The BSI Examines Windows 10 in Detail
As the Federal Office for Security and Information Technology (BSI) has now announced, the project "Study on System Integrity, Logging, Hardening and Security Functions in Windows 10 (SiSyPHuS Win10)" will examine the overall security and residual risks when using the Microsoft operating system. According to the BSI, the aim is to identify framework conditions for the safe use of Windows 10 and to draw up practical recommendations for hardening and safe use.
The investigation is based on Windows 10 Version 1607, 64 Bit from the Longterm Servicing Channel (LTSC) and will include the components Telemetry Service, Trusted Platform Module (TPM), Virtualization based Security, Windows Powershell, Compatibility Application Infrastructure, Driver and Patch Management. Scripts and tools, which will be created within the framework of the project, as well as project chapters, will be made publicly available for download by the BSI on GitHub.
In the course of its announcement, the authority has already published a first project part dealing with the analysis of the Windows 10 telemetry service. Telemetry collects system and usage information and sends it to the manufacturer. According to Microsoft, this data is anonymized and used exclusively for diagnostics and improvements. The collection and transmission can be switched off technically, but this is difficult for the "normal" user to do.
The recommendations for hardening the operating system are written in German and are primarily intended to provide practical support to federal and state authorities as well as companies. However, the BSI also calls on technically experienced citizens to implement their recommendations.