Microsoft has been busy releasing news of upcoming Windows 10 features which will improve several age old issues. The password has been a thorn in the side of users since its inception, and with Windows Hello, Microsoft may have an answer to that. They have also detailed the evolution of their System Volume space savings which first debuted last year with WIMBoot. Finally, Microsoft has finally confirmed a launch timeframe for Windows 10, which will ship “this summer” in many countries and languages.

Windows Hello

With Windows Hello, Microsoft is taking a new spin (for them) at authentication. Everyone knows about passwords, and most people are aware of the many issues with passwords, such as password reuse, non-strong passwords, and the like. Passwords are great for computers, but awful for people. Truly strong passwords need to be unique per system or site, and should be long alphanumeric strings. The problem is people are not good with passwords. Windows Hello wants to solve this with multifactor authentication using biometrics and physical devices. Yes, we have seen biometrics before. Even on Windows, device makers like Lenovo have been including fingerprint scanners for many years. We have seen the rise of the TouchID fingerprint reader on the iPhone, which owners have embraced as a much easier way to authenticate themselves to their phone.

Microsoft will be taking a two pronged approach to authentication. The first is the actual authentication. Windows Hello will work with several biometrics, including fingerprint scanners, facial recognition, and iris scanning, as examples. This will be used in conjunction with hardware cryptography on the device to unlock the device. Microsoft is claiming false unlocks at around one in one hundred thousand. Fingerprints are well known, but the facial recognition will not rely on just a webcam, but rather will require new hardware such as the Intel RealSense 3D Cameras to ensure that it is a real person in front of the device and not just a photo. The unlock is tied to the actual device, and none of the unlock information is ever sent off of the device. Existing fingerprint readers can be used with Windows Hello.

Intel RealSense 3D Camera Module

Since this is not even in the latest build of Windows 10, there are a lot of questions still to be answered. Microsoft has said that they have evolved authentication from what they have learned with Kinect, so they do have some background with this technology. However my experience with Kinect is that it is not very good at authenticating, and with something as important as unlocking my PC I will be skeptical until proven otherwise. Regardless, it is hard to deny that the password has outlived its usefulness, so any research and advancement in this area can only be a good thing.

The second prong of the approach is using your device authentication to allow access to services and websites which require authentication. Microsoft is integrating Windows Hello into a new service code named Passport. Passport is a method of authenticating to external services using public-private key cryptography. Rather than login to OneDrive.com (as an example) with a username and password, and possibly a second factor like an authenticator app, you will log in to your device with Windows Hello (which is two factors – your device and your biometrics), and your device will then authenticate to the service using public-private crypto. This way, if a service is ever compromised, the attacker would just get a public key for your user, which would be useless. The private key would be locked on your device. Passport will be integrated with Azure Active Directory on day one, and Microsoft is hoping to expand the capability of the service through the FIDO alliance. As with anything security related, this is a good step, but we need to see the full details.

WIMBoot Evolution

Windows 8.1 Update 1 brought along a piece of technology called WIMBoot, which allowed Windows to save space on the system drive by keeping the system files in a compressed WIM (Windows Imaging) file on the recovery partition. Traditionally, files are kept as the WIM file for recovery and extracted to the C: drive for use by the operating system. WIMBoot allowed system manufacturers to free up space by removing the redundant files and just using the compressed copy. It was not perfect though. OEMs could still add in their own files to the WIM, significantly increasing the size of the recovery partition. These files could never be removed, so if an OEM just stuck a bunch of unnecessary software in the WIM, that space could never be reclaimed. The recovery partition could not be removed on devices with WIMboot. Although the idea of booting off of the WIM file had merit, it was not always ideal.

Microsoft is evolving this process. Instead of keeping system files in a compressed WIM file on the recovery partition, they have instead gotten rid of the recovery partition. This will free up a significant amount of space that is often dedicated to this, even on devices which never used WIMBoot. The new reset and refresh functionality will rebuild the operating system in place using runtime system files. This takes up less space, and it will keep security updates for system files in place to avoid having to download them again after recovery.

Also, Windows 10 will compress system files if appropriate to the system. During the upgrade, the process will look at several factors and compress the system files if doing so will not adversely affect system performance. This likely means that the system has enough processing power and disk speed that impact will be minimal or non-existent. OEMs will be able to determine if their devices can and should have this done as well, and incorporate It into new devices.

Windows Store apps will also benefit from this compression. This will allow more user data to be stored, which is a win, especially on low cost devices with limited storage.

Microsoft is claiming this new compression and lack of a recovery partition can free up over six gigabytes on a 64 bit system. In practice, it could easily be much higher, since the recovery partition can be well over seven gigabytes on its own once the additional software is added. However, their numbers would most likely be comparing to a device which did not leverage WIMBoot in the first place.

Windows 10 Launch Timeframe

The final bit of news from the software company is that Windows 10 is going to ship “this summer” in 190 countries and 111 languages. They have also detailed how they hope to get the free upgrade to Windows 10 underway. In China, partnerships with Lenovo, Tencent, and Qihu 360 will assist customers in getting the upgrade done. Lenovo will offer Windows 10 upgrades at 2,500 service centers and retail stores in China. Tencent will offer free upgrades to Windows 10 for its customers as part of an upgrade pack which also includes some of their own software. They will also be creating a universal app for their QQ app which has over 800 million customers in China, as well as bringing some of their gaming IP such as League of Legends to the Windows Store. Qihu 360 will also be offering Windows 10 to their customers with streamlined installations and accelerated download speeds.

With the current state of the Windows 10 Technical Preview, it seems hard to believe that Windows 10 will be launched by September at the latest. However we have not seen a new build for Windows Insiders since the January build came, so internally employees may be working on much more stable code. Hopefully this is the case, and hopefully the speed of new builds is increased as well. There has been news in the Windows 10 Insider Hub that the rollout of new builds is going to increase, but that has not happened yet. I would get a quote from the Insider Hub, but the app will not currently launch on my Windows 10 desktop which explains my surprise at the launch timeframe being so soon.

If Microsoft can hit the back to school crowd, it would certainly help out with both PC sales and Windows 10 market penetration, but that is not something that they have hit with either Windows Vista or Windows 8 or any of its derivatives.

Source:
Windows Blog: Windows Hello, WIMBoot Evolution, Windows 10 Launch Timeframe

POST A COMMENT

50 Comments

View All Comments

  • tynopik - Wednesday, March 18, 2015 - link

    "it was not always idea." Reply
  • close - Wednesday, March 18, 2015 - link

    Now that 3D printing has gone mainstream how hard is to model a person's facial features based on pictures and print out a 3D model? It's certainly not a walk in the park but definitely easier than guessing or brute-forcing a good password. Reply
  • CharonPDX - Wednesday, March 18, 2015 - link

    The new system Intel has developed doesn't get fooled by that, either. It uses IR to ensure it sees "signs of life" in addition to just a physical match. Reply
  • Azurael - Wednesday, March 18, 2015 - link

    I've never been a fan of using something I can't change for a password.... Reply
  • squngy - Wednesday, March 18, 2015 - link

    You can always use both. Reply
  • LKV1 - Wednesday, March 18, 2015 - link

    This brings up a good point. What is someone is disfigured in an accident? Does that lock them out of their computer permanently? Reply
  • ifrit39 - Wednesday, March 18, 2015 - link

    Most other biometric credential systems use passwords as a back up. In fact, the Galaxy S5 requires that users create a password to register fingerprints. I don't own an apple device, but I'd bet that touchID works the same way and so will any other biometric system Microsoft uses. Reply
  • FlushedBubblyJock - Wednesday, March 25, 2015 - link

    It's "locked" to your (one) device.
    No more access "wherever you go"...
    I'm going to hate cracking their OS when no doubt the camera fails... and they forgot their password... or worse, I'll have to figure out if it's the motherboard ID they are using, or a combo of hardware ID's to lock the "passport" - as when one of any fails - what happens - HDD/SSD/Mboard/CPU - which is it ?
    People already constantly refuse the "dual authentication" microsoft is trying to push on everyone already for email - I suspect people will really, really like the "I sit down it knows it's me" camera aspect (if presented as vaguely as possible for the paranoid).
    Yes, they will love how important they are if their computer recognizes them automagically.
    Reply
  • eanazag - Thursday, March 26, 2015 - link

    So soak the 3D printed head in water that is 98 degrees.

    Two factor authentication is still necessary.

    Yet, the biometric is only locally stored so the security concerns are only in cases where the attacker has physical access to a machine.
    Reply
  • tionls21 - Saturday, March 21, 2015 - link

    It was not always like Windows 10 to be such a nice computer. I can't wait to install it to my Windows pc. I love this Windows OS than Mac. At last, I find Windows Password Key is such a nice tool to reset Windows 10 login password. Reply

Log in

Don't have an account? Sign up now