optician that I’ve done some work for still use MS-DOS for some of their processes.
 

SpyderTracks

We love you Ukraine
These particular apps aren't on play store and come from 2 major chinese companies (DJI & Insta360)
Oh, I see. I'm sure there'll be a way around it, like on the windows settings did you know there's actually a feature to only allow apps to run that are from the microsoft app store? It's disabled by default, but I wonder if they'll have something similar to sideload android apps from elsewhere:

1624573627760.png
 

Martinr36

MOST VALUED CONTRIBUTOR
Oh, I see. I'm sure there'll be a way around it, like on the windows settings did you know there's actually a feature to only allow apps to run that are from the microsoft app store? It's disabled by default, but I wonder if they'll have something similar to sideload android apps from elsewhere:

View attachment 27320
Of course that exists in android as well, as google only like you installing apps from the play store, so you have to change it in security for each app
 

ubuysa

The BSOD Doctor
I just don't understand what Microsoft is thinking. Windows 10 was loudly touted as the last version of Windows, yet now they think announcing Windows 11 is a good idea? And then to compound that silly marketing error they make a tool available that lets a large percentage of their user base find out that they can't run it. Imbeciles isn't a strong enough word to describe how monumentally stupid this all is. The Linux vendors must be rubbing their hands with glee.
 

DarTon

Well-known member
What I'm not quite seeing is what exactly am I getting that is so revolutionary that requires it to be named Win 11, rather than Win 10 ...

So they replace the terrible MS store or Xbox app, they put in the touch improvements that were going into Win 10X anyway. That doesn't require it to be called Win 11.

The changes to the UI are pathetic. They call it "the Dock" but it isn't. I mean I would love them to get rid of the Start Menu/Taskbar and do a real dock (a la Apple/Unix) but this isn't it one. The've just put the icons in the centre of the taskbar! Doesn't require it to be called Win 11.

I've said it before but I just see this as attempt to get some media attention away from Apple and the M1, BigSur etc. So ... drumroll ... it's Win 11!
 

macjim

Bronze Level Poster
I just don't understand what Microsoft is thinking. Windows 10 was loudly touted as the last version of Windows, yet now they think announcing Windows 11 is a good idea? And then to compound that silly marketing error they make a tool available that lets a large percentage of their user base find out that they can't run it. Imbeciles isn't a strong enough word to describe how monumentally stupid this all is. The Linux vendors must be rubbing their hands with glee.

My PC is less than a year old but their system checker says I can't run W11. I assume it's the TPM chip missing from my ASUS X570-PLUS Board, which appears to out of stock everywhere.

I have to agree, poor start by MS - "Hey everybody, we've got a super duper new OS, best ever.................................oh yes not many of you can run it yet!" Not sure if the "leak" made them rush out their communication, or it's all part of the "marketing" ploy to get people talking about it.
 

DarTon

Well-known member
So as far as I can tell I have two older PCs, one a i7-4790K (my prior custom PC from early 15) and another an i7-6700 (spare PC, used a bit by kids for homework etc). They are perfectly fine to run something like Win 11. Except MS has decided that they aren't.

This is getting a bit too much like Apple. They also ensure after after 5-6 years that the old hardware cannot be updated to the new OS version. I understand why Apple do that: they are the monopoly provider of hardware and want regular margin from a hardware upgrade cycle. It's also fits their closed, rigid ecosystem where they define what users can/can't have and tough if you don't like it.

By comparison, I don't see the upside for MS doing this. They have no guarantee you'll buy a Surface Pro. But it also fits an increasing trend for them to want to tightly control their ecosystem. Win 11 as a service basically.

Problem is if I want a closed ecosystem, I just go to Apple since they are the masters of that. I don't go to a poor clone of Mac OS called Win 11. Plus by 2023, Apple's Mx hardware could well make x86 from AMD/Intel look rubbish. Meanwhile, if I want an open ecosystem, I just go Linux.
 

SpyderTracks

We love you Ukraine
As far as I can understand, the TPM requirement is mostly to aid future sign on methods. MS made it a requirement for board manufacturers to include TPM headers since 2016, they’ve been planning this for a long time.

Passwords are inherently insecure and all companies have realised this. They’re moving to MFA technologies to provide random crypto keys generated from a secured enclave that’s on the device like the Secure Enclave on Apple products (the T2 chip).

TPM is just Microsoft’s implementation of that.

This greatly reduces the ability to hack a users account, unless of course the local device is compromised.

This is nothing new though, the web has been preparing for this for a long time and all the big players are moving over to it.

I don’t see it as an issue, more a necessity to adopt modern required security standards.

And if you think Linux won’t move to this model, I think you’re missing the bigger picture. Within a few years, you won’t be able to logon to any web resource without embedded security chips, it will be default and legacy password logons will not be available anymore. They’re just too easy to hack nowadays.

 
Last edited:

ubuysa

The BSOD Doctor
As far as I can understand, the TPM requirement is mostly to aid future sign on methods. MS made it a requirement for board manufacturers to include TPM headers since 2016, they’ve been planning this for a long time.

Passwords are inherently insecure and all companies have realised this. They’re moving to MFA technologies to provide random crypto keys generated from a secured enclave that’s on the device like the Secure Enclave on Apple products (the T2 chip).

TPM is just Microsoft’s implementation of that.

This greatly reduces the ability to hack a users account, unless of course the local device is compromised.

This is nothing new though, the web has been preparing for this for a long time and all the big players are moving over to it.

I don’t see it as an issue, more a necessity to adopt modern required security standards.

And if you think Linux won’t move to this model, I think you’re missing the bigger picture. Within a few years, you won’t be able to logon to any web resource without embedded security chips, it will be default and legacy password logons will not be available anymore. They’re just too easy to hack nowadays.

And that all makes perfect sense for portable devices, but for desktops??
 

Martinr36

MOST VALUED CONTRIBUTOR
And that all makes perfect sense for portable devices, but for desktops??
From some of the sections on thatr Linus video, it seems that most of W11 is geared more for portable devices, incorporating things that are already quite common place on Android mobile phones
 

SpyderTracks

We love you Ukraine
And that all makes perfect sense for portable devices, but for desktops??
It's not the device though, it's the resource you're logging into, mainly these days, on the web.

At the moment, we're passing through a static password which is easily breached either by man in the middle attack if you're not using a VPN, or by those passwords generally being easily extractable from a compromised OS as they're often either not stored encrypted, or the virus has a method to permeate the encryption. And more often than not, brute force tools which are freely available will guess a password within 15 minutes or so because most people just use standard words for their passwords rather than the Aa123!! format that is really a basic recommendation.

With a TPM / Secure enclave, the "password" that's sent when logging on is a "randomly" generated crypto key governed by the key stored in the TPM that's set when that account is setup. So each logon generated after setup is "random" and would require cracking that currently doesn't exist as far as we're aware. Obviously this would change in the future and TPM 2 will inevitably be hacked, but then you just upgrade your TPM chip to TPM 3 and you're covered.

It's nothing to do with mobile devices or desktops, it's to do with the resource you're logging into.
 

DarTon

Well-known member
From some of the sections on thatr Linus video, it seems that most of W11 is geared more for portable devices, incorporating things that are already quite common place on Android mobile phones
That's because the bulk of Win11 is mainly just a rebranding of the "mobile" Win10X that was scrapped.
 

SpyderTracks

We love you Ukraine
Furthermore, if we look at the current main OS's and devices they're on (purely desktop OS's, not including mobile)

Chromebooks: Yes, I'm including this. A lot of people still frown on them, but really, they were just released too early, but they're gaining traction hugely as more and more processing is done server side over the web.
Chromebooks have had the Titan C security chip embedded at a hardware level since 2017 https://showcase.withgoogle.com/titan-c/
Google supports any chromebook for 6.5 years by default, but they've just announced expansion of some devices to 2025: https://www.laptopmag.com/uk/articles/chromebook-6-years-expiration

MacOS: all Macs have a T2 chip embedded since 2018. Worth bearing in mind that Apple consider a device end of life far earlier than any other vendor, currently anything before 2015 is considered EOL and not supported. https://support.apple.com/en-gb/HT208862

Windows systems: all X86 motherboards were forced to have TPM headers since 2016.

Linux: Remember Linux runs on the same hardware as windows systems, so again, all Linux machines have had TPM functionality at a hardware level since 2016.

Based on that, this relates to when OS platforms enforce hardware security:

Apple - 2025 (when EOL is realised on devices that don't have T2 chips)
Microsoft - 2025 (when windows 10 support ends)
Google - 2025 (when extended support on legacy devices expires)
Linux - ?

I don't think this is a coincidence. My guess is that passwords will be deprecated on the web by all major players in 2025 (as it currently stands) and authentication methods will be forced to biometrics.
 

ubuysa

The BSOD Doctor
Furthermore, if we look at the current main OS's and devices they're on (purely desktop OS's, not including mobile)

Chromebooks: Yes, I'm including this. A lot of people still frown on them, but really, they were just released too early, but they're gaining traction hugely as more and more processing is done server side over the web.
Chromebooks have had the Titan C security chip embedded at a hardware level since 2017 https://showcase.withgoogle.com/titan-c/
Google supports any chromebook for 6.5 years by default, but they've just announced expansion of some devices to 2025: https://www.laptopmag.com/uk/articles/chromebook-6-years-expiration

MacOS: all Macs have a T2 chip embedded since 2018. Worth bearing in mind that Apple consider a device end of life far earlier than any other vendor, currently anything before 2015 is considered EOL and not supported. https://support.apple.com/en-gb/HT208862

Windows systems: all X86 motherboards were forced to have TPM headers since 2016.

Linux: Remember Linux runs on the same hardware as windows systems, so again, all Linux machines have had TPM functionality at a hardware level since 2016.

Based on that, this relates to when OS platforms enforce hardware security:

Apple - 2025 (when EOL is realised on devices that don't have T2 chips)
Microsoft - 2025 (when windows 10 support ends)
Google - 2025 (when extended support on legacy devices expires)
Linux - ?

I don't think this is a coincidence. My guess is that passwords will be deprecated on the web by all major players in 2025 (as it currently stands) and authentication methods will be forced to biometrics.
What's the reason for not supporting pre-series 8 Intel CPUs then?
 

SpyderTracks

We love you Ukraine
Top