[velcrovan]

… and all those things that Windows 10 “supports“ can be much more easily bypassed without TPM and secure boot. Lots of things not to like about Win11 but force-dragging their manufacturers and customers into 2010s era security is long overdue.

[nottorp]

> much more easily bypassed without TPM and secure boot

How does secure boot help against a browser vulnerability exploitation? Especially on Windows?

And if we're talking local attacks, there's always the $5 wrench to bypass the TPM.

> force-dragging their manufacturers and customers into 2010s era security is long overdue.

Spoken like someone who gets the newest tech toy without having to think if they can afford it. How much are your lattes?

[account42]

> How does secure boot help against a browser vulnerability exploitation? Especially on Windows?

It will eventually do that by only allowing you to run microsoft-approved signed software. Of course no sane person should want that but it's what all this is building towards.

[nottorp]

> only allowing you to run microsoft-approved signed software

That means it will only browse microsoft.com?

[zb3]

Would you pay for my security? If not then, well, "be quiet".

[anonymars]

What? TPM and Secure Boot aren't new at all. Fine let's remove one machine from the set:

I support various machines owned by my family that are hardware encrypted spanning across the last 10 years. All work on Windows 10, use Secure Boot, and are encrypted with TPM and Bitlocker (or that invisible Home edition "device encryption" version). They don't support Windows 11.

Even the extreme outlier machine has TPM. This nonsense is not about security. What threats are actually affecting people's computers these days? What is this going to do against phishing and scammers? What new security features are present in Windows 11 and not 10 that are so critical to justify throwing out hundreds of millions of machines?