Home > News content

Microsoft explains why Win11's TPM 2.0 and VBS are necessary

via:IT??     time:2021/10/5 17:05:23     readed:84

IT House October 5 News Microsoft's long-awaited Windows 11 is officially launched today, and there has been much talk about its integrated security features and the stringent system requirements they bring.

The latest focus of the discussion is the Virtual-based Security (VBS) feature, which can negatively impact game performance. UL benchmarks, the publisher of 3DMark software, previously reported that windows 11 systems that turn on VBS can reduce game performance by up to 30 percent.

IT House learned that Microsoft VBS security features isolate programs from the operating system by using hardware virtualization to create secure memory area runners. When this feature is turned on, it can greatly enhance the protection of the system and prevent malicious attacks.

In purely installed Windows 11, VBS is set to on by default (not from Windows 10). In an interview with CRN, David Weston, Microsoft's director of corporate and operating system security cooperation, explained why:

What we've learned from Windows 10 is that if you make things optional, people won't open it. They think it's going to turn on if necessary, so I think that's a big gain, and in Windows 11 we'll provide security for our users by default.

He also explains why it's important to turn on this feature:

Even if someone gets administrator-level permissions (the highest level of permissions), they still can't read the content in this separate VM, making it more secure, exactly the same way the cloud works today.

In addition to sharing his thoughts on VBS, Weston talked about TPM 2.0 requirements in Windows 11:

The initial version of Windows 11 was not the end goal, but the first stop on our journey. We need to make sure that every app developer stores credentials and keys in hardware, TPM 2.0 is just the stage, and that Windows 11 will really get a real scale security boost in the future.

IT House learned that Microsoft claimed that increased security measures had reduced malware infections by 60 percent when it announced its Windows 11 system requirements.

TPM, short for Trusted Platform Module, is a hardware-based security standard that requires devices to be equipped with dedicated loss-proof chips to enhance device security by enabling devices to decode key generation, storage, and authentication more securely. TPM is a key standard for Windows BitLocker encryption, providing hardware-based isolation and encryption that combines security features of Windows 11 systems to respond to threats and protect personal information.

To turn off VBS, you can enter System Information in Windows Search and turn off Virtualization-Based Security on the right side of the open interface.

translate engine: Bing

China IT News APP

Download China IT News APP

Please rate this news

The average score will be displayed after you score.

Post comment

Do not see clearly? Click for a new code.

User comments