A few short weeks ago, Microsoft launched the very latest version of its desktop operating system (OS), Windows 11. In security terms, Windows 11 is very much Windows 10 with knobs on. Or what Spinal Tap's Nigel Tufnel might describe as Windows 10 turned up to 11.
Unlike Tufnel's description of his infamous "one louder" amps though, the Redmond software giant's approach to security shows signs of intelligence at work. And its reassuringly sensible, evolutionary approach indicates that Microsoft thinks it is on the right track.
Its aim for Windows 11 is much the same as it was for Windows 10: To make changes that take entire classes of vulnerabilities off the table for attackers. In broad terms, its approach is to use virtualization to create safe, protected environments for sensitive operations, and to build trust from the ground up, on top of trustworthy hardware specs.
In fact, a lot of what makes Windows 11 better for security than Windows 10 is that Microsoft is simply making things that are optional in Windows 10 mandatory (or at least a default) in Windows 11.
So, unlike some of the previous transitions between major versions of Windows, there is a very obvious continuity between the two most recent versions, and a sense that Windows 11 is just the latest version of Windows 10.
And it seems that continuity is now flowing upstream as well as down.
Last week Microsoft used its announcement about the availability of the Windows 10 November 2021 Update to reveal that Windows 10 is ditching its twice-yearly release schedule and moving to the calmer annual release cycle of its sibling:
"We will transition to a new Windows 10 release cadence to align with the Windows 11 cadence, targeting annual feature update releases ... The next Windows 10 feature update is slated for the second half of 2022."
This is not a security announcement per se—sysadmins will still have to digest enormous patch furballs on the second Tuesday of every month when the LCU (Latest Cumulative Update) is released—but we reckon it is good for security.
I asked Malwarebytes’ Windows expert Alex Smith, the brains behind our recent, detailed assessment of whether or not Windows 11 is any good for security (spoiler alert: yes, it is) for his thoughts.
Smith's take: This switch can only help security.
It will be a welcome change by most, especially software developers, IT admins, technicians, help desks, Microsoft itself, and end users. Having to plan for and support a new Windows OS build every six months was a chore and led to lots of late adoption or deferment, which could impact security.
Smith says the new release schedule should give everyone a little more breathing space to prepare, adopt, and react to Windows releases, which could lead to:
- Higher adoption rates of the latest builds.
- Reduced build fragmentation in the ecosystem.
- More time for Microsoft to stabilize its updates before releasing them.
- Fewer "headaches" for software developers, IT admins, support staff, and users.
Of course it is just breathing space, and there is no guarantee it will be used productively. Most businesses are more than capable of over-committing security and IT staff, and the window of opportunity will close quickly, but there is a window.
Perhaps it will provide an opportunity for some organizations to run the rule over Windows 11.
Alongside revealing its changes to the Windows 10 release schedule, Microsoft also announced it was increasing the pace of the Windows 11 rollout, "making the Windows 11 upgrade more broadly available to eligible Windows 10 devices". This is also good news. Microsoft can only achieve its lofty aim of making classes of vulnerability obsolete when Windows 11 is predominant, but the operating system's beefed-up security comes at the cost of eye-watering hardware demands, which seem likely to chill the pace of adoption.
Anything that gives them a bit of warming sunshine is to be welcomed.