Facepalm: Microsoft's Huge Incoming Windows 11 Security Upgrade Requires A Clean Install
According to a recent post on the Microsoft Security Blog, the latest security update to Windows 11 will include a new enhancement known as Smart App Control. For users of the OS to take advantage of the feature, Microsoft states that "Devices running previous versions of Windows 11 will have to be reset and have a clean installation of Windows 11..."
Smart App Control for Windows 11 looks to expand upon the application and code-signing model that Microsoft introduced with Windows Vista. The first iterations of application signing were much-maligned due to inconsistencies in developers adhering to the signing functionality at the time. Today it is less of a problem, and there are some easy bypasses for developers. The reason for the reinstall of Windows requirement is related to a core OS change that allows the feature to interact directly with hardware. Most notably the TPM module, a key component in security hardware and even software today, and a requirement for Windows 11 installs. There may be other headaches as well, though.
These annoyances aside, there are a large number of significant improvements in security for this update. One major change is additional protection for the Local Security Authority. While there was an update to Microsoft Defender for this at the enterprise level recently, consumers had to sit tight. The update also includes improvements to Microsoft Defender SmartScreen for phishing detection, and Credential Guard will be on by default.