Since Microsoft officially revealed Windows 11 on June 24, many users have found themselves excited or confused about some of the company’s changes to the OS. Not only is Windows 11 getting a huge overhaul, but Microsoft also will require TPM 2.0, a special security chip currently only used by professionals in the business and IT sectors. Microsoft is leaning heavily on claims that TPM 2.0 will help Windows better defend against cyberattacks. “The purpose of a TPM chip is to protect user credentials, encryption keys, and other sensitive data on your hard drive against potential malware and ransomware attacks,” Kenny Riley, an IT expert and technical director at Velocity IT, explained to Lifewire in an email. “TPM chips have several use cases that enhance the overall security of PCs.”
Pushing Security
Riley says that TPM chips can offer a multitude of PC security advantages, including support for fingerprint readers, facial recognition like Windows Hello, and of course, data encryption. TPM chips are currently used in many enterprise PCs to take advantage of Microsoft’s BitLocker software, which can encrypt data stored on your hard drive to protect it from cyberattacks. Microsoft says TPM 2.0 is just one way it’s working to improve security in Windows 11. One point of contention that’s been popping up since the reveal is that Microsoft says Windows 11 won’t support older PCs. This is because the operating system is designed to take advantage of features offered on newer processors, like virtualization-based security (VBS) and hypervisor-protected code integrity (HVCI). Essentially, these two types of protections can help stave off common malware and ransomware attacks. While TPM has been causing some confusion because of Windows 11, it isn’t new technology. “TPM chips have been included in most enterprise-grade PCs since 2016, so if your computer is relatively new, this requirement shouldn’t affect you,” Riley explained. However, he noted that some non-enterprise computers or PCs older than 2016 might require updated hardware or even need to be replaced to offer TPM 2.0 access.
What’s the Deal?
With the reveal of Windows 11, Microsoft also released a new PC Health App designed to help users determine if their PC is capable of running Windows 11. Because Windows hasn’t required TPM in the past, many PCs that offer the feature don’t have it turned on. Originally, the app simply said that the user’s PC didn’t support TPM. However, the app was updated to provide a bit more clarity before being removed completely. Now, the Microsoft page where the app is available says it’s “Coming Soon.” The real reason that this is such a big deal, though, is because consumers confused by the requirement have been purchasing new systems or looking into purchasing TPM chips that they can install themselves. While that’s definitely an option, Riley says you should first check to see if your PC supports it before putting any money on the table.
Rising Concerns
Some experts also are cautious about what actual benefits TPM will add at the moment, and say that Microsoft’s big push feels more like a call to get users to upgrade their machines than an actual push to update security in the OS. “TPM isn’t the holy grail of cybersecurity, however, it can be a useful element,” Dirk Schrader, global vice president of security research at New Net Technologies, told Lifewire in an email. “As these chips and their firmware are man-made, there will be vulnerabilities discovered, as was the case in past implementations of TPM. Pushing this ‘security story’ is—at least in part—a deviation from other security issues still lurking in Microsoft’s family of products and an attempt to convince consumers to upgrade fast.” Additionally, John Bambenek, a threat intelligence advisor at Netenrich, says that Microsoft’s move won’t stop the current attacks plaguing most consumers. “Microsoft is trying to use ransomware, a threat this defense won’t stop, as a way to justify what probably is a good security move generally, but one everyone else but Microsoft is going to have to pay for. The move, however, isn’t really going to stop the most relevant attacks for most consumers or enterprises,” Bambenek said.