While Windows Defender is much better than it used to be against malware and viruses and the operating system itself is more secure, Microsoft are acknowledging with Windows 11 that the cybersecurity ‘arms race’ requires more than just good software.
As we mentioned previously, Windows 11 requires a TPM 2.0 module to install. A TPM (Trusted Platform Module) is a specially designed security chip that has its own unique and unchangeable key and can handle cryptographic requests (you can read a little more on TPMs in our previous article here). It can also be used to perform an “attestation”. This function works as follows: The TPM can take a snapshot of your hardware and software configuration, and store it securely so that, if Windows requests it, it can be checked against your current configuration to make sure (attest to the fact that) your device hasn’t been tampered with. This makes it incredibly difficult for regular malware to interfere with the boot (start-up) process of your device, meaning that Windows can check itself to see if there are any security problems.
A TPM isn’t just for Windows. In fact, many pieces of software will use one, if it is available, to perform cryptographic functions – because it’s far more secure and resistant to hacking than software encryption. Chrome, Firefox, Thunderbird and Outlook all make use of a TPM, if available.
Windows Security (previously known by many other names, including Windows Defender and Microsoft Defender Antivirus) started off as little more than a joke, really – at its original release on Windows XP it performed quite poorly in comparison to other available antimalware and antivirus packages at the time, although it was still better than nothing for those who would otherwise have no security. It’s improved dramatically since then, and Windows 10 and 11’s implementation of it are good enough for many personal/home users to not need additional security software.
It’s important to note that for businesses and organisations, however, we would still recommend consulting with your IT support department, as a managed antimalware service or other security solution may be more suitable, especially if your organisation is high risk or deals with sensitive data, as many do.
All in all, Windows 11 is the most secure version yet. Microsoft will continue to make improvements and release patches throughout Windows 11’s lifecycle to help keep users’ information secure and help protect them from the threats lurking out there in the wilds of the internet.