Microsoft has been busy releasing news of upcoming Windows 10 features which will improve several age old issues. The password has been a thorn in the side of users since its inception, and with Windows Hello, Microsoft may have an answer to that. They have also detailed the evolution of their System Volume space savings which first debuted last year with WIMBoot. Finally, Microsoft has finally confirmed a launch timeframe for Windows 10, which will ship “this summer” in many countries and languages.

Windows Hello

With Windows Hello, Microsoft is taking a new spin (for them) at authentication. Everyone knows about passwords, and most people are aware of the many issues with passwords, such as password reuse, non-strong passwords, and the like. Passwords are great for computers, but awful for people. Truly strong passwords need to be unique per system or site, and should be long alphanumeric strings. The problem is people are not good with passwords. Windows Hello wants to solve this with multifactor authentication using biometrics and physical devices. Yes, we have seen biometrics before. Even on Windows, device makers like Lenovo have been including fingerprint scanners for many years. We have seen the rise of the TouchID fingerprint reader on the iPhone, which owners have embraced as a much easier way to authenticate themselves to their phone.

Microsoft will be taking a two pronged approach to authentication. The first is the actual authentication. Windows Hello will work with several biometrics, including fingerprint scanners, facial recognition, and iris scanning, as examples. This will be used in conjunction with hardware cryptography on the device to unlock the device. Microsoft is claiming false unlocks at around one in one hundred thousand. Fingerprints are well known, but the facial recognition will not rely on just a webcam, but rather will require new hardware such as the Intel RealSense 3D Cameras to ensure that it is a real person in front of the device and not just a photo. The unlock is tied to the actual device, and none of the unlock information is ever sent off of the device. Existing fingerprint readers can be used with Windows Hello.

Intel RealSense 3D Camera Module

Since this is not even in the latest build of Windows 10, there are a lot of questions still to be answered. Microsoft has said that they have evolved authentication from what they have learned with Kinect, so they do have some background with this technology. However my experience with Kinect is that it is not very good at authenticating, and with something as important as unlocking my PC I will be skeptical until proven otherwise. Regardless, it is hard to deny that the password has outlived its usefulness, so any research and advancement in this area can only be a good thing.

The second prong of the approach is using your device authentication to allow access to services and websites which require authentication. Microsoft is integrating Windows Hello into a new service code named Passport. Passport is a method of authenticating to external services using public-private key cryptography. Rather than login to OneDrive.com (as an example) with a username and password, and possibly a second factor like an authenticator app, you will log in to your device with Windows Hello (which is two factors – your device and your biometrics), and your device will then authenticate to the service using public-private crypto. This way, if a service is ever compromised, the attacker would just get a public key for your user, which would be useless. The private key would be locked on your device. Passport will be integrated with Azure Active Directory on day one, and Microsoft is hoping to expand the capability of the service through the FIDO alliance. As with anything security related, this is a good step, but we need to see the full details.

WIMBoot Evolution

Windows 8.1 Update 1 brought along a piece of technology called WIMBoot, which allowed Windows to save space on the system drive by keeping the system files in a compressed WIM (Windows Imaging) file on the recovery partition. Traditionally, files are kept as the WIM file for recovery and extracted to the C: drive for use by the operating system. WIMBoot allowed system manufacturers to free up space by removing the redundant files and just using the compressed copy. It was not perfect though. OEMs could still add in their own files to the WIM, significantly increasing the size of the recovery partition. These files could never be removed, so if an OEM just stuck a bunch of unnecessary software in the WIM, that space could never be reclaimed. The recovery partition could not be removed on devices with WIMboot. Although the idea of booting off of the WIM file had merit, it was not always ideal.

Microsoft is evolving this process. Instead of keeping system files in a compressed WIM file on the recovery partition, they have instead gotten rid of the recovery partition. This will free up a significant amount of space that is often dedicated to this, even on devices which never used WIMBoot. The new reset and refresh functionality will rebuild the operating system in place using runtime system files. This takes up less space, and it will keep security updates for system files in place to avoid having to download them again after recovery.

Also, Windows 10 will compress system files if appropriate to the system. During the upgrade, the process will look at several factors and compress the system files if doing so will not adversely affect system performance. This likely means that the system has enough processing power and disk speed that impact will be minimal or non-existent. OEMs will be able to determine if their devices can and should have this done as well, and incorporate It into new devices.

Windows Store apps will also benefit from this compression. This will allow more user data to be stored, which is a win, especially on low cost devices with limited storage.

Microsoft is claiming this new compression and lack of a recovery partition can free up over six gigabytes on a 64 bit system. In practice, it could easily be much higher, since the recovery partition can be well over seven gigabytes on its own once the additional software is added. However, their numbers would most likely be comparing to a device which did not leverage WIMBoot in the first place.

Windows 10 Launch Timeframe

The final bit of news from the software company is that Windows 10 is going to ship “this summer” in 190 countries and 111 languages. They have also detailed how they hope to get the free upgrade to Windows 10 underway. In China, partnerships with Lenovo, Tencent, and Qihu 360 will assist customers in getting the upgrade done. Lenovo will offer Windows 10 upgrades at 2,500 service centers and retail stores in China. Tencent will offer free upgrades to Windows 10 for its customers as part of an upgrade pack which also includes some of their own software. They will also be creating a universal app for their QQ app which has over 800 million customers in China, as well as bringing some of their gaming IP such as League of Legends to the Windows Store. Qihu 360 will also be offering Windows 10 to their customers with streamlined installations and accelerated download speeds.

With the current state of the Windows 10 Technical Preview, it seems hard to believe that Windows 10 will be launched by September at the latest. However we have not seen a new build for Windows Insiders since the January build came, so internally employees may be working on much more stable code. Hopefully this is the case, and hopefully the speed of new builds is increased as well. There has been news in the Windows 10 Insider Hub that the rollout of new builds is going to increase, but that has not happened yet. I would get a quote from the Insider Hub, but the app will not currently launch on my Windows 10 desktop which explains my surprise at the launch timeframe being so soon.

If Microsoft can hit the back to school crowd, it would certainly help out with both PC sales and Windows 10 market penetration, but that is not something that they have hit with either Windows Vista or Windows 8 or any of its derivatives.

Source:
Windows Blog: Windows Hello, WIMBoot Evolution, Windows 10 Launch Timeframe

POST A COMMENT

50 Comments

View All Comments

  • Wolfpup - Thursday, March 19, 2015 - link

    I’m with Brett about being really skeptical about optical recognition. It would be AWESOME if it worked reliably, but I’d personally be worried it would unlock for other people or could be fooled some other way.

    It SEEMS like it works on the Xbox One, but then I’m the only person using it, and I’ve never actually tested…plus of course I turned off Kinect anyway LOL. But when it was on it at least SEEMED like it was grabbing my face.
    Reply
  • Brett Howse - Friday, March 20, 2015 - link

    Oh no it's completely broken on the Xbox One with Kinect. My son is almost always recognized as me (he's 8 btw) and I'm never recognized no matter how many times I train it. Best update on Xbox One was when they removed the Kinect sign-in and allowed other forms of sign in to be the default. Reply
  • TheDarkKnight - Friday, March 20, 2015 - link

    "Regardless, it is hard to deny that the password has outlived its usefulness, so any research and advancement in this area can only be a good thing."

    Just like water has outlived its usefulness? Your retarded. That's all.
    Reply
  • tionls21 - Saturday, March 21, 2015 - link

    I or one am excited about trying Windows 10. I follow an article from SmartKey Password Recovery software website, which is telling us how to install Windows 10 to our pc or Mac. You can Google Search " How to Install Windows 10 on Your Windows and Mac PC posted by Michael Eric" to find it out. Reply
  • twotwotwo - Tuesday, March 24, 2015 - link

    For folks arguing about biometrics: imperfect auth can still be worth it, especially if it's easy enough more people will use it or you'll be able to use it more often. If your average teenager could get in after watching a 5-minute YouTube tutorial, OK, that's not so great, but I'm not really worried if there's just some reliable but troublesome way to clone my fingerprint or something; it still helps with the common cases of casual snoops and typical laptop thieves.

    And if competent professionals really are after ye Lucky Charms, you should control physical access to the box anyhow, especially if it's running with only a lockscreen in front of your data.
    Reply
  • FlushedBubblyJock - Wednesday, March 25, 2015 - link

    ".....they have instead gotten rid of the recovery partition......The new reset and refresh functionality will rebuild the operating system in place using runtime system files."

    Great... for mobile dweebs with tiny 32 and 64 memHD's - while the rest of 97% of us have gigantic hard drives and or exceeding space... and WHAT tiny little msft windows mobile had a restore anyway? All for the failed windows slate ?

    Man, so now hackers can attack windows files and trash the whole windows and the digndang restore that is all mixed in on the same partiotion, not locked on another inaccessible by default partition... GREAT THAT WILL SURELY DO WONDERFULLY....

    Man...oh crud... same partition, same infected viral repository... WAY TO GO LESS IS BETTER...
    i'm so mad
    Reply
  • JonnyDough - Friday, March 27, 2015 - link

    I'm glad that we got a Win10 update but this article is horribly written. Very short sentences and some extra fluff. Could we get an editor please? I understand somewhat if English is not your first language but that's what editors are for. Reply
  • JonnyDough - Friday, March 27, 2015 - link

    Ok, so really it was just the first two paragraphs and a few things I noticed after that. Sorry, it took a bit to get to the meat I think. Reply
  • JonnyDough - Friday, March 27, 2015 - link

    I reject Windows 10, not only are they data mining us and moving stuff to the cloud more and more, but now they have my biometrics too. No thanks. Anonymity is biting the dust and I really don't care for it. This movement (especially with the current administration) is something we should fear - we don't need to be classified and sorted in a database. That's what Hitler did with his IBM counting machines. Reply
  • Shadowmaster625 - Tuesday, August 4, 2015 - link

    And yet there will still be some retarded winsxs folder containing 14 different copies of mshtml.dll, each one varying only slightly. Better compression could consolidate all those 20MB copies of mshtml.dll into one single 30MB archive, instead of occupying 250 MB and using dumb compression to mtake it down to 180MB. Reply

Log in

Don't have an account? Sign up now