Windows 11 TPM 2.0 benefit against attacks demonstrated by Microsoft

By Ewdison Then/Oct. 13, 2021 12:27 am EST

Unlike with Windows 10, Windows 11's upgrade woes started even before it landed on any hardware, including those of testers. The operating system's list of requirements left many users, both experts and novices, scratching their heads in confusion. While Microsoft finally did clarify the bare minimum it considers fit for Windows 11, there remain a few misgivings about some of those, particularly the ones related to security. Microsoft, however, is adamant about how critical TPM and its friends are to Windows 11 security and is only too happy to demonstrate why.

TPM 2.0, or Trusted Platform Module version 2.0, is admittedly already present on many pre-built PCs from the past two or three years, but there is still enough room for uncertainty in that regard. Some might have the hardware installed but disabled, making owners mistakenly believe they don't meet Windows 11's upgrade requirements. There are also custom-built PCs from just the last year or two that may not have envisioned they'd ever need the module in the immediate future.

Nonetheless, Microsoft wants everyone to know how important Windows 11's security-related requirements are to modern computing, both personal and enterprise. Specifically, TPM 2.0 and the new virtualization-based Security or VBS are designed to mitigate or even completely block malicious attacks even before they can take root.

In a recent video shared by the company, security expert Dave Weston demonstrates the various strategies used by hackers, both remotely or in-person, to compromise Windows security. In addition to the usual brute force hacking, ransomware installation, and remote desktop access, Weston also showed devices like a PCI Leech that can be used to bypass biometric authentication like fingerprints. The latter is blocked by VBS, which puts security-critical parts of the operating system in a separate and hardened enclave.

Unfortunately, VBS also has its own downsides revealed by some benchmark tests. The security feature apparently causes some performance hits in gaming, for example, leading to a sub-par experience for a Windows release that's supposed to be gaming-friendly. Microsoft is unlikely to backtrack on Windows 11's hard requirements, but it does need to not only improve its messaging but also fix some of those bugs that make security look like an inconvenience rather than a must-have.