Beefed up security and privacy
In an increasingly dangerous digital world in which Windows has long been the most popular attack vector, Microsoft focused a great deal of effort on beefing up security in this version of Windows. Perhaps the most important is one you won’t physically see: the removal of the extremely insecure and much-hacked SMBv1 networking protocol. A version of this protocol has been around in one way or another for nearly 30 years, beginning back in the ancient days of DOS, and has hung on despite its inherent insecurity. It was exploited by hackers in two of the biggest global ransomware attacks of all time, WannaCry and Petya.
Microsoft has long known that keeping this protocol around is a bad idea. Ned Pyle, principal program manager in the Microsoft Windows Server High Availability and Storage group, wrote in a blog more than a year ago, in September 2016: “Stop using SMB1. Stop using SMB1. STOP USING SMB1! ... The original SMB1 protocol is nearly 30 years old, and like much of the software made in the 80’s, it was designed for a world that no longer exists. A world without malicious actors, without vast sets of important data, without near-universal computer usage. Frankly, its naivete is staggering when viewed though modern eyes.”
In the Fall Creators Update, SMB1 is finally being put out to pasture … sort of. It won’t be included on clean Windows 10 installs, but SMBv1 components will remain on Windows machines that already have the protocol installed and are being upgraded. So it’s not quite completely gone, but this is a good first step.
Beyond that, the Windows Defender Security Center, the all-in-one app for keeping Windows secure, also gets an upgrade, including the Windows Defender Exploit Guard, which takes a variety of features from a retired enterprise secrurity tool called the Enhanced Mitigation Experience Toolkit (EMET) and embeds them directly into Windows. These include intrusion rules and policies to protect against a variety of threats, notably zero-day exploits.
There’s also a new anti-ransomware capability called Controlled Folder Access, in which only approved apps can get access to Windows system files and data folders. Microsoft determines which apps get access, but you can customize that. To turn the feature on, in the Windows Defender Security Center select “Virus & threat protection” > “Virus & threat protection settings,” then scroll down to “Controlled folder access” and move the slider to On. When you do that, you’ll also be able to customize how it works, including changing which folders should be protected and which apps should be allowed to access them.
Privacy is top of mind for a lot of people; there’s been some small improvement in the way that Windows handles it in this update. When you install an app from the Microsoft Store (the new name for the Windows Store in the update), you’ll be warned about what kinds of devices and capabilities it needs to access, such as your camera, microphone, contacts and calendar. You can then grant the app permission or deny it. Afterwards, you can change the permissions for any app by going to Settings > Privacy and then going to Microphone, Contacts, Calendar and so on and changing the permissions there.
Less-than-compelling Edge tweaks
Ever since it was introduced, Windows 10’s Edge has been the get-no-respect browser. Even though it’s the default browser for Windows 10, as of August 2017, only 17.7% of Windows 10 users ran Edge as their main browser, down from 39% when the browser debuted in 2015.
So Microsoft continues to enhance Edge, hoping to gain market share. As with previous improvements to the browser, however, the changes introduced in the Windows 10 Fall Creators Update aren’t particularly significant or compelling. If you didn’t use Edge before the Fall Creators Update, you’re unlikely to use it after.
Edge’s underwhelming Favorites handling has been improved. You can now more easily work with Favorites in a directory tree and edit their URLs. And the few people who may be enticed to switch to Edge from their existing browser can easily import their bookmarks into Edge.
Edge’s PDF-reading and EPUB e-books capabilities have been improved. You can now annotate both PDFs and e-books, and use ink-based notes when you do so. Edge can also now fill in PDF forms. And if you like your browser to read to you, you’ll be happy to hear that Edge can read PDFs, e-books and web pages out loud.
Microsoft has also added a feature to Edge that Microsoft’s earlier browser Internet Explorer had in Windows 8 — the ability to pin web pages to the taskbar. Another less-than-groundbreaking change is the ability to run Edge in full-screen mode, something other browsers have supported for years. And Microsoft claims that Edge renders pages faster, helped by a new version of EdgeHTML, the browser's rendering engine. In practice, I didn’t notice a difference.
All those are moderately useful improvements. But perhaps the browser’s most glaring drawback hasn’t been fixed: As I write this, Edge has only about 70 extensions available, even though it has been around for more than two years. Chrome and Firefox both have thousands of them.
The upshot: Edge remains inferior to the most popular browser, Chrome; nothing in this update has changed that.
There have been a host of other, more minor changes as well. Those who use pens for inking will be happy to see there’s a new “Find My Pen” feature that shows you on a map the last place you used your pen, in case you lose it. Of course, that only goes so far, because you could have placed the pen somewhere when not using it, and this feature won’t help with that.
Microsoft also has something for an emoji-mad world in the update: A slew of new emojis as well as a simple way to enter them. Press the Windows key and the semicolon key simultaneously, and an emoji screen pops up.
The Action Center has also gotten a small, though useful, facelift. It now more clearly indicates the origin of notifications and groups them — for example, creating separate groups for Twitter posts, Skype requests, and so on.
Microsoft continues to bet that mixed reality (a.k.a. augmented reality) will be the Next Big Thing, and so it has added new mixed reality features in this update. With one, you can create 3D objects in Paint 3D, which was introduced in the previous Creators Update, then use the objects in mixed reality by combining them with photos that you take on your PC’s camera. In addition, the new Story Remix feature in the Photos app helps you create slideshows from your pictures and lets you add 3D objects from Microsoft’s Remix 3D database for more mixed reality fun. Finally, when the Fall Creators Update ships, a slew of companies plan to release Windows Mixed Reality headsets.
You can now also fine-tune the way that Windows, Office and Windows Store updates are delivered to your PC. New settings in Delivery Optimization (get there from Settings > Update & Security > Windows Update > Advanced Options > Delivery Optimization) let you set download and upload limits for updates. Click Advanced options to limit the amount of bandwidth used for downloading updates in the background, the amount of bandwidth used to upload updates to other PCs, and a total monthly upload limit.
And if your desktop apps have ever gotten blurry after you’ve switched displays and you’ve had to reboot your PC to fix the problem, you’ll be pleased with this new fix: Just restart the app. Voila — blurriness is gone. Or so Microsoft says. I haven’t had the problem with my desktop apps, so I couldn’t test out this feature myself.
Anyone who likes to peek under the hood to see how Windows is performing gets a nice little gift in the Task Manager. It now tracks GPU performance in the same way it had already done for CPU, RAM, disk access and networking. Every GPU in your PC shows up on the Performance tab, and you can track its usage there. And over on the Processes tab, you’ll be told which processes access which GPU.
Gamers will be especially pleased to hear that the company claims it’s fixed performance problems with games. Ever since the first Windows 10 Creators Update in April 2017, gamers have complained of sluggish performance, stuttering games, and dropped frames. This update is supposed to fix them. There are several other minor gaming improvements as well, including the addition of a toggle to the Game bar for turning Game mode on and off.
Finally, Microsoft is touting improvements in performance and stability, notably a power-throttling feature that reduces the CPU resources consumed by background apps, which should improve battery life on laptops, according to Microsoft.
What IT needs to know about the Fall Creators Update
The big security news for IT is the removal of the notoriously insecure SMBv1 networking protocol, as outlined in the “Beefed up security and privacy” section above. In this update, SMB1 won’t be included on clean Windows 10 installs, but SMBv1 components will remain if you do in-place upgrades on PCs that already have the component installed. If you have machines that include SMBv1, you’ll want to protect them. Follow this advice from Microsoft to disable SMBv1 on existing machines.
In addition, Windows Defender Advanced Threat Protection (ATP), a suite of tools introduced in Windows 10 that helps enterprise customers protect their users and networks against threats and respond to attacks, is being beefed up. Among other things, it will run on the Windows Server OS. This update also takes key features from Microsoft’s retired Enhanced Mitigation Experience Toolkit (EMET) and builds them directly into Windows 10 in a new feature called Windows Defender Exploit Guard.
Also part of ATP is Windows Defender Application Guard for Microsoft Edge, available only for Windows 10 Enterprise Edition. It was initially planned to be released along with the Windows 10 Creators Update released last spring, but wasn’t quite ready for prime time. With it, when a user visits an unknown or untrusted site, Edge gets launched inside a virtual machine using Hyper-V. In essence, it’s a new instance of Windows with its own memory, local storage, stored credentials, network endpoints and other settings determined by administrators. In that way, if malware tries to launch, it should be confined to the virtual machine and can’t harm the PC or spread throughout the network. The virtual machine and any malware it contains are discarded when the browsing session ends.
If you’re interested in learning more about the enterprise security features in the Windows 10 Fall Creators Update, read Microsoft's blog post “Announcing end-to-end security features in Windows 10.”
Some big news for IT over the summer was the release of Windows AutoPilot, a suite of cloud-based tools designed to make it easier to deploy and manage Windows 10 PCs. Windows AutoPilot also enhances Microsoft’s mobile device management capabilities and adds device health features to Windows Analytics, which offers insights into how IT can better deploy and support Windows 10.
Overall, Windows AutoPilot improves self-service deployments of Windows 10 PCs. Microsoft says the tool does away with many of the time-consuming tasks typically required to deploy a new Windows 10 device, such as building images and gathering drivers. When new Windows 10 devices are purchased, information about them is sent to an enterprise so that IT can start configuration in the cloud before the computers are even received. Users can then complete the deployment themselves by logging in and following prompts. It works with Azure Active Directory (AAD) and Intune’s mobile device management (MDM) services.
In the Fall Creators Update, Microsoft says Windows AutoPilot will also improve MDM by making it easier to configure baseline security settings such as account and logon policies. It can also configure Windows Firewall rules. Beyond that, it adds new kiosk configuration and management features. Other enhancements include a new reset feature that maintains the MDM management and AAD connection, enhanced personalization capabilities and self-service Active Directory domain join.
Windows Analytics’ new Device Health tool gathers information from how PCs perform in an enterprise, and based on that, identifies potential issues and outlines steps to resolve them. Microsoft claims, “This reduces helpdesk calls and support costs, saving time and money.”
Enterprises also get more control over what kind of information Windows Analytics gathers for the IT staff. The current Windows Analytics service gathers information from each PC about hardware and software installed, crashes and other data that can help admins keep computers running more smoothly. In order to improve users’ privacy, IT staff can limit the information collected by Windows Analytics to only diagnostic data.
Read the Microsoft blog post “Delivering the Modern IT promise with Windows 10” for more details about Windows AutoPilot, Windows Analytics and more.
Finally, IT admins should also know that users can set bandwidth limits for downloading Windows updates using the new Delivery Optimization capabilities described earlier in this story.
The bottom line
Like the first Windows 10 Creators Update, the Fall Creators Update doesn’t dramatically change the way Windows 10 works or looks. Microsoft is continuing its stay-the-course approach to its twice-a-year updates. The Windows 10 you’ll see before the update is largely the Windows 10 you’ll see after the update.
Still, there are some useful changes, notably OneDrive Files On-Demand, some nice Cortana improvements and better security. Edge, however, hasn’t been much improved, and the new feature linking Android and iOS phones to Windows 10 is largely a bust.
This all adds up to a modest improvement in Windows — not a bad thing, considering that Windows 10 is a solid, stable operating system free of the bugs and design disasters that bedeviled Windows 8.
As for how Microsoft will further develop Windows in the next six-month update, code-named Redstone 4, the Timeline feature that was dropped from the Fall Creators Update will most likely be included. Beyond that, time will tell. As we did this update, we’ll be with you every step of the way, reporting on every single build as it’s released.