Windows 11: TPMs and Digital Sovereignty

[atom0s]

For the time being, it looks like Microsoft is 'somewhat' listening to the backlash in regards to the requirements, specifically the TPM 2.0 requirement for Windows 11. The new insider build has the requirement removed for now but they tried to justify its use in a new blog post. However, I think the post really helps show how out of touch they are in regards to why they are trying to require it in the first place with quotes like this:

Quote:

Windows 11 raises the bar for security by requiring hardware that can enable protections like Windows Hello, Device Encryption, virtualization-based security (VBS), hypervisor-protected code integrity (HVCI) and Secure Boot. The combination of these features has been shown to reduce malware by 60% on tested devices.

Which implies anyone/everyone with Windows 8.1/10 that had support for thos stuff used it. Can't say I would even agree to them saying that 60% of the users on Windows 10 make use of things like Windows Hello or even have a device capable of doing it. Let alone using things like drive encryption or similar. General home users aren't using these things, or even know how to use them most of the time.

New requirements are listed here for now along with their reasonings behind them:

Code:

https://blogs.windows.com/windows-insider/2021/06/28/update-on-windows-11-minimum-system-requirements/

Given that all of these dumb requirements can already be bypassed pretty easily, and will continue to be bypassed, it wont do anything in a positive manner besides having people look for means/methods of getting around the dumb nonsense they want to try to force. For example, other requirements they wanted to push is that Windows Hello (and in turn an HD web camera) are required by any partner OEM that plans to ship new laptops with Windows 11 pre-installed.

Stuff like this being on-by-default and used by non-computer literate people just means more telemetry data for MS to collect and bank off of. Their requirements aren't made for security, or stability, it's entirely based around money.

[DavidXanatos]

Quote:

Windows 11 raises the bar for security by requiring hardware that can enable protections like Windows Hello, Device Encryption, virtualization-based security (VBS), hypervisor-protected code integrity (HVCI) and Secure Boot. The combination of these features has been shown to reduce malware by 60% on tested devices.

I'm, sure this 60% value is BS that's not possible most people will never benefit form TPM or secure boot.

[atom0s]

Quote:

Originally Posted by DavidXanatos

I'm, sure this 60% value is BS that's not possible most people will never benefit form TPM or secure boot.

Yeah, it's more of Microsoft doing their typical 'buzzword' fear-mongering approach to advertisement. Scare the boomers with scary words that sound important and release a tool at the same time to induce fake panic to get people to go out and buy new hardware. It's a win/win for Microsoft and its partners. Partners sell more hardware that comes pre-installed with Windows 10 (in a ready-to-upgrade state) or now with 11, which in turns feeds Microsoft with all the new telemetry customers that they'll gain.

Would personally bet that they have no actual data to back up those numbers and base it on a large sample of bias data.

The main places that would even benefit from things like TPM 2.0, secure boot, full drive encryption, etc. are major companies/corps. that half the time are still running things like XP or Win7 because they wont spend the money to upgrade their backends to anything newer. A lot of them also do not want Win10 spying on their internal information/trade secrets, regardless of how many times MS wants to claim they aren't 'spying' on that kind of info.

Home users have literally no interest in those features for the 99%. The 1% are the nerd/neckbeards that have homelabs and think their side hobbies are targeted by foreign hackers lol. If they had real numbers to back up their claims, they'd share and post them, but instead like every other company that lies, they just throw out articles that try to fear people into upgrades.