Not since Apple promised to make the Apple IIgs behave more like an Apple II has a major vendor pitched the re-emergence of an old and discarded feature as a key value proposition.
The first glimpses of Microsoft’s marketing pitch for Windows 10, which officially begins July 20, features a classic desktop with the returned Start Menu.
The resurrection of the feature that defined Windows XP in the 1990s may not be tremendously exciting for Microsoft’s manufacturing and development partners. So during the company’s Worldwide Partner Conference in Orlando this morning, it tried selling partners on the idea of informing their customers that any Windows device that doesn’t get upgraded to version 10 in two weeks is fundamentally insecure.
“If you’re not keeping your devices up-to-date, they are not secure,” said Terry Myerson, Microsoft’s executive vice president for the newly-merged Windows and Devices Group.
Upgrade or Peril
The context of Myerson’s message came during an explanation of its forthcoming continual update service, which will be offered to enterprise customers on an opt-in basis.
Although consumers using Windows 10 will be offered security and feature updates as soon as they’re ready, rather than the first Tuesday of every month, enterprises will have the option of supplying those updates to client systems on their own terms and itineraries.
The new Windows Update “rings” are a long sought-after feature that many sysadmins attending the Ignite conference last May said could be the only real reason for their organizations to upgrade to Windows 10.
But underlying Myerson’s message is the clear implication that this service will only be operational on the Windows 10 platform. From July 29 forward, Win10 may be the only way for enterprises to be truly up-to-date, as Myerson now describes it.
“If you care about security, if you care about the ability to defend against these modern threats, you need Windows 10 on modern hardware,” said Myerson. “These security capabilities run across the entire device family, from PCs, tablets, phones, and last but certainly not least, Windows for the Internet of Things.”
LockdownTo this last point, Microsoft Product Planner Roanne Sones demonstrated how embedded point-of-sale systems such as credit card readers endowed with Windows 10 will successfully thwart the types of rogue identity theft exploits that plagued Target and Home Depot stores in November 2013.
Those exploits were attributed to a relatively old piece of malware that targeted old versions of Windows XP, some of which continue to run POS systems to this day.
Sones placed what she described as a malicious program image into a cash register’s credit card reader through its microSD port. But then the reader failed to boot, by virtue of an active policy in Windows 10 systems that allows only signed, trusted software to boot.
“What the IT pro has done is essentially use Secure Boot to lock down the boot process,” she explained, “to only run signed images that he has created... Out of the box, Windows 10 has provided enterprise-grade security. This is something that no other platform can deliver without significant investment, both in money and resources.”
That’s actually a little bit debatable. Secure Boot has actually been a feature Microsoft has tried to implement in some form since Windows Vista, and was first made fully operational in Windows 8.
But in Windows 10, the forthcoming Device Guard feature Sones also demonstrated will couple with Secure Boot to enable admins to take pro-active measures against malware, going so far as to prevent any applications from running on devices at all except those signed and trusted by admins.
This coupling would most certainly have prevented the Home Depot, Target and related incidents, assuming that admins were on-hand to be as pro-active as Sones and Myerson (and the rest of the world) would prefer to them to be.
As the preview period for Windows 10 draws to a close, Microsoft’s concluding pitch to partners for the key reason that businesses and enterprises should move to Windows 10 was unmistakable: They will be less secure if they don’t upgrade.