Microsoft Backtracks: Older PCs Won’t Receive Windows 11 Security Updates
Update 1:33 PM: An earlier version of this story focused entirely on the fact that Microsoft will allow older hardware to install Windows 11 unofficially, even if the company neither recommends nor supports it. Since this story was written, Microsoft has released new information that points to a substantial loophole within that loophole. This meaningfully changes our opinion of the original scenario and this article has been rewritten to reflect that change.
On Friday, two Windows 11 news stories broke. First, Microsoft announced it was standing mostly firm on its PC hardware requirements for Windows 10. Second, The Verge broke news that Windows 11 would be perfectly installable on older systems that Microsoft has deigned not to support, including some machines that met its TPM requirements and supported the necessary features in-hardware, but that the company left off the list anyway. The company also updated its PC Health Check app to deliver more information on whether your system is qualified to install Windows 11.
This sounded like a good workaround and we noted that Microsoft has a history of offering stealth upgrades. Windows 10’s official upgrade program ended a year after launch, except you can still upgrade systems with a Windows 7 or Windows 8 license to Windows 10 for free. This seemed to set a precedent for Microsoft’s willingness to quietly support the enthusiast community.
Unfortunately, Microsoft has decided to follow a different precedent. Several years ago, Microsoft deployed a Windows 7 update that prevented the OS from receiving future updates if the end-user was running a too-modern CPU. Now we’ve learned that while enthusiasts may be allowed to install Windows 11, Microsoft may deny them access to security updates. The Verge writes: “Microsoft has since told The Verge that unsupported PCs won’t be entitled to receive Windows Updates, and that even security and driver updates may be withheld.”
Not receiving Windows feature updates is no penalty at all and manually handling driver updates is not an issue, either. It might be mildly annoying for some people, but that’s it. The idea of Microsoft refusing security updates, however, is unprecedented. When the company blocked new systems from installing Windows 7 it could point to the fact that it had launched not one, but two new operating systems since Windows 7, with significant built-in security advantages. We’re not declaring that a fabulous argument, but it was a pro-consumer argument. Today, not so much.
Pirates Get Updates, Enthusiasts Don’t?
There was a time when Microsoft considered the problem of people using Windows in a way it didn’t like and came to a very different conclusion. Microsoft’s decision to introduce product keys that required online verification when it launched Windows XP was deeply controversial.
One of Microsoft’s strategies for nudging people towards paying for a legitimate copy of Windows at the time was to lock certain file downloads behind a verification check. If you weren’t running a legitimate copy of Windows, you weren’t allowed to download certain applications or non-critical files. But even while Microsoft was wielding a heavier hand to shove people towards buying a legitimate copy of Windows, it made a few very smart exceptions: People who pirated Windows still received all security updates. I believe they also retained the ability to download certain critical files, like DirectX.
Microsoft was dead set on limiting piracy of its products, but it recognized that an unprotected OS installation is an unprotected OS installation and that Windows security mattered too much to allow piracy to prevent it. There are now more than 1.3 billion people running Windows 10 worldwide according to Microsoft. Yet when faced with a similar situation today, Microsoft has reached a different conclusion.
It is very odd to see Microsoft talking about improving the security of its new operating system while simultaneously leaving itself the option to block security updates to any group of customers. One of the most basic rules of security is that a system is only as strong as its weakest link. Allowing enthusiasts to install Windows 11 while making it impossible to use in a secure fashion is not a nod to the enthusiast community. It’s not an effective or acceptable compromise and it will not be perceived as any kind of good faith option. It would also be the first time that Microsoft ever created an upgrade path that was deliberately, consciously less secure than the OS before it. That’s not a line any company should cross, ever, under any circumstances.
It would be better for Microsoft to kill the unofficial loophole altogether than to allow Windows 11 installation but block security updates. The entire PC market has been trained to expect each new version of Windows to be at least as secure as the previous version. That’s been the pattern for decades. Furthermore, we know there’s nothing so catastrophically wrong with Windows 10 that would force Microsoft to rush a new operating system to market because the company is going to support Windows 10 for almost four more years. If Windows 10 is safe enough to use until October 14, 2025, then there is no realistic possibility that a PC running Windows 11 on older hardware represents some kind of security problem unless Microsoft starts blocking security updates.
If there is a loophole to install Windows 11 on older hardware, it will be used. Some companies that sell PCs will refresh the OS image to make the system seem newer without needing to update the hardware. Some people will get all the way through the upgrade or fresh installation process, only to discover they’ll no longer get security updates and must now unwind the OS installation or fall back to Windows 10. Rolling back to an older version of an operating system always carries a risk that the machine will be less stable than it was before and it’s not much fun to copy data and prep for a new OS install only to discover post-installation that you can’t actually use the product.
Restricting feature updates and driver installations is fine. Security updates are a bridge too far. Take a lesson from your earlier self, Microsoft, because you used to know the answer to this question. Take no action that undermines the overall security of the PC ecosystem in the name of improving it. People who steal Windows 11, at this point, look more likely to get security updates than people who install legal versions on older hardware.
Note: As of 1:33 PM, this story has been updated with additional information from Microsoft.
Continue reading
The Best Smart Home Security Systems
Once a niche business with a few traditional players and some startups, home security systems are now a major battleground for not just security companies, but several internet giants. We round up highlights of the most popular options for 2020.
Microsoft: Pluton Chip Will Bring Xbox-Like Security to Windows PCs
Intel, AMD, and Qualcomm are working to make Pluton part of their upcoming designs, which should make PCs more difficult to hack, but it also bakes Microsoft technology into your hardware.
Security Researcher: ‘solarwinds123’ Password Left Firm Vulnerable in 2019
SolarWinds, the company at the center of the massive hack that hit US government agencies and corporations, doesn't exactly use cutting-edge password techniques.
A File Sharing App With 1 Billion Downloads Has a Major Security Flaw
Trend Micro says SHAREit is a security nightmare that could allow intruders to sneak a peek at your data or even install malware. Perhaps most troublingly, the developers have not responded to Trend Micro's warnings.