Windows 11: The long migration


The beta testing of Windows 11 will be starting soon and its release reminds me a lot of the transition from Windows XP to Vista. Or Vista to Windows 7. We’ve been living in a world where approximately 75% of computers are on Windows 10 with most of the others running Windows 7. Soon, we’ll be in a  world where most PCs will be running an operating system (Windows 10) that will be still getting serviced until at least 2025.

So as you take in all the hype over Windows 11, one thing to keep in mind is this: it will be a long migration process to Windows 11.

Another thing to remember is that we are just at the beginning of the sausage-making process for Windows 11. The ingredients are still being measured and identified, the cook is still in the kitchen testing how the dish tastes and users are already complaining about some of the menu changes being introduced in Windows 11.

For example, Windows 11 will require you to log into a Microsoft account when setting up Windows 11 Home. While the idea behind this mandate may be to increase password security — especially when cracking and hacking passwords is one way attackers come after us — the requirement is causing a few to balk. I’ve already seen people such as Joel Hruska say they will never log into a Windows computer with a Windows account

. That said, folks have already figured out “when Windows 11 Home asks users to join an Internet network, a simple ‘Alt + F4’ shortcut closes the prompt and the screen goes straight to the local account creation page.” At least for the beta, people that love to fiddle with computers have found a workaround.

So why is Microsoft mandating this? It wants people to stop using (and re-using) the same password to login and on various websites. The reuse of passwords has led to some of the biggest ransomware attacks as attackers figured out that most people don’t properly handle credentials. Microsoft wants to mandate passwordless logins to consumers from day one. Will that be in place when Windows 11 is released to the public? We’ll see.

The next high hurdle everyone is complaining about is the Trusted Platform Module (TPM) chip. requirement This is a specially designed chip that assists with security surrounding credentials. During the boot process, the boot code that’s loaded (including firmware and the OS components) can be measured and recorded in the TPM and verified that they haven’t been tampered with. Microsoft is mandating that systems have TPM based on 2.0 specifications. Many PCs in recent years that shipped with TPM 1.2 enabled can also upgrade to 2.0. Sometimes this process is made easy by simply starting  the boot sequence and changing the support from 1.2 to 2.0. In other cases, TPM 2.0 has to be enabled with a firmware update.

In testing this process with my own HP desktop and a Lenovo laptop, I found I needed a firmware update for the HP, but only a boot-sequence change for the Lenovo. Both processes also required that I de-encrypt the hard drive first, then re-encrypt my data. The mandate for TPM 2.0 arises from very specific

requirements: the module allows for what’s called secure-core computers. The idea of “Dynamic Root of Trust for Measurement” (DRTM)  has been talked about for years and is the underlying trust mechanism for Intel’s Trusted Execution Technology (TXT) and AMD’s Secure Virtual Machine (SVM) technology. It uses platform-level enhancements to provide run-time protection and guarantee.

If your computer was bought in the last few years, it may already have a TPM chip. But it’s either not enabled or it uses the older 1.2 version. We’ve already seen reports that prices of third-party TPM 2.0-capable chips have increased in price. From what I’ve seen, the typical blocker is not the TPM chip, but the processor.

In my testing, this was the real make-or-break issue. Microsoft listed the processors on which it will support Windows 11. Most of the Intel, AMD, and Qualcomm processors on the list are recent, leaving those with older equipment out in the cold. What does this mean? It’s a sure sign that we’ve returned to the Microsoft of old, where we have to buy our way into the newer operating system. In the last few years, we’ve gotten used to being able to throw Windows 10 on just about any hardware. (I have a laptop with a 32GB hard drive that I constantly fight with over hard drive space and CPU performance. Microsoft should have never let OEM vendors sell computers with that configuration.)

When it comes to Windows 11, worry more about what processor you have and how old your computer is, less about TPM.

With last week’s flurry of stories about Windows 11, a lot of people think it’s already been released. We are a long way from that happening. These requirements may change — and probably will. But I’ll bet they won’t change so that every single computer currently running Windows 10 will be able to install Windows 11. Microsoft is drawing a line in the sand and I think the big reason is ransomware.

We have to stop the scourge of ransomware — and doing so won’t be easy. It will require outlawing ransom payments and increasing the security of our computers. Clearly, Microsoft wants computers to be more secure, but will these mandates stay in place? Remember, we’ve just started the beta process when the software sausage will be made. It won’t be pretty. And during the process even underpowered machines will be likely to run Windows 11, even if they’re shut out later on.

In the meantime, if you are interested in seeing what the next version of Windows is like and want to help guide that process, you can sign up as a Windows insider. There are a lot of decisions still to be made — and a lot of sausage to grind.