Microsoft has been busy releasing news of upcoming Windows 10 features which will improve several age old issues. The password has been a thorn in the side of users since its inception, and with Windows Hello, Microsoft may have an answer to that. They have also detailed the evolution of their System Volume space savings which first debuted last year with WIMBoot. Finally, Microsoft has finally confirmed a launch timeframe for Windows 10, which will ship “this summer” in many countries and languages.

Windows Hello

With Windows Hello, Microsoft is taking a new spin (for them) at authentication. Everyone knows about passwords, and most people are aware of the many issues with passwords, such as password reuse, non-strong passwords, and the like. Passwords are great for computers, but awful for people. Truly strong passwords need to be unique per system or site, and should be long alphanumeric strings. The problem is people are not good with passwords. Windows Hello wants to solve this with multifactor authentication using biometrics and physical devices. Yes, we have seen biometrics before. Even on Windows, device makers like Lenovo have been including fingerprint scanners for many years. We have seen the rise of the TouchID fingerprint reader on the iPhone, which owners have embraced as a much easier way to authenticate themselves to their phone.

Microsoft will be taking a two pronged approach to authentication. The first is the actual authentication. Windows Hello will work with several biometrics, including fingerprint scanners, facial recognition, and iris scanning, as examples. This will be used in conjunction with hardware cryptography on the device to unlock the device. Microsoft is claiming false unlocks at around one in one hundred thousand. Fingerprints are well known, but the facial recognition will not rely on just a webcam, but rather will require new hardware such as the Intel RealSense 3D Cameras to ensure that it is a real person in front of the device and not just a photo. The unlock is tied to the actual device, and none of the unlock information is ever sent off of the device. Existing fingerprint readers can be used with Windows Hello.

Intel RealSense 3D Camera Module

Since this is not even in the latest build of Windows 10, there are a lot of questions still to be answered. Microsoft has said that they have evolved authentication from what they have learned with Kinect, so they do have some background with this technology. However my experience with Kinect is that it is not very good at authenticating, and with something as important as unlocking my PC I will be skeptical until proven otherwise. Regardless, it is hard to deny that the password has outlived its usefulness, so any research and advancement in this area can only be a good thing.

The second prong of the approach is using your device authentication to allow access to services and websites which require authentication. Microsoft is integrating Windows Hello into a new service code named Passport. Passport is a method of authenticating to external services using public-private key cryptography. Rather than login to OneDrive.com (as an example) with a username and password, and possibly a second factor like an authenticator app, you will log in to your device with Windows Hello (which is two factors – your device and your biometrics), and your device will then authenticate to the service using public-private crypto. This way, if a service is ever compromised, the attacker would just get a public key for your user, which would be useless. The private key would be locked on your device. Passport will be integrated with Azure Active Directory on day one, and Microsoft is hoping to expand the capability of the service through the FIDO alliance. As with anything security related, this is a good step, but we need to see the full details.

WIMBoot Evolution

Windows 8.1 Update 1 brought along a piece of technology called WIMBoot, which allowed Windows to save space on the system drive by keeping the system files in a compressed WIM (Windows Imaging) file on the recovery partition. Traditionally, files are kept as the WIM file for recovery and extracted to the C: drive for use by the operating system. WIMBoot allowed system manufacturers to free up space by removing the redundant files and just using the compressed copy. It was not perfect though. OEMs could still add in their own files to the WIM, significantly increasing the size of the recovery partition. These files could never be removed, so if an OEM just stuck a bunch of unnecessary software in the WIM, that space could never be reclaimed. The recovery partition could not be removed on devices with WIMboot. Although the idea of booting off of the WIM file had merit, it was not always ideal.

Microsoft is evolving this process. Instead of keeping system files in a compressed WIM file on the recovery partition, they have instead gotten rid of the recovery partition. This will free up a significant amount of space that is often dedicated to this, even on devices which never used WIMBoot. The new reset and refresh functionality will rebuild the operating system in place using runtime system files. This takes up less space, and it will keep security updates for system files in place to avoid having to download them again after recovery.

Also, Windows 10 will compress system files if appropriate to the system. During the upgrade, the process will look at several factors and compress the system files if doing so will not adversely affect system performance. This likely means that the system has enough processing power and disk speed that impact will be minimal or non-existent. OEMs will be able to determine if their devices can and should have this done as well, and incorporate It into new devices.

Windows Store apps will also benefit from this compression. This will allow more user data to be stored, which is a win, especially on low cost devices with limited storage.

Microsoft is claiming this new compression and lack of a recovery partition can free up over six gigabytes on a 64 bit system. In practice, it could easily be much higher, since the recovery partition can be well over seven gigabytes on its own once the additional software is added. However, their numbers would most likely be comparing to a device which did not leverage WIMBoot in the first place.

Windows 10 Launch Timeframe

The final bit of news from the software company is that Windows 10 is going to ship “this summer” in 190 countries and 111 languages. They have also detailed how they hope to get the free upgrade to Windows 10 underway. In China, partnerships with Lenovo, Tencent, and Qihu 360 will assist customers in getting the upgrade done. Lenovo will offer Windows 10 upgrades at 2,500 service centers and retail stores in China. Tencent will offer free upgrades to Windows 10 for its customers as part of an upgrade pack which also includes some of their own software. They will also be creating a universal app for their QQ app which has over 800 million customers in China, as well as bringing some of their gaming IP such as League of Legends to the Windows Store. Qihu 360 will also be offering Windows 10 to their customers with streamlined installations and accelerated download speeds.

With the current state of the Windows 10 Technical Preview, it seems hard to believe that Windows 10 will be launched by September at the latest. However we have not seen a new build for Windows Insiders since the January build came, so internally employees may be working on much more stable code. Hopefully this is the case, and hopefully the speed of new builds is increased as well. There has been news in the Windows 10 Insider Hub that the rollout of new builds is going to increase, but that has not happened yet. I would get a quote from the Insider Hub, but the app will not currently launch on my Windows 10 desktop which explains my surprise at the launch timeframe being so soon.

If Microsoft can hit the back to school crowd, it would certainly help out with both PC sales and Windows 10 market penetration, but that is not something that they have hit with either Windows Vista or Windows 8 or any of its derivatives.

Source:
Windows Blog: Windows Hello, WIMBoot Evolution, Windows 10 Launch Timeframe

POST A COMMENT

50 Comments

View All Comments

  • antihelten - Wednesday, March 18, 2015 - link

    Quote from Insider Hub:

    "
    We’ve heard your feedback asking for more frequent builds—and as Gabe mentioned in his recent blog post, we’ve probably been too conservative about pushing builds to the Fast ring for Windows Insiders. So we’re preparing to speed up the build releases for those who want to live life in the Fast lane.

    The good news is that Insiders who choose Fast will be getting fresher code, with all of the features and fixes, more often. The potential downside is that as we go faster, the builds will likely include more bugs with fewer workarounds. If this doesn’t sound like something you want to deal with, now is your time to switch to Slow.

    On your PC, you can change this option in Settings > Update & recovery > Advanced options:

    On your phone, you can change this setting in the Windows Insider app:

    Going forward there will be a more discernable difference between the cadence and level of polish of preview builds sent to our Fast and Slow rings. Insiders who choose to keep the default setting of Slow will still receive preview builds, however they will arrive less frequently and with a higher degree of polish."

    I tried changing to "fast" updates and updating, but nothing except an update for windows defender and a system hardware update popped up.
    Reply
  • npz - Wednesday, March 18, 2015 - link

    Will you still be allowed the password method of authentication? Or some multifactor combination of your choosing, like password and mobile device?

    I don't like biometrics. First because it's tied to you biologically. The data is not secret, accessible from public places and you can't change it, not to mention being captured by adversaries. Second, related to the first, it can be copied. Fingerprints can be lifted and used and I bet Intel's RealSense 3D can be overcome by a 3D printed sculpt of the person's head created from photos. Also, what happens if your face changes?

    "The unlock is tied to the actual device, and none of the unlock information is ever sent off of the device."
    - this seems like a hack away from impersonating you, without going through the trouble of physically simulating the biometric input (fingers/face)
    Reply
  • nathanddrews - Wednesday, March 18, 2015 - link

    How about options for NO authentication? No cloud identity, no Azure, etc.? I want the computer in my living room to be "xxxN0sc0p3420xxx" and be tied to NOTHING but services I choose and my home network for file transfers and remote access. Reply
  • jimbo2779 - Wednesday, March 18, 2015 - link

    It's always been an option to use password or no password, I would imagine that this will remain the same and these new login options be optional.

    Not everyone is going to have the requisite sensors for these new login methods, in fact hardly any will at first so the current methods will remain and that will include no password as it always has.
    Reply
  • npz - Wednesday, March 18, 2015 - link

    What I'd like to know is if you can use multifactor authentication with password.

    From the article, it sounds like multifactor authentication is tied to biometrics
    Reply
  • Brett Howse - Wednesday, March 18, 2015 - link

    Unlikely. You can do two factor now. They don't normally get rid of things like this since many businesses use it. Reply
  • DanNeely - Wednesday, March 18, 2015 - link

    Nope. If your computer doesn't have an Intel Realsense 3D Camera you won't be able to use Windows 10. Suddenly MS's offer of a free upgrade for every computer running WIn7 or Win8 makes sense; exactly 0.00000...% of those old computers have the camera needed to log on, so they're not actually giving away any upgrades for free.

    /sarcasm
    Reply
  • FlushedBubblyJock - Wednesday, March 25, 2015 - link

    Appreciate the corpo money pig bashing, but would like the real answer as that is definitely only part of it.
    I deeply suspect that the NSA has a extra few billion plus it's dying to unload for some more covert we never do that, ever, practices, to keep us all safe, of course.
    Thus, they(NSA/homeland security) get the big secret data muggy as all the end users choose door #Windows 10, for free.
    Can't prove me wrong unless freedom really did ring, sorry about that, not my fault though.
    Reply
  • eanazag - Wednesday, March 18, 2015 - link

    From a security standpoint on bio-metrics -
    Your finger prints don't really change over a lifetime. Your face and iris does over time, though the time frame for those changes is pretty long. From what I heard is the iris can change enough in two years that those bio-metric systems would not recognize you.

    Biometrics raises interesting issues; especially multifactor biometrics. A computer that can recognize you with certainty can provide a lot of tracking capability. This has huge implications in the world where we live now - state funded surveillance.

    Basic concern with computers = if the computer has the hardware capabilities to do something, someone will find a way to circumvent the restrictions to do just that.
    Reply
  • mapesdhs - Sunday, March 29, 2015 - link


    Fingerprints can change over time. There was a piece about this in New Scientist recently.

    Besides, fingerprinter anlaysis conclusions are not that reliable anyway, because they
    don't check the entire print (never have). The assumption they're unique is and always
    has been false, claims made by legal types were never done after any kind of baseline
    check/research. A classic myth that's persisted for far too long, as bad as the notion
    that genetic tests are unique (already been several cases of mistaken identity; in a
    population like the UK's 60M, a typical genetic test will match several dozen people
    elsewhere in the country, give or take; it's not a lot, but more than enough for screwups
    to have occured by now, and they have).

    Biometrics for access to PCs, etc. is a huge can of worms. It'll be a mess; the tech
    industry has a rotten track record of implementing this sort of thing, and with the NSA
    & other agenices poking their noses in all the time, nothing is going to be totally secure
    anyway because govts. don't want them to be.

    Ian.
    Reply

Log in

Don't have an account? Sign up now