Windows 11 The Lockdown
Written by Mike James   
Wednesday, 07 July 2021

It is a surprise that Windows 11 is a thing at all, given that Microsoft promised that Windows 10 would be the last version of Windows. The idea of a continuous update has been abandoned, but why does Microsoft need Windows 11? The answer is almost certainly lockdown.

One of the trends in computing is that as time ticks on we lose more and more control over the hardware. Back in the days of the home computer revolution you bought a computer and did what you like with it. The idea that you couldn't run some software due to artificial restrictions was silly. The machine was yours to do what you like with and if you created a program you could give it away or sell it without hindrance from the company that made the hardware.

Today, of course, things are very different. Cryptography has provided methods that allow hardware to be locked down in such a way that you don't really own your computers any more. This is almost always presented to the user as "protection". The idea being that the user can only run software that has been checked and validated by a "higher power".

Many users, and not just those ignorant of tech, regard this as a good swap - freedom they rarely exercise in return for security. Many others, mostly tech savvy, regard it all as an unnecessary security ploy that is in fact all about keeping the customer penned inside a walled garden of profit.

Windows was too early to catch the crypto boat that allows this sort of lockdown. It was only later that Apple introduced us to the idea that software was exclusive to its hardware. Ever since, however, we have had the impression that Microsoft would like to follow Apple down that particular road. Repeated attempts to lock down Windows, via activation numbers and hardware finger printing, secure booting and using crypto hardware, have been watered down at the last minute due to user objections. Window 11 is another attempt to lock the OS down so that only Microsoft truly controls it.

The tech world was a little shocked to discover that Windows 11 would only run on the latest processors. This in itself will probably create mountains of tech waste as large PC users simply opt to upgrade to new hardware.

Until Windows 11 Microsoft issued guidelines on what processor was required and it was up to you to decide if a system was too slow to use. The reasons for restricting Windows 11 to 8th generation devices isn't clear, but what is clear is that a range of security hardware is needed including TPM 2.

TPM2

TPM - Trusted Platform Module - has been around for a while and it is a requirement for Window 10, but it is mostly disabled in the BIOS. Even if you switch it on it has to be coupled with an 8th generation processor to satisfy Windows 11 - and Windows 11 won't work without it. TPM is basically a hardware crypto device with a burned-in identity key. It can be used to generate random numbers, look after keys, generate hash codes and encrypt data. It is already used to enforce licensing in Office 360 and Exchange. It also has an Attestation Identity key that can be used not only to prove identity, but the integrity of installed software. This could be used to lock down a Windows machine so that only valid and unmodified software was running on a verified user's machine. Clearly this has security value, but it also has commercial value if used to enforce rules for what software runs on what device.

Clearly, TPM 2 coupled with other security features has the ability to both improve security and reduce a desktop machine to the status similar to that of a carrier and vendor-locked mobile phone.

Using security to sneak in features which are of a commercial advantage is not a new game. EU digital competition chief, Margrethe Vestager, recently said that Apple must not use privacy excuses to limit competition. Easy to say, but much more difficult to spot and even more difficult to take action against.

So how will Microsoft make use of this?

The key indicator, for me, is that WIndow 11 Home edition cannot be used with a local account. You have to have a Microsoft account to use it and this locks you to Microsoft. This is a sufficient signal, for me at least, to give up on Microsoft Windows and finally move 100% of the time to Linux. For Microsoft the gain from insisting on Microsoft accounts is clear, but I wonder if it takes the dangers at all seriously. It was bad enough when the only browser you could easily use was Microsoft's, what will be made of the fact that the only sign-in authority for Windows 11 is Microsoft? Why can't I sign in with my Google account? This might be a monster that Microsoft are about to lose control of. Unless, of course, there are some U-turns in the road ahead.

windows11inc

More Information

Update on Windows 11 minimum system requirements

Related Articles

Microsoft Gives Devs Option of Keeping 100% Revenue

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

 

Banner


Microsoft Gives Devs Option of Keeping 100% Revenue
28/06/2021

At the same time as the Windows 11 announcement, news came  of a revamped Microsoft Store, which will include Android Apps downloadable from the Amazon Appstore. A change that change comes i [ ... ]



GitLab 14 Offers DIY DevOps Alternative
28/06/2021

GitLab, the web-based repository manager for Git, has been updated with improvements designed to give teams an alternative to maintaining DIY DevOps chains. GitLab supports concurrent devops and issue [ ... ]


More News

square

 



 

Comments




or email your comment to: comments@i-programmer.info

 

Last Updated ( Wednesday, 07 July 2021 )